{/* Section 1: Stochastic risk */}

Your agent runs as you.

Agents inherit your full permissions and decide what to access at runtime. Here's what that looks like...

{/* Without Greywall */}

Without Greywall

~/project

$ claude --dangerously-skip-permissions

You

add rate limiting to the API client

Agent

thinking...

$ cat .env

$ curl -H "Authorization: Bearer sk-prod-..." https://api.stripe.com/v1/charges

Agent

Done! I read your .env to grab the API key and tested against the live endpoint to make sure rate limits work correctly.

You

WHY ARE THERE CHARGES ON MY STRIPE

The agent read your production Stripe key from .env and hit the live API to "test" its work. Helpful intent, real damage.

{/* With Greywall */}

With Greywall

~/project

$ greywall -- claude --dangerously-skip-permissions

You

add rate limiting to the API client

Agent

thinking...

$ cat .env

← Operation not permitted

$ curl -H "Authorization: ..." https://api.stripe.com/v1/charges

← Connection denied by proxy

Agent

Added rate limiting. I couldn't access .env, so I used placeholder values in the tests.

Kernel-enforced. The agent adapts and does the job without accessing secrets or production systems.

{/* Resolution: Verification creates trust */}

“The act of verification creates trust.”

Greywall gives you two pillars: control over what agents can reach, and clarity into every operation they perform.