§ 00 · Install
Install Espada
in three minutes.
Espada is a single self-hosted binary. No agent installer. No
background daemon. No telemetry. The shell installer below
works on macOS and Linux — it picks the right tarball, verifies
the signature, and puts espada on your PATH.
Quick install — macOS & Linux
$curl -fsSL https://espadafirewall.com/install.sh | sh
If you don't pipe shell installers from the internet (smart):
download the per-platform tarball from
the releases page, verify it against the
SHASUMS256.txt signed with the project release key
0xE3F7…AC81, and put the extracted binary on your
PATH.
macOS — Homebrew
$brew install espada-firewall/tap/espada
The formula lives in the
Espada-Firewall/homebrew-tap
repository. Inspect
Formula/espada.rb
before installing. The tarball is fully self-contained — no
pnpm install or postinstall scripts run at install
time.
Docker
$docker run --rm -it -v $PWD:/workspace espada/espada:latest espada initFrom source
$git clone https://github.com/saifaldin14/Espada-Auto.git$cd Espada-Auto && pnpm install && pnpm build$./bin/espada --versionReproducible builds via Bazel. The published binary should match the locally-built one bit-for-bit. If it doesn't, file an issue — it's a release-security bug.
First run
$espada init --self-hosted$espada run -- claude refactor infra/staging
On first run, Espada generates a local audit-chain root, asks
for the policy profile (default: strict-production),
and prints the path to the audit database. From that point on,
every agent action goes through the firewall.
VERIFIED / / sha256:9d72e3…f041a8