Quill

A pre-execution gate that sits between Claude and the MCP servers your agent calls. Every tool invocation passes through three checks: audit logging with HMAC-signed JSONL, namespace scoping against session-declared allowlists, and risk-gated approval for destructive operations like rm -rf, DROP TABLE, git push --force, or production deploys. Critical-risk actions require typing the action name back to prevent yes-fatigue mistakes. When a call gets blocked, you receive an out-of-band notification (macOS banner, email, Slack, webhook) with context and a one-shot approval token you can run from your phone. Plugs into Claude Code's PreToolUse hook for built-in tools (Bash, Edit, Write) and proxies external MCP stdio calls. Built for the moment between "let the agent handle it" and discovering what it actually tried to handle.