SYSTEM ONLINE
FREE & OPEN SOURCE
v1.0.5
USERS: 0
★ GITHUB STARS: ...
⬡ LOCAL-FIRST · ZERO DATA EXPOSURE · OPEN SOURCE

GUARDIAN RUNTIME

A Python SDK that sits between your AI app and any LLM intercepting every prompt and response to enforce security policies, block data leaks, and detect threats. Everything runs locally.

pip install guardian-runtime VIEW QUICKSTART
$ pip install guardian-runtime
✓ Successfully installed guardian-runtime

$ guardian_runtime proxy --port 8080
✓ Proxy started on port 8080. Zero-Config Mode Active.

# Claude Code tries to send an .env file...
🚨 [SECRET_DETECTED] AWS key AKIAIOSFODNN7EXAMPLE found — BLOCKED

# Agent gets stuck in an infinite loop...
🚨 [BUDGET_EXCEEDED] Daily budget of $10.00 exceeded. Current spend: $10.05 — BLOCKED

$
// THE WHY, WHAT & HOW

THE PROBLEM & THE SOLUTION

THE PROBLEM

Developers Are Flying Blind

1. The Cost Risk: CLI coding agents (Claude Code, Cursor, Aider) run autonomously. If they get stuck in an infinite retry loop or parse a massive log file, you wake up to a $50 API bill. You have zero visibility into session costs until the bill arrives.

2. The Security Risk: Coding agents have full access to your workspace. If you accidentally leave an AWS_SECRET_KEY or .env credential in a file, the agent will silently upload it to a third-party LLM provider.

THE SOLUTION

A Developer-First Local Firewall

Guardian Runtime is a zero-latency FinOps and Security firewall. It runs entirely on your local machine and sits directly between your coding agents and the LLM provider.

Session Analytics & Hard Budgets: Automatically tracks tokens and costs per session via the CLI. It sets a hard $10/day default limit so infinite loops never drain your credit card.

Local Secret Scanning: Instantly intercepts and blocks API keys, AWS credentials, and .env secrets from ever leaving your local machine. Zero configuration required.

// ARCHITECTURE

THE SECURITY PIPELINE

👤
SOURCE
User Input
──▶
🛡
FIREWALL
Secret Guard
──▶
OPTIMIZER
Token Trim
──▶
🤖
TARGET
LLM API
──▶
💰
FINOPS
Budget Enforcer
──▶
CLEAN
Safe Response
EVERY PROMPT IS SCANNED BEFORE IT LEAVES YOUR MACHINE.
EVERY RESPONSE IS VALIDATED BEFORE IT REACHES YOUR USER.
ZERO DATA LEAVES YOUR INFRASTRUCTURE.
// CAPABILITIES

PLATFORM FEATURES

01
💰
Hard Local Budgets
Configure a strict daily budget so runaway agents or infinite loops can't drain your API credits. Stops the bleeding instantly with zero cloud dependency.
FinOps Cost Control
02
🔑
Secret & Credential Firewall
Two-tier confidence engine catches exposed API keys with high accuracy. Blocks AWS, OpenAI, GitHub, Stripe, and .env files before they ever leave your laptop.
Zero-Config Local Parsing
03
📉
Token Optimizer
Automatically trims redundant tokens, conversational filler, and excessive whitespace from prompts before they hit the LLM. Passively saves you money on every request.
Token Reduction Auto-Savings
04
🌐
Universal Local Proxy
A built-in proxy server lets you intercept traffic from CLI agents (Claude Code, Aider) without modifying their source code. Perfect for solo developers or internal tools.
Claude Code Aider LangChain
05
🏴‍☠️
Jailbreak & Unsafe Command Defense
Pattern-matched detection for DAN variants, instruction overrides, and system prompt extraction attempts. Stops adversarial prompts from hijacking your agent.
DAN Injection
06
📊
Session Analytics Dashboard
Automatically tracks tokens, costs, and blocked requests for all your CLI tools in real-time. Instantly view your exact daily spend with the analytics command.
Visibility CLI Metrics
// DEPLOY IN MINUTES

QUICKSTART

01
Install
Zero external dependencies for core detection. Optional extras for proxy and dashboard.
pip install guardian-runtime
02
Wrap your LLM call
Drop Guardian between your app and any LLM. One import, one object, fully governed calls.
from guardian_runtime import GuardianRuntime

gr = GuardianRuntime()

# Your normal LLM call — now governed
response = gr.complete(
  model="gpt-4o",
  messages=[{"role": "user", "content": user_input}]
)

# response.blocked → True if threat detected
# response.violations → list of what was caught
# response.estimated_cost_usd → spend this call
03
Configure your policy (optional)
Guardian works zero-config out of the box. But if you want to enforce strict budgets or enterprise PII blocking, create a policy.yaml file.
version: "1.0"
agents:
  default:
    cost:
      daily_budget: 10.00
      max_input_tokens: 50000
    input_guard:
      pii_detection: true # Opt-in for enterprise SSN/Credit Card blocking
04
Use the CLI Tools
Guardian comes with built-in terminal tools for management and local logging.
# Initialize local log directories (~/.guardian_runtime/logs)
guardian_runtime init

# View Session Analytics (Cost & Tokens per CLI tool)
guardian_runtime analytics

# Tail live security threat logs
guardian_runtime logs --tail 20

# Start the local interception proxy
guardian_runtime proxy --port 8080
// MECHANICS

WHAT HAPPENS WHEN GUARDIAN BLOCKS?

01. WHERE WILL THEY SEE IT?

If using the Proxy, developers see the block instantly inside the UI of their tool (e.g. Claude Code chat) and in the background proxy logs.

If using the SDK, it surfaces in their standard Python server logs.

02. HOW IS IT BLOCKED?

Zero crashes. In Proxy mode, Guardian cleanly returns a standard HTTP 400/403 error. This ensures CLI agents display an error message gracefully instead of crashing their process.

In SDK mode, it raises a standard Python Exception.

03. WHAT DO THEY SEE?

No obscure stack traces. They see a completely transparent, actionable string telling them exactly what policy they violated.

Example: 🚨 [BUDGET_EXCEEDED] Daily budget of $10.00 exceeded.

// INTEGRATION GUIDES

HOW TO USE GUARDIAN

01
Custom Python Apps (Chatbots, RAG)
If you are building your own AI application in Python, use the SDK directly.
This gives you full programmatic control over policies and error handling.
# 1. Install the package
pip install guardian-runtime

# 2. In your code, wrap your LLM calls
from guardian_runtime import GuardianRuntime
gr = GuardianRuntime.from_policy("policy.yaml")

# Instead of calling OpenAI/Anthropic directly:
response = gr.complete(
  messages=[{"role": "user", "content": "My SSN is 123-45-6789"}]
)
$ python run_chatbot.py

# Guardian intercepts before the network call:
Traceback (most recent call last):
  File "run_chatbot.py", line 12, in <module>
GuardianRuntimeBlockedError: 🚨 [PII_DETECTED] 1 Policy Violations:
  - SSN number found in prompt. Severity: HIGH.
02
Developers (Claude Code or Aider Users)
Stop CLI agents from getting stuck in loops and blowing your API budget. Guardian's zero-config local proxy sits between your agent and Anthropic/OpenAI.
# 1. Install Guardian and start the Proxy
pip install guardian-runtime
guardian_runtime proxy --port 8080

# 2. Tell Claude to use the proxy
export ANTHROPIC_BASE_URL=http://localhost:8080
claude
# Claude attempts to read an .env file to fix a bug...

Claude> I will check your .env file for the AWS credentials.
Reading .env...
Sending context to Anthropic...

# Guardian Proxy blocks the HTTP request instantly:
Error: HTTP 403 Forbidden. 🚨 [SECRET_DETECTED] AWS key AKIAIOSFODNN7EXAMPLE found.
03
Enterprise Teams (LangChain, AutoGen)
Working at a company? Use Guardian to enforce strict policies across all internal AI tools so your employees don't accidentally leak customer PII or proprietary code.
# Wrap any LangChain or AutoGen client
from langchain_openai import ChatOpenAI

# Point your framework to the local proxy:
llm = ChatOpenAI(
  model="gpt-4o",
  base_url="http://localhost:8080"
)
chain.invoke({"input": user_query})
# LangChain Trace:
[chain/start] [1:chain:AgentExecutor] Entering Chain run
[llm/start] [1:chain:AgentExecutor > 2:llm:ChatOpenAI] Entering LLM run

[llm/error] [1:chain:AgentExecutor > 2:llm:ChatOpenAI] [0ms] LLM run errored
BadRequestError: Error code: 400 - {'error': {'message': '🚨 [BUDGET_EXCEEDED] Daily budget of $50.00 exceeded.', 'type': 'policy_violation'}}
04
Document Converter (Zero-Code)
If you process large PDFs or Word documents for RAG, they often contain massive amounts of formatting bloat. Use the built-in CLI to instantly clean and convert them into pure Markdown.
# Simply pass any PDF or DOCX file to the CLI:
guardian_runtime convert financial_report.pdf \
  --out clean_report.md
$ guardian_runtime convert financial_report.pdf --out clean_report.md

⛨ GuardianRuntime Document Converter
Processing: financial_report.pdf...

✓ Conversion Complete!
  • Original File: financial_report.pdf
  • Token Count: 14,205
  • Saved to: clean_report.md
05
Session Analytics (FinOps)
Guardian automatically tracks your spend across every CLI tool and script you use. Never wonder how much a Claude Code refactor cost you again.
# At the end of the day, just run:
guardian_runtime analytics

# Or see all-time history:
guardian_runtime analytics --all
$ guardian_runtime analytics

⛨ GuardianRuntime Session Analytics (Today)
──────────────────────────────────────────────

Claude Code
Cost: $2.3100
Requests: 54
Blocked: 3 (3 secret_detected)
Tokens: 82,000
DEPLOY IN 60 SECONDS
// FREE · OPEN SOURCE · LOCAL-FIRST · MIT LICENSE
⬡ GITHUB REPO READ THE DOCS