A block count is not an audit record.
If an agent guard says it blocked 200 actions, I still need to know whether those blocks were correct.
Were they real risks?
Were they false positives?
Did the policy match the intended scope?
Did the guard normalize the action correctly?
Could a human reviewer reproduce the decision later?
For agent safety, I care less about the headline count and more about the decision record behind each allowed or blocked action.
A useful receipt should include:
- requested action
- tool or capability
- actor / session / run id
- normalized params or params hash
- policy or rule version
- decision
- reason code
- evidence or replay pointer
- result
This is the thinking behind Armorer Guard.
Repo:
https://github.com/ArmorerLabs/Armorer-Guard
And it pairs with Armorer, the local control plane around agent setup, jobs, logs, approvals, and recovery:
https://github.com/ArmorerLabs/Armorer
The goal is not to make agents timid. The goal is to make agent decisions inspectable enough that teams can actually trust, debug, and improve them.
Top comments (0)