- # Armorer Guard: runtime control should start at the tool call
The more I work on local agent systems, the less I believe static policy alone is enough.
Once an agent can actually read, write, send, or purchase, the runtime boundary becomes the real control point. That is where I want action classes, execution receipts, and a clear human stop point.
That is the direction I am exploring with Armorer Guard right now.
I do not think the interesting question is just 'can we scan prompts and outputs?'
I think the more useful question is:
- where should runtime control begin?
- what evidence should exist after a tool call?
- how should risky actions pause, continue, or escalate?
Repo for context: https://github.com/ArmorerLabs/Armorer
I would love feedback from people building with MCP, local agents, or self-hosted automation.
Top comments (0)