Sunglasses is a filter that sits ahead of your Warp AI agent. Always ON. Every command output, file, or web fetch the Warp agent reads — the filter scans first. This page walks through the Warp MCP wiring.

Who this page is for

Warp users running the AI agent on their terminal. Command output is a real attack surface — malicious repos, hijacked docs, compromised tools can all plant prompts in what your terminal agent reads.

The command

# In Warp: Settings → AI → MCP Servers → Add { "name": "sunglasses", "command": "python", "args": ["-m", "sunglasses.mcp"] }

Add Sunglasses to Warp's MCP server list. Warp added MCP support recently. Open AI Settings → MCP Servers → add the sunglasses entry. Warp's agent can now scan command output and web content before acting on it.

Benefit: Terminal output from unknown repos is a top-tier attack surface for AI agents. The filter catches prompt-injection lurking in log lines, README files, and tool responses.

Install Sunglasses first

If you haven't installed Sunglasses on your machine yet, do this first in a fresh terminal:

python3 -m venv sunglasses-env
source sunglasses-env/bin/activate
pip install --upgrade sunglasses

On modern macOS and many Linux systems, your system Python may block direct installs. A small virtual environment keeps the install clean. Windows: replace source sunglasses-env/bin/activate with sunglasses-env\Scripts\activate.

Full walkthrough in progress. The core command and identity are ready. Detailed step-by-step screenshots, real-world attack examples, and troubleshooting are being added.

FAQ

How do I protect the Warp AI agent from prompt injection?

Add Sunglasses as an MCP server in Warp's AI settings. The scan tool becomes available to the agent — which can call it before acting on command output or web fetches.

Does this work with Warp Drive and Warp's agent mode?

Yes. Any Warp AI feature with MCP tool access can call the Sunglasses scan tool.

What attacks hit terminal agents specifically?

Malicious README files in cloned repos, hijacked tool output, poisoned error messages, and compromised package metadata are common attack surfaces when AI agents read terminal output.

Is there any cloud dependency?

No. Sunglasses runs as a local Python process. Warp talks to it over stdio.

Can I make scans mandatory?

Add a rule in Warp's AI system prompt telling the agent to call sunglasses.scan_text before acting on command output.

Where this wiring fits

Sunglasses is one filter with many wiring options. This page covers Warp. Other wiring paths:

Same filter underneath. Different wiring based on your stack.