Sage
May 26, 2026 · View on GitHub
Safety for Agents — Agent Detection & Response for AI coding assistants
Sage is a lightweight security layer that protects AI agents from executing dangerous actions. It intercepts tool calls — shell commands, URL fetches, file writes — and checks them against multiple threat detection layers before they run.
Note: Sage may appear under a different product name (e.g., Norton Sage, Avast Sage) depending on how it was installed. See Branding for details.
Key Features
- URL reputation — cloud-based detection of malware, phishing, and scam URLs
- Local heuristics — 300+ YAML-based threat patterns for dangerous commands, suspicious URLs, credential exposure, and obfuscation
- Prompt injection detection — two-tier defense (heuristics + fine-tuned ML model) against injected instructions in fetched content. See Prompt Injection
- Package supply-chain checks — registry existence, file reputation, and age analysis for npm/PyPI packages
- Plugin scanning — scans installed plugins for threats at session start
- AMSI integration — Windows Antimalware Scan Interface support (Windows + WSL via PowerShell interop; no-op on macOS and non-WSL Linux)
Quick Start
Visit ai.gendigital.com/sage for the latest installation instructions, or use the platform-specific guides below.
Claude Code — install guide · requires Node.js >= 18
/plugin marketplace add https://github.com/gendigitalinc/sage.git
/plugin install sage@sage
Cursor — install guide · install the Gen Sage extension from the marketplace
VS Code — install guide · install the Gen Sage extension from the marketplace
OpenClaw — install guide · install from npm
openclaw plugins install @gendigital/sage-openclaw
OpenCode — install from npm by adding to ~/.config/opencode/opencode.json:
{
"plugin": ["@gendigital/sage-opencode"]
}
See Getting Started for detailed instructions and User Guide for verification, configuration, and troubleshooting.
Privacy
For privacy considerations, please refer to Privacy.
Documentation
| Document | Description |
|---|---|
| User Guide | Verify install, handle alerts, manage false positives |
| Getting Started | Installation for all platforms |
| How It Works | Detection layers, data flow, verdicts |
| Configuration | All config options and file paths |
| Exceptions | Pattern-based allow/deny rules |
| Threat Rules | YAML rule format and what gets checked |
| Package Protection | npm/PyPI supply-chain checks |
| Plugin Scanning | Session-start plugin scanning |
| Prompt Injection | ML + heuristic prompt injection detection |
| AMSI Scanning | Windows antimalware scanning via AMSI |
| MCP Server | Shared MCP server architecture |
| Architecture | Monorepo structure and design decisions |
| Privacy | What data is sent, what stays local |
| Audit Log | On-disk JSONL schema (entries, signals, content) |
| Development | Building, testing, tooling, conventions |
| FAQ | Common questions |
Platform guides: Claude Code · Cursor / VS Code · OpenClaw · OpenCode
Contributing
See CONTRIBUTING.md for development setup, coding conventions, and the threat rule contribution process.
License
Copyright 2026 Gen Digital Inc.
- Source code: Apache License 2.0
- Threat detection rules (
threats/): Detection Rule License 1.1