Core product

Runtime Guard

Runtime Guard is the free, local-first enforcement layer for MCP agents. It works standalone, requires no account, and controls file and shell actions before execution.

What it is

A runtime control layer for AI agents

Runtime Guard sits between your AI agent and your system. Every file or shell action is evaluated against policy before it executes. Nothing slips through.

  • Block dangerous commands before they run
  • Require human approval for high-impact actions
  • Simulate wildcard blast radius before execution
  • Create backups before every destructive operation
  • Keep a full audit trail of every decision
Request flow
Agent
Runtime Guard
Policy
System
Every action is evaluated. Nothing bypasses policy.
Allowed - executed normally
Blocked - denied before execution
Approval required - paused for operator
Before / After
Without Runtime Guard
Agent runs commands directly on your system
No visibility into what actually executed
No way to stop destructive actions in progress
No rollback when things go wrong
Hope the agent understood the task correctly
With Runtime Guard
All actions evaluated before execution
Dangerous commands blocked automatically
Risky actions paused for human approval
Automatic backups before every overwrite
Full audit trail of every decision
How it works

Four steps. Every time.

Every agent tool call goes through the same enforcement pipeline, locally, in milliseconds.

1

Intercept

Agent tool call routed through Runtime Guard MCP controls

2

Evaluate

Policy checks command, path, and context before any action

3

Decide

Allow, block, simulate blast radius, or request approval

4

Audit

Every decision logged with full context and matched rule

All happens locally on your machine. No cloud required.

Key outcomes

What you actually get

Prevent damage

Stop destructive commands before they run. No cleanup, no recovery.

Stay in control

Define exactly what agents are allowed to do. Policy is yours.

Gain visibility

See every action - allowed, blocked, or pending. Nothing is hidden.

Experiment safely

Let agents operate freely within the boundaries you set.

Quick start

Up and running
in minutes

Install from PyPI, run setup, connect your agent. No config files to hand-edit.

  1. 1Install Runtime Guard from PyPI
  2. 2Run guided setup - paths and policy created automatically
  3. 3Connect your MCP agent and start enforcing policy
View full setup guide →
terminal
# install
pip install ai-runtime-guard

# guided setup
airg-setup

# verify everything is ready
airg-doctor