agent-guard 0.1.0

Linux control plane for AI agent security — trait surface and receipt types for BPF LSM, cgroup v2, Landlock, and seccomp sandboxing
Documentation

agent-guard

Linux control plane for AI agent security — defines the security trait surface and receipt types for agent sandboxing via BPF LSM, cgroup v2, Landlock, and seccomp.

Scaffold notice

This crate is a scaffold: it defines the security trait surface and receipt types, but does not implement any OS-level enforcement yet. The initialize() method only sets an internal boolean. No actual sandboxing is applied.

Do not rely on this crate for production agent containment. Until real enforcement is implemented, treat all security decisions as advisory.

What it gives you

  • ControlPlane — unified interface to Linux security mechanisms (BPF LSM, cgroup v2, Landlock, seccomp)
  • Subject — identity for an agent process requesting an action
  • Action / ActionType — typed action request with target paths and parameters
  • SecurityDecision — allow/deny/audit decision with reason and mechanism
  • SecurityMechanism — enum of Linux security mechanisms
  • Receipt types for audit trails of security decisions

Linux only

This crate is only available on Linux. On other platforms, all methods return errors indicating the platform is unsupported.

Quick start

use agent_guard::{AgentGuard, Subject, Action, ActionType};

let mut guard = AgentGuard::new();
guard.initialize()?;

let subject = Subject::new("agent-1");
let action = Action::new(ActionType::FileRead, "/tmp/sandbox");
let decision = guard.evaluate(&subject, &action)?;

Roadmap

  • BPF LSM enforcement
  • cgroup v2 resource limits
  • Landlock filesystem sandboxing
  • seccomp syscall filtering
  • Real initialize() with kernel-level setup

License

Apache-2.0