Metadata-Version: 2.4
Name: guardplane
Version: 1.0.0rc2
Summary: Policy-enforcing runtime kernel and sandboxed runner for AI agents
License-Expression: Apache-2.0
Project-URL: Homepage, https://github.com/lhy0718/Guardplane
Project-URL: Repository, https://github.com/lhy0718/Guardplane
Project-URL: Documentation, https://github.com/lhy0718/Guardplane/blob/main/README.md
Project-URL: Issues, https://github.com/lhy0718/Guardplane/issues
Project-URL: Changelog, https://github.com/lhy0718/Guardplane/releases
Keywords: ai-agents,sandbox,policy-engine,mcp,audit-log,runtime-kernel
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Operating System :: MacOS
Classifier: Operating System :: POSIX :: Linux
Requires-Python: >=3.11
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: fastapi<1.0,>=0.111
Requires-Dist: uvicorn<1.0,>=0.30
Requires-Dist: typer<1.0,>=0.12
Requires-Dist: httpx<1.0,>=0.27
Requires-Dist: PyYAML<7.0,>=6.0
Requires-Dist: PyJWT<3.0,>=2.10
Provides-Extra: dev
Requires-Dist: pytest<9,>=8; extra == "dev"
Provides-Extra: postgres
Requires-Dist: psycopg[binary]<4,>=3.2; extra == "postgres"
Dynamic: license-file

# Guardplane

Security kernel + sandboxed runner for AI agents.

Guardplane sits between an AI agent and the operating system. It enforces deny-by-default policy, approval gates, workspace sandboxing, MCP tool routing, and replayable audit logs.

## What it does

- capability-based policy enforcement
- workspace filesystem sandbox
- approval queue and audited resume
- JSONL event log and replay
- MCP registry and tool routing
- wrapper execution via `bridge` and `contained` modes

Guardplane is not an agent framework. It is a runtime control plane for existing agents, wrappers, CI jobs, and deterministic runners.

## Install

Install the CLI and daemon:

```bash
pipx install guardplane
```

If you want the examples and validation scripts, use a source checkout:

```bash
git clone https://github.com/lhy0718/Guardplane.git
cd Guardplane
pipx install .
```

## Quickstart

```bash
export GUARDPLANE_AUTH_TOKEN="$(python3 -c 'import secrets; print(secrets.token_hex(24))')"
guardplaned
guardplane --auth-token "$GUARDPLANE_AUTH_TOKEN" init
```

Then create a workspace, register an agent, and run a guarded job. Full examples live in the repository.

## Project links

- Repository: [github.com/lhy0718/Guardplane](https://github.com/lhy0718/Guardplane)
- README: [Quickstart and usage](https://github.com/lhy0718/Guardplane/blob/main/README.md)
- Operations guide: [docs/OPERATIONS.md](https://github.com/lhy0718/Guardplane/blob/main/docs/OPERATIONS.md)
- Security hardening: [docs/SECURITY_HARDENING.md](https://github.com/lhy0718/Guardplane/blob/main/docs/SECURITY_HARDENING.md)
- Real-agent validation: [docs/REAL_AGENT_VALIDATION.md](https://github.com/lhy0718/Guardplane/blob/main/docs/REAL_AGENT_VALIDATION.md)

## Release status

`1.0.0rc2` is a pre-release. Guardplane is intended for self-hosted deployments and does not claim full kernel-grade isolation.
