AgentGuard is a high-performance security proxy that sits between your AI agent and the real world. Every tool call, task delegation, and payment transaction is intercepted and validated against your custom policy before execution.
- ⚡ Blazing Fast: Built in Go, adding <1ms overhead to your agent pipeline.
- 🔌 Protocol Agnostic: Native support for MCP (Model Context Protocol), A2A, and ATXP.
- 📜 Policy-as-Code: Human-readable YAML policies to allow, block, or escalate sensitive actions.
- 🙋 Human-in-the-Loop: Seamlessly pause risky tool calls for manual approval via Dashboard or Slack.
- 💰 Spend Control: Set granular daily USD limits and token-bucket rate limits per agent.
- 🔒 Zero Trust: HMAC-SHA256 request signing ensures agents can't spoof their identity.
docker run -p 7777:7777 \
-e AGENTGUARD_UPSTREAM_URL=http://your-api:8080 \
-v $(pwd)/policy.yaml:/app/policy.yaml \
bhuvanprakash/agentguard:latestversion: "1"
default: block
agents:
- id: billing-agent
allow:
- tool: read_invoice
escalate:
- tool: send_payment # Requires human approval
block:
- tool: delete_record
spend_limit_daily_usd: 50.00AgentGuard intercepts JSON-RPC and REST calls from your agents. It evaluates the "Tool/Call" intent against your rules:
- Identity Verification: Validates the
X-Agent-HMACsignature. - Safety Check: Intercepts "Irreversible Tools" (like
drop_table). - Policy Evaluation: Matches the agent ID and tool name.
- Enforcement:
ALLOW: Forwards directly to the upstream.BLOCK: Returns a403 Forbidden.ESCALATE: Returns202 Acceptedand waits for approval.
| Language | Package | Install |
|---|---|---|
| Node.js | agentguard |
npm install agentguard |
| Python | agentguard |
pip install agentguard |
While the proxy is fully standalone, you can connect it to the Nascentist Dashboard for:
- 📈 Real-time spend analytics
- 📱 Mobile approval notifications
- 🛠️ Drag-and-drop policy editor
- 🔐 Managed agent secret storage
Distributed under the Apache License 2.0. See LICENSE for more information.
Built by Bhuvan Prakash for nascentist.com