Skip to main content
For Companies & Teams

Govern what your agents run — before they run it

When agents install and execute capabilities at runtime, “what code ran, under what policy” becomes a governance question. AgentNode answers it with a pre-execution control plane: trust tiers, the Guard policy gateway, lockfile integrity, sandbox-or-fail-closed, and a local audit trail — enforced locally, before anything runs.

Agents that install and run third-party code need a control plane

AgentNode is local-first and governed before rollout: you decide which packages may install and run, the runtime enforces it fail-closed, and every decision is recorded — on your machines, not ours.

Stay in control

Minimum trust level

Set a floor (e.g. trusted or curated). Packages below your bar are denied before they execute — not after.

Guard policy gateway

Every install and tool action is classified allow / prompt / deny, with rate limits and input inspection. Fail-closed by default.

Sandbox or fail-closed

Untrusted community code runs in a hardened container or not at all — never silently on the host. If no sandbox is available, it is blocked.

Lockfile integrity

Pin exactly what runs and verify it in CI with agentnode lock verify. Tampered entries are denied in strict mode.

No silent approvals in CI

In CI and other non-interactive contexts, any “prompt” decision escalates to a denial — automation never auto-approves.

Local audit trail

Every policy decision is recorded to a local audit log (~/.agentnode/audit.jsonl) that never leaves your machine.

Roll out on your terms

Choose how much agents may do on their own, and keep your data where it belongs.

off

Detection only — nothing installs automatically; a human decides.

safedefault

Auto-installs only verified-or-higher packages.

strict

Auto-installs only trusted or curated packages — the tightest bar.

Local-first & data sovereignty: no telemetry, tool inputs/outputs and prompts never reach AgentNode, and the runtime works offline once packages are installed. See data sovereignty.

Honest limits

Trust is earned by being precise, not by overclaiming. So we state the boundaries plainly:

  • Trusted and curated packages run host-side with policy checks and subprocess isolation — not OS-level filesystem or network sandboxing. Container isolation applies to untrusted/community code.
  • AgentNode does not currently offer SSO/SAML, RBAC, organization or seat management, a private or self-hosted registry, compliance certifications (SOC 2, HIPAA, ISO), or SLAs. Governance today is the local, fail-closed control plane described above.

Full detail in the security model.

Evaluate AgentNode for your team

Review the security model and Guard, try the runtime, and reach out with security questions.

Security questions? security@agentnode.net