Govern what AI agents do,
not what they say.

Runtime policy enforcement for Claude Desktop, Claude Code, VS Code, OpenClaw, and more.

01Process & file ACLs

Block agents at the action.

Stop AI agents from running scripts or touching files outside policy — before the action takes effect, not after the fact.

LinuxBPF_LSM
macOSEndpointSecurity
Windowsnative enforcement

02Fail-closed by design

No silent passthrough.

If the policy daemon goes down, agents stop. Built for endpoint security, not LLM output filtering — the controls live in the kernel and at the syscall, not in the prompt.

03Strict · Guardrail · Observe

Pick your posture.

Three policy archetypes covering the spectrum from full lockdown to observe-only audit. Switch as your trust in agent behavior grows.

Strictdefault-deny + allowlist
Guardraildefault-allow + denylist
Observelog-only audit

Govern what AI agents do, not what they say.

Block agents at the action.

No silent passthrough.

Pick your posture.

Govern what AI agents do,
not what they say.