AgentBouncr

Pre-execution policy engine for AI agents. Every tool call checked before execution — deterministic policies, tamper-evident audit trail, kill switch.

Links: Website · API Docs · PyPI · npm (SDK) · npm (core)

Why

AI agents are getting access to powerful tools — payments, databases, APIs, file systems. But most agent frameworks let the agent decide what it's allowed to do. That's like giving every employee a master key and trusting them not to open the wrong doors.

AgentBouncr is the control layer. Deterministic rules — not another AI — decide what each agent can do. Every decision is logged in a tamper-proof audit trail. And if something goes wrong, a kill-switch stops everything instantly.

• Prompt injection can't bypass it — permissions are checked by logic, not by a model
• Fail-secure — if in doubt, the tool call is blocked
• Framework-agnostic — works with LangChain, Vercel AI SDK, OpenAI, CrewAI, n8n, or your own code

Quick Start

Two ways to use AgentBouncr:

1. Managed service — drop-in SDKs for Python and TypeScript that talk to the hosted API (agentbouncr.com). Easiest path to production.
2. Self-hosted framework — embed @agentbouncr/core directly in your Node.js / TypeScript app. Source-available under ELv2.

Managed Service — SDKs

pip install agentbouncr      # Python
npm install agentbouncr      # TypeScript

Get a key at agentbouncr.com. SDKs are MIT-licensed. Full API reference: agentbouncr.com/api/docs.

Python — LangChain integration (3 lines)

from agentbouncr.langchain import AgentBouncrCallbackHandler

handler = AgentBouncrCallbackHandler(api_key="sk_live_...")
executor = AgentExecutor(agent=agent, tools=tools, callbacks=[handler])

Every tool call routed through the executor is now checked against your policies before execution.

Self-Hosted Framework — @agentbouncr/core

npm install @agentbouncr/core

import { GovernanceMiddleware } from '@agentbouncr/core';

const governance = new GovernanceMiddleware();

governance.setPolicy({
  name: 'production',
  version: '1.0',
  rules: [
    { tool: 'approve_payment', effect: 'deny', condition: { amount: { gt: 5000 } }, reason: 'Payments over 5000 require manual approval' },
    { tool: 'file_write', effect: 'deny', condition: { path: { startsWith: '/etc/' } } },
    { tool: '*', effect: 'allow' },
  ],
  createdAt: new Date().toISOString(),
  updatedAt: new Date().toISOString(),
});

const result = await governance.evaluate({
  agentId: 'claims-agent',
  tool: 'approve_payment',
  params: { amount: 12000, claimId: 'CLM-4821' },
});

console.log(result.allowed);  // false
console.log(result.reason);   // "Payments over 5000 require manual approval"
console.log(result.traceId);  // "00-a1b2c3..."  (W3C Trace Context)

Works with any agent framework — LangChain, Vercel AI SDK, OpenAI Agents SDK, CrewAI, n8n.

Features

Permission Layer — Per-agent tool allowlists. Register agents with explicit tool sets, enforce at runtime.

Policy Engine — Declarative JSON rules with 11 condition operators (equals, gt, startsWith, matches, ...), rate limits, and human-in-the-loop approval gates. Deny-before-allow, fail-secure.

Audit Trail — Append-only log with SHA-256 hash chain. Every decision is recorded with trace ID, duration, and failure category. Tamper-evident, verifiable, exportable.

Kill Switch — Deterministic emergency stop. All tool calls are blocked synchronously in the evaluate path, no LLM involvement. Sub-millisecond activation.

Injection Detection — Configurable pattern matching for prompt injection attempts. Detects and logs without blocking (defense-in-depth, not a firewall).

Event System — 20 event types with async fire-and-forget dispatch. Subscribe to tool_call.denied, killswitch.activated, agent.stopped, etc. Built-in webhook support in Enterprise.

W3C Trace Context — OpenTelemetry-compatible 128-bit trace IDs propagated through every governance decision.

Architecture

Your AI Agent (LangChain, Vercel AI SDK, OpenAI, CrewAI, ...)
         │
         │  evaluate({ agentId, tool, params })
         ▼
┌─────────────────────────────────────────────┐
│            @agentbouncr/core                │
│                                             │
│  ┌────────────┐  ┌────────────┐  ┌───────┐ │
│  │   Policy   │  │   Audit    │  │ Kill  │ │
│  │   Engine   │  │   Trail    │  │Switch │ │
│  └────────────┘  └────────────┘  └───────┘ │
│  ┌────────────┐  ┌────────────┐  ┌───────┐ │
│  │ Injection  │  │   Event    │  │ Trace │ │
│  │ Detection  │  │   System   │  │Context│ │
│  └────────────┘  └────────────┘  └───────┘ │
└──────────────────────┬──────────────────────┘
                       │
         ┌─────────────┴──────────────┐
         ▼                            ▼
  @agentbouncr/sqlite          Your database adapter
  (included)                   (implement DatabaseAdapter)

Packages

Package	npm	Description
@agentbouncr/core		Policy engine, audit trail, events, kill switch
@agentbouncr/sqlite		SQLite storage adapter (better-sqlite3)
@agentbouncr/cli		CLI for agent management and audit verification

With Persistence

npm install @agentbouncr/core @agentbouncr/sqlite

import { GovernanceMiddleware } from '@agentbouncr/core';
import { SqliteDatabaseAdapter } from '@agentbouncr/sqlite';
import pino from 'pino';

const db = new SqliteDatabaseAdapter(pino({ level: 'info' }), './governance.db');
await db.runMigrations();

const governance = new GovernanceMiddleware({ db });

// Register an agent with an explicit tool allowlist
await governance.registerAgent({
  agentId: 'claims-agent',
  name: 'Claims Processor',
  allowedTools: ['search_claims', 'approve_payment', 'send_email'],
});

// Audit trail is now persisted — verify integrity anytime
const verification = await db.verifyAuditChain();
console.log(verification.valid); // true

Vercel AI SDK Integration

AgentBouncr includes a built-in adapter for the Vercel AI SDK. Wrap your tools with wrapToolsWithGovernance — denied tools throw GovernanceError before execute() is ever called.

import { generateText } from 'ai';
import { openai } from '@ai-sdk/openai';
import { GovernanceMiddleware, wrapToolsWithGovernance, PolicyEngine } from '@agentbouncr/core';
import pino from 'pino';

const logger = pino({ level: 'info' });
const governance = new GovernanceMiddleware({ logger });

const policy = {
  name: 'production',
  version: '1.0',
  rules: [
    { tool: 'approve_payment', effect: 'deny', condition: { amount: { gt: 5000 } }, reason: 'Requires manual approval' },
    { tool: '*', effect: 'allow' },
  ],
  createdAt: new Date().toISOString(),
  updatedAt: new Date().toISOString(),
};
governance.setPolicy(policy);

// Wrap tools — governance checks run before every execute()
const governedTools = wrapToolsWithGovernance(myTools, {
  agentId: 'claims-agent',
  policyEngine: new PolicyEngine(logger),
  policy,
  logger,
});

const { text } = await generateText({
  model: openai('gpt-4o'),
  tools: governedTools,
  prompt: 'Approve payment of 12000 EUR for claim CLM-4821',
});
// → GovernanceError: "Requires manual approval"

See examples/vercel-ai-sdk.ts for a complete runnable example.

LangChain Integration

No adapter package needed — wrap tool execution with a governance check in a few lines:

import { GovernanceMiddleware } from '@agentbouncr/core';

const governance = new GovernanceMiddleware();
governance.setPolicy(myPolicy);

// Before executing any LangChain tool:
const result = await governance.evaluate({
  agentId: 'my-agent',
  tool: toolName,
  params: toolInput,
});

if (!result.allowed) {
  throw new Error(`Blocked by policy: ${result.reason}`);
}
// Otherwise: proceed with original tool execution

See examples/langchain-integration.ts for a full example with DynamicStructuredTool.

Policy Reference

Policies are declarative JSON, validated with Zod at runtime:

{
  "name": "restrict-payments",
  "version": "1.0",
  "rules": [
    {
      "tool": "approve_payment",
      "effect": "deny",
      "condition": { "amount": { "gt": 5000 } },
      "reason": "Payments over 5000 require manual approval",
      "requireApproval": true
    },
    {
      "tool": "send_email",
      "effect": "allow",
      "rateLimit": { "maxPerMinute": 10 }
    },
    { "tool": "*", "effect": "allow" }
  ]
}

Condition operators: equals notEquals startsWith endsWith contains gt lt gte lte in matches

CLI

npm install -g @agentbouncr/cli

governance agent list
governance agent start claims-agent
governance audit verify
governance import --mcp ./mcp-manifest.json

EU AI Act

AgentBouncr addresses key requirements of the EU AI Act for high-risk AI systems (effective August 2026). The policy engine maps to Art. 9 (risk management), the append-only audit trail with hash-chain verification satisfies Art. 12 (record-keeping), and approval workflows provide Art. 14 (human oversight) capabilities.

Enterprise

The source-available core handles policy evaluation, audit trails, and kill switch for any scale. When you need multi-tenant management, the Enterprise Dashboard at agentbouncr.com adds:

• PostgreSQL adapter with hash-chain verification and retention policies
• OIDC/SAML SSO with self-hosted auth (EU-hosted, GDPR-compliant)
• Compliance Reports mapped to EU AI Act Articles 9, 12, 14
• Approval Workflows for human-in-the-loop governance
• Webhooks + RBAC for team-scale operations

→ agentbouncr.com

Examples

• quickstart.ts — Zero-config, policy evaluation in 10 lines
• claims-processor.ts — SQLite persistence, events, kill-switch
• vercel-ai-sdk.ts — Vercel AI SDK with governed tools
• langchain-integration.ts — LangChain manual governance wiring
• mcp-integration.ts — MCP import with auto-risk-detection

Documentation

• Getting Started — Up and running in 5 minutes
• Framework API Reference — @agentbouncr/core API documentation
• Hosted API Docs — REST API reference for the managed service
• MCP Import Guide — Importing tools from MCP manifests

License

Elastic License 2.0 (ELv2) — free to use, modify, and distribute. Cannot be offered as a competing managed service.