Your guardrails are advisory. The firewall makes them enforced.
A guardrail config pasted into your agent’s prompt is a request. A prompt-injected agent — or one that simply misreads a number — can ignore it. The Agent Firewall sits between your agent and your broker and enforces your policy on every single tool call, no matter what the agent believes.
Open source. Runs on your machine. Your agent never touches your credentials again.
How it works
Broker credentials move out of the agent and into the firewall on your machine. The agent only sees the firewall's policy-bounded tool surface — there is no second path to your account.
Per-trade and daily caps, ticker allowlists, trading hours, a frequency circuit breaker — checked deterministically on every tool call. Out of policy? Blocked, no matter how convinced the agent is.
If the firewall crashes, orders fail — your agent stops trading. The failure mode is never "trades unguarded." Every attempt, allowed or blocked, lands in a tamper-evident audit log.
The policy format is the same one the free Agent Safety Kit generates today — you’ve already written your firewall rules; this makes them unbreakable.
Free where it can be. Paid where it has to be.
The enforcement engine is open source and free forever — you should never have to pay to be safe on your own machine. Pro is the hosted layer that physically requires servers: $12/mo or $99/yr.
| Feature | Free (open source) | Pro |
|---|---|---|
| Policy enforcement — caps, allowlists, hours, circuit breaker | ✓ | ✓ |
| Approval gate for large orders | Terminal prompt | Approve from your phone |
| Kill switch | Local command | Remote, from anywhere |
| Audit log | Local file | Hosted dashboard, 90-day history |
| Real-time alerts (push / SMS / email) | — | ✓ |
| Anomaly flags & weekly digest | — | ✓ |
| Multi-agent / multi-account | — | ✓ |
Join the waitlist — lock $79/yr for life
The first 200 waitlist members who upgrade at beta get Pro for $79/yr, locked forever (vs. $99/yr after). One email when the beta opens — that’s it.
Go deeper
The full technical documentation — architecture, setup, the policy file, the security argument, and the SDK for developers.
Prompt guardrails are advisory — a manipulated agent ignores them. The Agent Firewall enforces your caps, allowlists, and kill switch in the tool path between agent and broker. Full architecture, explained.
The step-by-step walkthrough for putting the Agent Firewall between your AI agent and your broker — install, write your policy, rewire the MCP config, prove it blocks, and drill the kill switch.
Every rule in the Agent Firewall policy file — caps, allowlists, hours, approval gates, circuit breakers — with the exact evaluation order, the math behind each check, and the Safety Kit tier presets.
A guardrail in your agent's prompt is a request to a model — and injection, plain error, and context loss all defeat requests. The security principle that fixes it: move the policy decision outside the model.
A TypeScript policy engine for money-handling AI agents — pure functions, fail-closed, deterministic, with held-order approvals and a hash-chained audit log. The full API, with the design contracts that make it safe to embed.