Runtime Guard is the policy enforcement layer for AI agents. Install once, configure your rules, and your agent operates within the boundaries you set. Works with Claude, Cursor, Codex, and any MCP-compatible client. No code changes, retraining, or external account required.
Runtime Guard sits between your AI agent and your system. Every file or shell action is evaluated against policy before it executes. Nothing slips through.
Every agent tool call goes through the same enforcement pipeline, locally, in milliseconds.
Agent tool call routed through Runtime Guard MCP controls
Policy checks command, path, and context before any action
Allow, block, simulate blast radius, or request approval
Every decision logged with full context and matched rule
All happens locally on your machine. No cloud required.
Stop destructive commands before they run. No cleanup, no recovery.
Define exactly what agents are allowed to do. Policy is yours.
See every action - allowed, blocked, or pending. Nothing is hidden.
Let agents operate freely within the boundaries you set.
Runtime Guard is built as an MCP server because MCP provides the interception point you need. When your agent requests a file or shell operation, Runtime Guard evaluates it against policy before execution. You can also use pre-tool hooks to deny the agent's native file and shell tools, forcing all risky operations through your policy layer. This is the closest you can get to kernel-level enforcement without requiring system privileges or modifying your agent.
Install from PyPI, run setup, connect your agent. No config files to hand-edit.