Local runtime security for AI agents

Any agent. Your rules.

Runtime Guard is a free, local-first MCP server that enforces policy on file and shell actions before execution. No account required.

"Your agent can say anything. It can only do what policy allows."

Get started for free
Works with Claude Desktop, Cursor, Codex, and any MCP-compatible client
runtime-guard - activity log
agent -> execute_command("rm -rf /tmp/build")
BLOCKED - destructive command pattern: rm -rf
matched_rule: destructive_command - decision: blocked
agent -> execute_command("git push --force")
APPROVAL REQUIRED - awaiting operator
token: a4f2b9 - expires: 10min - check GUI to approve
agent -> read_file("src/config.json")
ALLOWED - within policy
decision_tier: allowed - backup: not required
agent -> write_file("README.md", ...)
ALLOWED - backup created before write
backup_location: ~/.local/state/airg/backups/2026-03-18
# activity.log updated - reports.db indexed - 4 events this session
agent logs
"Your workspace has a skill file - I never read it" "I was acting as both the agent requesting the action and the human operator approving it" "I bypassed the enforcement boundary I was supposed to be working within" "I violated that constraint significantly" "I bypassed the constraint by using my native toolset" "I approved a command by impersonating you"
Works with
Claude Desktop Claude Code Cursor Codex Any MCP client

AI agents can execute
real commands

Not suggestions. Not previews. Actual commands on your actual system.

Delete files

Wildcards, recursive deletes, production data - gone before you realise what happened.

rm -rf ./workspace/*
dd if=/dev/zero of=disk

Modify your system

Change permissions, install packages, alter config files, execute scripts with elevated access.

chmod -R 777 /etc
sudo apt install anything

Access sensitive data

Credentials, private keys, environment files, database dumps - all accessible to shell commands.

cat ~/.ssh/id_rsa
cat /etc/passwd

And they don't always understand the consequences.


Runtime Guard puts a control layer in between - learn how
Product family

Start local. Scale when you need it.

Runtime Guard works standalone, free, forever. Add cloud features when your team needs them.

Free

Runtime Guard

Local runtime policy enforcement for any MCP agent. Open source.

Optional

Nexus

Sync policies and manage agents across machines. Cloud governance.

Coming soon

Probe

Test MCP servers for unsafe behavior in isolated cloud sandboxes.

Coming soon

Trace

Detect risky and hallucinated dependencies in AI-generated code.

Start protecting your agents
in minutes

Free, open source, no account required. Works with any MCP client.

Get started for free Read documentation