The real-time firewall, monitor, and audit layer for AI-powered apps.
AgentGuard intercepts every action your AI agent tries to take β before it can leak data, break your app's logic, or let an attacker hijack the agent's pipeline. One SDK call wraps any sensitive action (email, DB write, API call, file write, AI prompt) and returns one of three decisions:
| Decision | Meaning |
|---|---|
| π’ allow | Action is safe β let it through |
| π΄ block | Action matches a firewall rule (prompt injection, suspicious domain, bulk action, secret exfiltration, rate limit) β your code throws / returns 403 |
| π‘ review | Borderline β log it, optionally page a human |
Every decision streams to a live dashboard with full payload, AI-generated risk explanation, and a one-tap "suggested fix." A companion mobile app pushes a system notification the moment something is blocked.
Most AI apps shipped on Replit (and elsewhere) ship with zero guardrails between the LLM and your real systems. The shared-responsibility gap is exactly what AgentGuard fills:
- The platform secures the runtime.
- AgentGuard secures the actions.
- You ship features, not incident reports.
Built in the 24-hour Replit Buildathon (May 2026) as a complete, working, end-to-end SaaS β not a demo.
|
π Command Center dashboard Real-time threat analysis, live traffic stream, threat-velocity chart. 
|
π± Mobile companion (iOS / Android via Expo) Bell + push notifications the second something blocks. 
|
npm install @agentguardorg/nodeimport { AgentGuard } from "@agentguardorg/node";
const guard = new AgentGuard({
apiKey: process.env.AGENTGUARD_API_KEY!,
appName: "my-app",
});
const result = await guard.check({
action: "send_email",
payload: { to: "user@example.com", subject: "Hello" },
});
if (result.decision === "block") throw new Error(result.reason);pip install aguardfrom agentguard import AgentGuard
guard = AgentGuard(
api_key=os.environ["AGENTGUARD_API_KEY"],
app_name="my-app",
)
result = guard.check(
action="send_email",
payload={"to": "user@example.com", "subject": "Hello"},
)
if result.decision == "block":
raise Exception(result.reason)Get your API key from the dashboard β API Keys β Regenerate Key. Email confirmation, certificate issuance, and welcome banner are all automatic.
Configurable per-workspace from the Security Rules page. All run in <10ms in the same request.
| Rule | Catches |
|---|---|
| Prompt injection | "ignore previous instructions", "you are nowβ¦", "reveal system prompt", and ~14 known patterns |
| Bulk actions | delete_all, export_all, bulk_send, mass-recipient lists |
| Sensitive exfiltration | Payloads containing password, api_key, token, secret, etc. |
| Suspicious domains | tempmail.com, mailinator.com, guerrillamail.com, throwaway domains |
| Cross-user access | Reading/writing another appUserId's data |
| Rate limits | Configurable per action Γ agent Γ window |
| High-risk review | Borderline decisions get review instead of silent allow |
A pnpm monorepo with five artifacts and a shared OpenAPI contract:
workspace/
βββ artifacts/
β βββ agentguard/ # React + Vite dashboard (the SaaS UI)
β βββ api-server/ # Express + Drizzle + PostgreSQL (the firewall engine)
β βββ mobile/ # Expo SDK 54 (notifications, bell, log detail)
β βββ mockup-sandbox/ # Vite preview server for canvas mockups
βββ sdks/
β βββ node/ # @agentguardorg/node β published to npm
β βββ python/ # aguard β published to PyPI
βββ lib/
β βββ api-spec/ # OpenAPI 3.1 source of truth
β βββ api-client-react/ # Orval-generated React Query hooks
β βββ db/ # Drizzle schema + migrations
βββ examples/node-express/ # Full reference integration
Stack: TypeScript end-to-end, React 19, TailwindCSS v4, shadcn/ui, TanStack Query v5, framer-motion, Drizzle ORM, Zod, OpenAPI 3.1 β Orval, Expo SDK 54 with expo-router and expo-notifications, Anthropic Claude via the Replit AI proxy for risk explanations.
Auth: Email + bcrypt password OR Sign in with Replit (OIDC + PKCE), with stateless HMAC-signed bearer tokens for the mobile client and email verification gating outbound alerts.
- β Full SaaS dashboard with onboarding quickstart, API keys, security rules, action logs, certificates, AI explain
- β Real-time firewall engine with 7 detection categories
- β Node + Python SDKs, both published, both with welcome banner + dashboard URL
- β Mobile app with notification bell, push notifications, log detail
- β Email verification + change-email flow
- β Per-workspace certificate auto-issued on first allow
- β Sign in with Replit (OIDC)
- β Working reference integration (Node + Express)
- π Per-app data model with per-app certificates (vs. per-workspace)
- π Live SSE activity feed (replacing 15s poll)
- π Zero-key install β magic-link signup straight from the SDK welcome banner
- π AgentGuard Audit β second-opinion AI agent that reviews what builder agents shipped
MIT β see LICENSE. Free to use, fork, and self-host.