Analysis updated 2026-05-18
Block an AI agent from emailing sensitive data it just read from a file
Require human approval before an agent runs a risky command
Audit which tools an agent called and why a request was denied
Centrally manage access rules across many deployed agents
| whitzardagent/agentguard | amaravijayalakshmi216-collab/crop-recommendation-system | biansy000/mda | |
|---|---|---|---|
| Stars | 52 | 52 | 52 |
| Language | Python | Python | Python |
| Setup difficulty | moderate | moderate | hard |
| Complexity | 4/5 | 2/5 | 5/5 |
| Audience | developer | researcher | researcher |
Figures from each repo's GitHub metadata at analysis time.
Requires Docker and a running control server before agents can connect.
AgentGuard is a Python project that adds access control to AI agents that use external tools. When an AI agent, built on a framework like LangChain, AutoGen, or OpenAI's Agents SDK, wants to call a tool such as sending an email or running a shell command, AgentGuard checks the action against a set of policies before allowing it to proceed. Those policies are written in a standalone rule language rather than hard-coded into application logic. A policy can examine the agent's identity and trust level, the specific tool being called, the arguments being passed, and what the agent did earlier in the same session. This makes it possible to write rules like "if a low-trust agent reads a sensitive file and then tries to send an email, block it," covering multi-step patterns rather than just single tool calls. Policy conditions support numeric comparisons, set membership checks, regex matching, and combinations using AND, OR, and NOT. When a rule is triggered, AgentGuard can allow the action, block it outright, send it to a human for approval, or route it to an LLM for review. Policies can apply before a tool runs, after it finishes, or when it fails, depending on what the policy requires. Agents and tools can also be tagged with labels like trust level, boundary, and sensitivity, which policies can reference to apply differentiated controls. Adding AgentGuard to an existing agent requires minimal code changes using one of the provided adapters. The framework does not modify the agent's planning or reasoning code, it wraps only the tool layer. Adapters are currently available for LangChain, AutoGen, and the OpenAI Agents SDK, with more planned. A web console is included for configuring policies without writing rule code by hand. The dashboard shows real-time traffic, pending approval requests, and a full audit log explaining why each tool call was allowed or blocked. For teams running agents across multiple machines, AgentGuard uses a centralized server to manage policies and monitoring across the fleet. Docker is required to run the control server. The project is released under the MIT license.
A security checkpoint that reviews and approves, blocks, or escalates tool calls made by AI agents.
Mainly Python. The stack also includes Python, Docker, LangChain.
Use freely for any purpose, including commercial use, as long as you keep the copyright notice.
Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.