Real-time AI agent detection and response (AIDR) for Claude Code. Observes every prompt, tool call, permission request, and subagent — flags prompt injections, secret exfiltration, and destructive commands before they reach production.
One-line installer (recommended):
macOS / Linux:
curl -fsSL https://raw.githubusercontent.com/qualifire-dev/rogue-plugins/main/install.sh | bashWindows (PowerShell 5.1+, run as your normal user):
iwr -useb https://raw.githubusercontent.com/qualifire-dev/rogue-plugins/main/install.ps1 | iexPass credentials via environment variables before the one-liner when running non-interactively:
$env:ROGUE_API_KEY='rsk_xxx'; $env:ROGUE_ACTOR_EMAIL='you@co.com'; iwr -useb https://raw.githubusercontent.com/qualifire-dev/rogue-plugins/main/install.ps1 | iexThe one installer detects every supported coding agent and installs the matching
Rogue plugin into each — Claude Code, OpenAI Codex, and Cursor — writing
the shared ~/.rogue-env (%USERPROFILE%\.rogue-env on Windows) once. Claude and
Codex install through their native plugin CLIs (claude plugin install /
codex plugin add); Cursor has no plugin CLI, so its plugin is copied into
~/.cursor/plugins/local/rogue from the release tarball. The installer validates and
writes your API key, confirms your actor identity, and on macOS/Linux configures a
Rogue Security status badge below the Claude prompt (🟢 connected / 🔴 not set up).
To target specific agents instead of all detected ones, pass --claude, --codex,
and/or --cursor (PowerShell: -Claude / -Codex / -Cursor):
curl -fsSL https://raw.githubusercontent.com/qualifire-dev/rogue-plugins/main/install.sh | bash -s -- --cursorFor org-wide Cursor rollout, import this repo as a Cursor Team Marketplace (Dashboard → marketplaces) — that is Cursor's native managed/auto-update path, separate from the per-developer one-liner above.
Native Windows support requires no WSL or Git Bash: every hook ships both a POSIX
sh script and a PowerShell sibling, and exactly one runs per machine.
Manual install (inside Claude Code v2.1+):
/plugin marketplace add qualifire-dev/rogue-plugins
/plugin install rogue@rogue-marketplace
/rogue:setup
Get an API key at https://app.rogue.security/settings/api-keys.
.claude-plugin/plugin.json — plugin manifest
hooks/hooks.json — 11 lifecycle hooks; each fires an sh + a PowerShell entry
skills/setup/SKILL.md — /rogue:setup slash command
skills/status/SKILL.md — /rogue:status slash command
scripts/hook.sh — POSIX-sh + curl dispatcher (macOS/Linux/WSL)
scripts/hook.ps1 — PowerShell dispatcher (native Windows)
scripts/setup.sh / setup.ps1 — credential storage helpers
SessionStart, UserPromptSubmit, PreToolUse, PostToolUse,
PostToolUseFailure, PermissionRequest, Stop, SessionEnd,
SubagentStart, SubagentStop, ConfigChange.
All hooks are type: "command". Each event registers two entries — a POSIX
sh one (hook.sh, for macOS/Linux/WSL) and a PowerShell one (hook.ps1, for
native Windows) — and exactly one does real work per machine (hook.sh stands
down under Git Bash so the PowerShell entry owns Windows). They resolve
credentials from ${CLAUDE_PLUGIN_ROOT}/env (bundled), /etc/rogue/env /
C:\ProgramData\rogue\env (MDM), or ~/.rogue-env / %USERPROFILE%\.rogue-env
(per-user) at runtime, then POST the event payload to
https://api.rogue.security/api/v1/hooks/claude.
If ROGUE_API_KEY is empty, hooks return {} (allow) — fail-open by design,
so Claude Code never hangs on Rogue infrastructure issues.
| Command | Purpose |
|---|---|
/rogue:setup |
Walks through API-key entry, identity detection, and credential storage |
/rogue:status |
Pings the API, fetches active rulesets, shows mode + actor identity |
Credentials live in one file: ~/.rogue-env (mode 600). Hooks source it
on every fire — no shell-rc patching, no environment leakage to other tools.
export ROGUE_API_KEY=rsk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
export ROGUE_ACTOR_EMAIL=you@company.com
export ROGUE_ACTOR_NAME='Your Name'
System-wide MDM deployment can drop the same exports into /etc/rogue/env —
hooks check that path first.
To revoke: rm ~/.rogue-env (per-user) or sudo rm /etc/rogue/env (MDM).
Prepend rgx! to any prompt to allow it through and mark the previous
detection as a false positive in the dashboard. Per-prompt only.
https://app.rogue.security/aidr
- Claude Code v2.1+
- macOS / Linux / WSL: POSIX
shandcurlonPATH(both present by default) - Windows: PowerShell 5.1+ (built in). No WSL or Git Bash required — the
PowerShell dispatcher uses
Invoke-WebRequest.gitis needed for the installer (Claude clones the marketplace).
Proprietary. Copyright © Qualifire, Inc. All rights reserved. See LICENSE.