You've built an AI Agent. It's smart, it's fast, and it connects to the real world through tools and APIs.
Then one day it sends 400 emails. Or deletes a file it shouldn't have touched. Or calls a billing endpoint with a parameter you never anticipated.
Sound familiar? This is the unsolved reliability problem of agentic AI - and it's exactly why I built Guardio.
What Is Guardio?
Guardio is a policy enforcement proxy that sits between your AI agents and the outside world. Every call your agent makes - to an MCP tool, an external API, a database - passes through Guardio first. Guardio evaluates it against your rules, and only lets it through if it's allowed.
No AI in the middle. No second-guessing. Just deterministic, guaranteed enforcement of your policies.
The Problem It Solves
Modern AI Agent frameworks give agents a lot of power. That power comes with real risks:
- An agent hallucinates a parameter and calls a destructive endpoint
- A retry loop causes an API to be hit thousands of times
- Different agents in your system have different trust levels, but nothing enforces that
- You have no audit trail of what your agent actually did
Traditional middleware can catch some of this - but it requires custom code for every project, every tool, every edge case. Guardio makes it a configuration problem, not a code problem.
How It Works
When a message flows from your agent to a tool or API, Guardio intercepts it and runs it through a policy chain:
Getting Started in One Command
npx create-guardio
Follow the prompts, and Guardio will scaffold a ready-to-run project tailored to your setup.
A Real Policy Example
Here's what a policy looks like in practice - blocking any DELETE endpoint call:
import type {
PolicyPluginInterface,
PolicyRequestContext,
PolicyResult,
} from "../../interfaces/index.js";
import { logger } from "../../logger.js";
/**
* UI schema for the generic policy summary widget (agent + tool assignment).
* Any policy can use this in getUiSchema() to show the summary in the dashboard.
*/
export const POLICY_SUMMARY_UI_SCHEMA: object = {
effect: {
"ui:widget": "PolicySummary",
"ui:readonly": true,
"ui:label": false,
},
};
/**
* Deny tool access policy plugin: always blocks tool calls.
* Which tools are subject to this policy is determined by assignment outside
* of the plugin (e.g. which tools have this policy attached). No config.
*/
export class DenyToolAccessPolicyPlugin implements PolicyPluginInterface {
readonly name = "deny-tool-access";
getUiSchema(): object {
return POLICY_SUMMARY_UI_SCHEMA;
}
async evaluate(context: PolicyRequestContext): Promise<PolicyResult> {
logger.debug(
{ toolName: context.toolName, plugin: this.name },
"Tool blocked by deny-tool-access policy",
);
return {
verdict: "block",
code: "FORBIDDEN_TOOL",
reason: `The tool '${context.toolName}' is not allowed by policy.`,
};
}
}
Fully Pluggable Architecture
The best part of Guardio is that the core framework is just the engine - everything else is a plugin you own and control:
- Policy - Any TypeScript class
- Storage - PostgreSQL, MongoDB, Redis
- Event handlers - Webhooks, Slack, Datadog
This means Guardio adapts to your stack - not the other way around.
Who Is This For?
- Developers building AI Agents with MCP tools or external API integrations
- Teams that need audit logs of agent actions for compliance or debugging
- Anyone who's ever thought "I hope the agent doesn't do something weird in production"
What's Coming Next
This is an early release - the foundation is solid, and here's what's on the roadmap:
🔐 Per-agent permission scopes - assign different trust levels to different agents
🔌 Official plugin registry - community-contributed storage adapters and handlers
🧪 Simulation mode - dry-run your agent against policies before going live
Try It & Get Involved
🔗 GitHub: https://github.com/radoslaw-sz/guardio
📦 npm: npx create-guardio
If Guardio solves a problem you've run into, give it a ⭐ on GitHub — it genuinely helps. And if you have a use case you'd like to see supported, open an issue. The roadmap is being shaped by real problems right now.
Top comments (0)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.