Quickstart

Overwatch can be deployed in two ways depending on your use case: as an IDE extension for VS Code/Cursor, or as a CLI tool for command-line AI tools.

IDE Extension Installation

The Overwatch extension provides automatic protection for all MCP servers configured in VS Code or Cursor.

Installation Steps

1. Install from Marketplace

   • Open VS Code or Cursor
   • Go to Extensions (Cmd/Ctrl + Shift + X)
   • Search for "Overwatch: Code Agent Security"
   • Click Install

2. Configure Javelin API Key

   • Open Settings (Cmd/Ctrl + ,)
   • Search for "Overwatch"
   • Enter your Javelin API key in the Overwatch: Javelin Api Key field
   • Get your API key from https://sandbox.javelin.live or your Javelin instance

3. Automatic Activation

   • The extension activates automatically when you open a workspace with MCP server configurations
   • Check the status bar for "Overwatch: ON" to confirm protection is active
   • All MCP requests are now automatically secured

Quick Start Example

# No additional configuration needed after API key setup
# All MCP servers in your IDE config are automatically protected
# Check the Overwatch sidebar panel to view threat status

CLI Tool Installation

The Overwatch CLI tool wraps AI command-line tools to secure all LLM and MCP API calls.

macOS Installation (Pre-built Binaries)

npm install -g @getjavelin/overwatch

Linux Installation (Build from Source)

On Linux, you need to build the proxy binary from source first:

# Install Rust if not already installed
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

# Clone and build
git clone https://github.com/getjavelin/javelin-ramparts.git
cd javelin-ramparts
cargo build --release -p ramparts-proxy

# Install the binary
sudo cp target/release/ramparts-proxy /usr/local/bin/

# Now install Overwatch
npm install -g @getjavelin/overwatch

First-Time Configuration

On first use, Overwatch will prompt you to configure Javelin Guardrails:

🔧 Javelin Guardrails Configuration
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Get your API key:
  👉 https://sandbox.javelin.live

Enter your Javelin API Key: ****
Javelin API URL [https://sandbox.javelin.live]:

✅ Configuration saved successfully!

Configuration is saved to ~/.overwatch/config.json and used automatically.

Quick Start Example

Simply prefix any AI CLI tool with overwatch:

# Secure Claude CLI - ALL LLM and MCP calls intercepted
overwatch claude "Hello, how are you?"

# Secure llm CLI (Simon Willison)
overwatch llm "What is the weather today?"

# Secure Gemini
overwatch gemini "Explain quantum computing"

# Works with ANY AI tool
overwatch <your-ai-tool> [args...]

What happens automatically:

• Loads credentials from ~/.overwatch/config.json
• Applies default security policy
• Proxy auto-starts on available port (8081+)
• Environment variables set to route ALL API calls through proxy
• Your AI tool runs normally
• Every LLM call (OpenAI, Anthropic, Google, etc.) is secured
• Every MCP call (tools, resources, prompts) is secured
• All requests validated with Javelin Guardrails
• Secrets automatically blocked/redacted in responses

No exports needed! Configuration is automatic.

Platform Support

Platform	Support Level	Notes
macOS (Apple Silicon)	Full support	Pre-built binaries available
macOS (Intel)	Full support	Pre-built binaries available
Linux	Supported	Requires building proxy from source
Windows	Coming soon	Not yet available

Verification

Verify Extension Installation

1. Check the status bar for "Overwatch: ON" indicator
2. Open the Overwatch sidebar panel to see MCP servers
3. Run a command that uses MCP - it should be automatically protected

Verify CLI Installation

# Check version
overwatch --version

# Check configuration
overwatch config show

# Test with a simple command
overwatch claude "Hello, test"

Next Steps

Now that Overwatch is installed, explore these features:

• Configure Policies - Customize security policies for your organization
• Monitor Threats - View security threats and configure advanced controls
• Overwatch Overview - Learn more about Overwatch architecture and features

Troubleshooting

Extension Not Working?

1. Check that the extension is enabled in VS Code/Cursor
2. Verify your Javelin API key is set correctly in settings
3. Check the Overwatch output channel for error messages
4. Ensure MCP servers are properly configured in your IDE

CLI Tool Not Working?

1. Verify installation: overwatch --version
2. Check configuration: overwatch config show
3. Verify Javelin API key is configured
4. Check proxy status: overwatch proxy status
5. View proxy logs: overwatch proxy logs

Common Issues

Proxy fails to start:

• Check if port 8081 (or configured port) is available
• Verify firewall settings allow local connections
• Try manually starting: overwatch proxy start

Requests not being intercepted:

• Verify environment variables are set correctly
• Check that the proxy is running: overwatch proxy status
• Ensure you're prefixing commands with overwatch

Configuration not saving:

• Check file permissions on ~/.overwatch/ directory
• Verify you have write access to the config file
• Try running configuration again: overwatch config set

Related Documentation

• Overwatch Overview - Learn about Overwatch architecture and features
• Javelin Guardrails - Learn about the security engine powering Overwatch
• MCP Overview - Learn about Model Context Protocol