aport-guardrails

---

Deterministic pre-action authorization for AI agents. Guardrails run before tool execution, so prompt injection cannot bypass policy checks.

CTF Evidence

From the live APort Vault adversarial testbed:

Metric	Result
Total authorization decisions observed	4,437
Total attack sessions observed	1,151
Level 5 ("Vault") restrictive attempts	879
Level 5 ("Vault") successful breaches	0
Level 5 restrictive success rate	0%
Permissive baseline success rate (for comparison)	74.6%

• CTF Results
• CTF Replay
• CTF Leaderboard

Start Here

Install in 60 seconds

npx @aporthq/aport-agent-guardrails

• Choose your framework: openclaw, cursor, claude-code, langchain, crewai, deerflow, n8n
• Claude Code direct: npx @aporthq/aport-agent-guardrails claude-code
• Curl install URL: curl -fsSL https://aport.io/install.sh | bash -s -- claude-code
• Existing hosted passport: npx @aporthq/aport-agent-guardrails claude-code <agent_id>
• Reset a framework to a clean APort state: npx @aporthq/aport-agent-guardrails reset claude-code --yes

When prompted for passport setup, the choices are:

1. Create hosted APort passport now — recommended; creates a hosted passport and narrow setup key.
2. Use existing hosted passport ID — paste an existing agent_id.
3. Create local passport file — offline/local JSON passport.

For a new hosted setup, choose option 1. The installer creates a passport, creates a narrow setup key, writes the framework hook/config, and starts sending decisions to APort. For non-interactive installs:

npx --yes @aporthq/aport-agent-guardrails claude-code \
  --quick-hosted \
  --email you@example.com \
  --non-interactive

Equivalent environment-variable form:

APORT_OWNER_EMAIL="you@example.com" \
APORT_QUICK_HOSTED=1 \
npx --yes @aporthq/aport-agent-guardrails claude-code --non-interactive

Why Developers and teams trust APort

• Deterministic enforcement: runtime hook, not prompt instructions
• Fail-closed defaults: verification failures block risky actions
• Auditable decisions: each allow/deny is logged with context
• Open standard artifacts: Open Agent Passport (OAP) v1.0 passport and decision formats
• Research-backed outcomes: in a live adversarial testbed, permissive-policy success was 74.6% vs 0% under restrictive OAP policy (879 top-tier attempts)
• Low latency at production scale: cloud API verification p50 ~53ms at N=1,000
• Security docs: SECURITY.md, SECURITY_MODEL.md
• Backed by Peer-reviewed research: arXiv preprint (Mar 2026)

Fast path by persona

• I need OpenClaw now: docs/QUICKSTART_OPENCLAW_PLUGIN.md
• I already have agent_id: docs/HOSTED_PASSPORT_SETUP.md
• I’m deploying for an IT team: docs/ENTERPRISE_DEVICE_DEPLOYMENT.md
• I need framework setup docs: docs/frameworks
• I want Claude marketplace install: docs/frameworks/claude-code.md

Brand personality (optional)

Security should feel rigorous, not intimidating. Meet Porter, the APort mascot used across the product experience: Meet Porter.