EMILIA Agent Guard

One line of code between your agent and a catastrophe.

Your AI agent can move money, delete production data, send email, sign contracts. Agent Guard stops every irreversible action at the pre-execution moment and requires a signed human yes — or a policy that proves it’s safe. Vendor-neutral. Works with any framework.

Watch an agent get stopped →Start free — get a key

The integration

Wrap the dangerous action. Ship the same day.

No proxy to deploy. No data path to reroute. You call the gate at the decision point; EMILIA answers allow, require signoff, or deny — decided by a policy engine with 26 machine-checked safety theorems behind it.

The HTTP call below is live. The SDK wrapper is the ergonomic version of the same thing. Exact signatures in the docs.

# Ask EMILIA whether this exact action may proceed — before it runs.
curl -s https://www.emiliaprotocol.ai/api/trust/gate \
  -H 'content-type: application/json' \
  -d '{
    "actor":   "agent_invoice_bot",
    "action":  "payment.release",
    "context": { "amount": 50000, "destination": "acct_9f12" }
  }'

# → { "decision": "allow_with_signoff",
#     "reason": "ai_agent_payment_action",
#     "signoff_required": true }

import { guard } from '@emilia-protocol/sdk';

// Wrap anything irreversible. One line.
const decision = await guard({
  actor:   agent.id,
  action:  'payment.release',
  context: { amount: 50_000, destination: invoice.account },
});

if (decision.deny) throw new Error('Blocked by policy');
if (decision.signoffRequired) {
  await decision.waitForHuman();   // blocks until a named human approves
}

// Proceeds only with a signed, verifiable Trust Receipt:
await bank.wire(invoice);          // decision.receipt is your audit evidence

What happens on every call

Intercept, decide, prove.

01

Intercept

Your agent is about to do something it can’t take back. One guard() call routes the exact action — actor, intent, parameters — to EMILIA before it touches the real world.

02

Decide

The formally verified policy engine returns one of three answers: allow (safe, proceed), allow-with-signoff (a named human must approve this exact action), or deny (a hard rule says no). No ambiguity, no silent pass.

03

Prove

Every decision emits a signed, Merkle-anchored Trust Receipt — who approved what, when, bound to the action hash. Auditor-grade evidence, verifiable offline with @emilia-protocol/verify. No EMILIA server required to check it.

Drop into any stack

If your agent calls tools, EMILIA can guard them.

Agent Guard is framework-agnostic middleware, not a lock-in. It sits at the action boundary, wherever that is in your loop — and it doesn’t care whose model your agent runs on.

LangChain

Wrap any tool before .invoke()

CrewAI

Gate a crew’s high-risk tasks

AutoGPT

Guard the action execution step

LlamaIndex

Approve tool-calling agents

Vercel AI SDK

Guard inside tool() handlers

Model Context Protocol

Native MCP server · 34 tools

The agent that tried to

Four things you never want an agent to do unsupervised.

Run it live →

TREASURYPolicy-enforced

Agent tries to wire $50K

An invoice-paying agent attempts a payment to a new account. Blocked. A named human signs off. Wire proceeds with a receipt.

INFRAIllustrative

Agent tries to drop prod

A coding agent runs a destructive migration on the production database. The action is gated before it executes.

BENEFITSPolicy-enforced

Agent redirects a benefit

An agent changes the bank account on a benefits case. Blocked pending an accountable caseworker signoff — due process, proven.

DATAIllustrative

Agent exfiltrates PII

An agent attempts to export a table of personal records to an external destination. The high-risk write is intercepted.

Don’t ship an agent without a kill switch.

EP Core is free and open source. Self-host the protocol, the SDK, and the MCP server today. Add the hosted control plane when you need policy management and audit at scale.

See pricing Read the docs How it works