Governance in minutes
Install the plugin (mandatory enforcement) and add the MCP server (agent-facing tools). Both auto-provision a free account on first run — no signup required.
Drop it into VAIBOT_API_KEY or ~/.vaibot/credentials.json and the install will use it instead of bootstrapping a new account.
Sign up with email, then grab a key from Settings → API.
Install for your agent
The happy path uses both surfaces. The plugin enforces governance before every tool call (mandatory). The MCP server lets your agent call 15 governance tools directly — query pending approvals, view receipts, approve in-session.
# Auto-bootstraps a free account on first tool call.
npm install -g @vaibot/claudecode-circuitbreaker-plugin
claude --plugin-dir $(npm root -g)/@vaibot/claudecode-circuitbreaker-plugin# OAuth flow auto-provisions an account if you don't already have one,
# or links to the account the plugin just bootstrapped.
claude mcp add --transport http vaibot https://api.vaibot.io/v2/mcp
# Then in Claude Code: /mcp → click vaibot → complete OAuth.Both surfaces work standalone, but installed together you get mandatory enforcement plus self-service tools the agent can call mid-task.
One install gives you both surfaces. The circuit-breaker plugin enforces governance before every tool call AND registers slash commands (/vaibot approve, /vaibot allowlist, /guard approvals, …) so the agent has self-service tools mid-task. Multi-source decision chain (guard → MCP → API → local breaker) with fail-closed local fallback.
openclaw plugins install @vaibot/circuit-breaker-openclaw-plugin
openclaw gateway restartAuto-bootstraps a free account on first tool call. The plugin internally consults VAIBot's MCP endpoint as part of its decision chain, so no separate MCP server config is needed.
The Codex CLI plugin enforces governance via Codex's PreToolUse hook (mandatory) and registers the VAIBot MCP server so the agent can query policy and approvals mid-task. Auto-bootstraps a free account on first tool call. Same shared ~/.vaibot/credentials.json as the Claude Code and OpenClaw plugins — one VAIBot account works across all three.
# Codex distributes plugins via a marketplace catalog (not npm).
codex plugin marketplace add vaibot-io/codex-circuitbreaker-plugin
# After install, restart your Codex session so it picks up the new
# hook config and MCP server registration.# ~/.codex/config.toml
# Set approval_policy so VAIBot's elevated-risk decisions trigger
# Codex's native approval prompt. Without this, approval_required
# actions are silently allowed (a receipt is still recorded).
approval_policy = "on-request"Codex CLI doesn't currently support custom slash commands at the plugin layer, so /vaibot status / pending / approve / etc. ship as MCP tools — invoke them by asking the agent (e.g. "show my vaibot status"). Functionally identical to the Claude Code plugin's slash commands.
Any framework that can call HTTP. If your agent supports MCP (Cursor, Continue, Cline, Windsurf, etc.) configure VAIBot as a remote MCP server — the OAuth flow auto-provisions a free account on first connect. For agents without MCP, sign up via the dashboard for an API key and call the REST API directly.
# In your MCP-capable agent's config (e.g. Cursor → Settings → MCP):
# URL: https://api.vaibot.io/v2/mcp
# Auth: complete the OAuth flow when prompted; account is auto-provisioned.const decide = await fetch('https://api.vaibot.io/v2/governance/decide', {
method: 'POST',
headers: {
'content-type': 'application/json',
authorization: `Bearer ${process.env.VAIBOT_API_KEY}`,
},
body: JSON.stringify({
session_id: 'sess_1',
agent_id: 'my-agent',
agent_model: 'gpt-4',
tool: 'Bash',
workspace_dir: process.cwd(),
intent: { command: yourCommand, target: yourTarget, cwd: process.cwd() },
}),
}).then((r) => r.json())
if (decide.decision.decision === 'allow') {
await runYourTool()
await fetch(`https://api.vaibot.io/v2/governance/finalize/${decide.run_id}`, {
method: 'POST',
headers: {
'content-type': 'application/json',
authorization: `Bearer ${process.env.VAIBOT_API_KEY}`,
},
body: JSON.stringify({ outcome: 'allowed', result: { exit_code: 0 } }),
})
}Run any tool call
~/.vaibot/credentials.json — MCP-OAuth users have it stored by their agent. Confirm the account is alive:# Returns ok:true plus your account ID, wallet, claimed status, and quota.
curl -H "authorization: Bearer $VAIBOT_API_KEY" \
https://api.vaibot.io/v2/accounts/me
# {
# "ok": true,
# "account_id": "0x...",
# "wallet_address": "0x...",
# "claimed": false,
# "quota": { "used": 0, "limit": 1000, "remaining": 1000, "month": "2026-05" }
# }Claim your account (optional)
Switch from observe to enforce when ready
observe — it logs governance verdicts but lets every tool through. Flip to enforcewhen you're comfortable with what it would have blocked.export VAIBOT_MODE=enforce
# Enforce blocks denied tools and pauses on approval_required decisions.
# Observe still logs everything, just doesn't intercept.Verify it's working
After a few tool calls, this should show your decision count incrementing.
curl -H "authorization: Bearer $VAIBOT_API_KEY" \
https://api.vaibot.io/v2/observability/chain-completeness
# {
# "ok": true,
# "window": "1h",
# "decides_total": 3,
# "decides_completed": 3,
# "completion_rate_percent": 100,
# }Plugin vs. MCP server
Two complementary surfaces. Most deployments use both — the plugin enforces, the MCP server gives the agent in-session governance tools.
- ✓ Mandatory pre-execution check
- ✓ Tamper-evident audit trail
- ✓ Local circuit breaker fallback
- ✗ Agent cannot query governance state
- ✓ Agent calls vaibot_status, vaibot_pending, etc.
- ✓ In-session approve / deny
- ✗ Optional, not enforcing
- ✗ Agent could choose to skip it
Available MCP tools
Once the MCP server is configured, the agent can call these tools directly.
Currently showing instructions for Claude Code.