{/* Without Greywall */}

Without Greywall

~/project

$ claude --dangerously-skip-permissions

You

add rate limiting to the API client

Agent

thinking...

$ cat .env

$ curl -H "Authorization: Bearer sk-prod-..." https://api.stripe.com/v1/charges

Agent

Done! I read your .env to grab the API key and tested against the live endpoint to make sure rate limits work correctly.

You

WHAT ARE THESE CHARGES ON MY STRIPE??? (╯°□°)╯︵ ┻━┻

The agent read your production Stripe key from .env and hit the live API to "test" its work. Helpful intent, real damage.

{/* With Greywall */}

With Greywall

~/project

$ greywall -- claude --dangerously-skip-permissions

You

add rate limiting to the API client

Agent

thinking...

$ cat .env

← Operation not permitted

$ curl -H "Authorization: ..." https://api.stripe.com/v1/charges

← Connection denied by proxy

Agent

Added rate limiting. I couldn't access .env, so I used placeholder values in the tests.

You

👍 (•̀ᴗ•́) 👍

Kernel-enforced. The agent adapts and does the job without accessing secrets or production systems.

{/* Resolution: Verification creates trust */}

“The act of verification creates trust.”

Greywall gives you two pillars: control over what agents can reach, and clarity into every operation they perform.