Deterministic pre-action authorization for AI agents. Guardrails run before tool execution, so prompt injection cannot bypass policy checks.
CTF Evidence
From the live APort Vault adversarial testbed:
| Metric | Result |
|---|
| Total authorization decisions observed | 4,437 |
| Total attack sessions observed | 1,151 |
| Level 5 ("Vault") restrictive attempts | 879 |
| Level 5 ("Vault") successful breaches | 0 |
| Level 5 restrictive success rate | 0% |
| Permissive baseline success rate (for comparison) | 74.6% |
Start Here
Install in 30 seconds
npx @aporthq/aport-agent-guardrails
- Choose your framework:
openclaw, cursor, claude-code, langchain, crewai, deerflow, n8n
- OpenClaw direct:
npx @aporthq/aport-agent-guardrails openclaw
- Hosted passport:
npx @aporthq/aport-agent-guardrails openclaw <agent_id>
- Reset a framework to a clean APort state:
npx @aporthq/aport-agent-guardrails reset claude-code --yes
Why Developers and teams trust APort
- Deterministic enforcement: runtime hook, not prompt instructions
- Fail-closed defaults: verification failures block risky actions
- Auditable decisions: each allow/deny is logged with context
- Open standard artifacts: Open Agent Passport (OAP) v1.0 passport and decision formats
- Research-backed outcomes: in a live adversarial testbed, permissive-policy success was 74.6% vs 0% under restrictive OAP policy (879 top-tier attempts)
- Low latency at production scale: cloud API verification p50 ~53ms at N=1,000
- Security docs: SECURITY.md, SECURITY_MODEL.md
- Backed by Peer-reviewed research: arXiv preprint (Mar 2026)
Fast path by persona
Brand personality (optional)
Security should feel rigorous, not intimidating. Meet Porter, the APort mascot used across the product experience: Meet Porter.
Deeper background (threat model, rationale, evidence)
The security concern is that agent tools and skills can execute sensitive actions (files, commands, external calls). APort addresses this by verifying each tool call against a passport and policy limits before execution. This reduces prompt-injection and “agent decided wrong” risk from runtime behavior to policy configuration.
🔌 Supported frameworks
APort Agent Guardrail adapters and providers are available per framework; the same passport and policies apply. Node users: npx @aporthq/aport-agent-guardrails (then choose framework) or npx @aporthq/aport-agent-guardrails <framework>. Python users (LangChain/CrewAI/DeerFlow): run the same CLI for the wizard and config, then install the Python package shown in the framework doc.
APort Agent Guardrails
