Introduction
KalGuard is an open-source, enterprise-grade security layer for AI agents. It runs as a sidecar process that mediates every prompt and tool call your agent makes — enforcing policy, filtering dangerous inputs, and producing an immutable audit trail.
The Problem
Autonomous AI agents introduce a class of risk that traditional application security does not address:
| Challenge | Impact |
|---|---|
| Prompt injection | Adversarial inputs can override agent instructions |
| Uncontrolled tool access | Agents may invoke dangerous operations without authorization |
| Lack of audit trail | No structured record of what the agent actually did |
| Implicit trust | Most frameworks assume the agent is trustworthy by default |
The KalGuard Approach
KalGuard treats every agent as untrusted by default and enforces five design principles:
- Zero Trust — every request is validated against policy before execution.
- Fail Closed — if evaluation errors or the sidecar is unreachable, access is denied.
- Agent Agnostic — works with OpenAI, Anthropic, LangChain, custom frameworks, or local models.
- Environment Agnostic — deploy locally, in Docker, on Kubernetes, or on bare-metal VMs.
- Security as Infrastructure — the sidecar is a separate process, not library code inside your agent.
Core Components
┌──────────────┐ HTTP / SDK ┌──────────────────┐
│ │ ─────────────────► │ │
│ AI Agent │ │ KalGuard Sidecar│
│ │ ◄───────────────── │ │
└──────────────┘ allow / deny └────────┬─────────┘
│
┌──────────────┼──────────────┐
│ │ │
Policy Engine Prompt Firewall Audit Log
Tool Mediator
| Component | Responsibility |
|---|---|
| Policy Engine | Evaluates declarative JSON rules (first-match, fail-closed) |
| Prompt Firewall | Risk scoring, injection detection, PII redaction, content filtering |
| Tool Mediator | Allowlist/denylist, schema validation, per-tool rate limiting |
| Agent Identity | Short-lived JWT tokens scoped to specific capabilities |
| Audit Logger | Structured, append-only JSON logs (SIEM-ready) |
| SDK Client | TypeScript helper that wraps HTTP calls to the sidecar |
Use Cases
- Enterprise AI deployments — enforce uniform security policy across an agent fleet.
- Regulated industries — maintain audit trails and access controls for compliance.
- Multi-tenant platforms — isolate agent capabilities per customer or environment.
- Development & testing — sandbox agent behavior before promoting to production.
Free vs. Cloud (Pro & Enterprise)
KalGuard is fully functional as an open-source, self-hosted solution. For teams that need centralized management, higher limits, and advanced features, KalGuard Cloud adds a managed dashboard layer.
| Capability | Free (OSS) | Pro ($49/mo) | Enterprise |
|---|---|---|---|
| Security checks/day | 1,000 | 100,000 | Unlimited |
| Agents | 1 | Unlimited | Unlimited |
| Audit retention | 7 days | 90 days | 365 days |
| Prompt firewall | Basic | Advanced + PII redaction | Advanced + PII |
| Usage analytics | — | Dashboard | Dashboard |
| Custom policy rules | — | Yes | Yes |
| SSO / SAML / SLA | — | — | Yes |
To connect your sidecar to KalGuard Cloud, set a single environment variable:
export KALGUARD_API_KEY=kg_live_your_api_key_here
See KalGuard Cloud for details.
What's Next?
- Quick Start — get KalGuard running in five minutes.
- Architecture — understand the sidecar model in depth.
- Installation — comprehensive install guide for every platform.