[bmdpat]
LIVE

AgentGuard

Runtime guardrails for AI agents. Budget caps, loop detection, timeouts, rate limits, and kill switches in a drop-in Python SDK.

20,000+ downloads3 starsMITv1.2.10

Stats update hourly from PyPI and GitHub. Downloads use a conservative floor when upstream totals are unavailable.

Start 14-day trial

Not sure what to guard?

Scan your agent idea first.

Describe the workflow, tools, users, and expected usage. The Agent Roadmap Scanner returns likely runtime risks, first guardrails, and where AgentGuard fits.

Run the scanner

Quickstart

Install it, trip a guard, then wire it into your agent.

AgentGuard is not magic middleware. You record usage where money or loops happen. When a limit trips, it raises an AgentGuardError with the reason.

1. Install

PyPI package name is agentguard47.

2. Prove local setup

Run the doctor before wiring your real agent.

agentguard doctor --json

3. Catch failures

Budget, loop, timeout, and rate guards raise before the run keeps spending.

except AgentGuardError as exc:
    print(f"stopped: {exc}")
minimal raw python
from agentguard import (
    AgentGuardError,
    BudgetGuard,
    LoopGuard,
    RateLimitGuard,
    TimeoutGuard,
    Tracer,
)

budget = BudgetGuard(max_calls=3)
loop = LoopGuard(max_repeats=3)
rate = RateLimitGuard(max_calls_per_minute=60)
timeout = TimeoutGuard(max_seconds=5)
tracer = Tracer(service="inbox-agent", guards=[rate])

try:
    with timeout:
        with tracer.trace("agent.run") as span:
            for step in range(5):
                budget.consume(calls=1)
                loop.check("search", {"query": "same query"})
                span.event("tool.call", data={"step": step, "tool": "search"})
except AgentGuardError as exc:
    print(f"AgentGuard stopped the run: {exc}")
openai wiring
from agentguard import AgentGuardError, BudgetGuard, LoopGuard, TimeoutGuard, Tracer
from agentguard.instrument import patch_openai
from openai import OpenAI

budget = BudgetGuard(max_cost_usd=2.00, max_calls=20)
loop = LoopGuard(max_repeats=3)
timeout = TimeoutGuard(max_seconds=300)
tracer = Tracer(service="support-agent")
patch_openai(tracer)

client = OpenAI()

try:
    with timeout:
        with tracer.trace("agent.openai") as span:
            for step in range(20):
                budget.consume(calls=1)
                span.event("agent.step", data={"step": step})
                response = client.chat.completions.create(
                    model="gpt-4o-mini",
                    messages=[{"role": "user", "content": "Summarize this inbox"}],
                )
                loop.check("chat.completions.create", {"step": step})
                print(response.choices[0].message.content)
                break
except AgentGuardError as exc:
    print(f"AgentGuard stopped the run: {exc}")

What it does

Four runtime guards. Put the checks where cost, tools, or time actually happen.

Budget guard

Stop an agent before it burns through $X.

from agentguard import BudgetGuard

budget = BudgetGuard(max_cost_usd=5.00, max_calls=50)
budget.consume(calls=1, cost_usd=0.02)

Loop guard

Kill runaway agents before they tool-call 10,000 times.

from agentguard import LoopGuard

loop = LoopGuard(max_repeats=3)
loop.check("search", {"query": query})

Timeout guard

Hard time ceiling on agent execution.

from agentguard import TimeoutGuard

timeout = TimeoutGuard(max_seconds=300)
with timeout:
    run_agent()

Rate guard

Cap tool calls per minute.

from agentguard import RateLimitGuard

rate = RateLimitGuard(max_calls_per_minute=10)
rate.check()

Use this when

  • Your agent can call paid APIs in a loop.
  • You need a hard ceiling on calls, cost, elapsed time, or call rate.
  • You are shipping agents across more than one framework.
  • You want local guardrails first and hosted visibility later.

Do not use this when

  • You only need prompt-injection defense.
  • You only need JSON schema or output validation.
  • You need human approval workflows before every action.
  • You need a JavaScript SDK today.

Open source, Pro, Team

The open source SDK is always free. Pro and Team add the hosted dashboard, longer event history, and email alerts.

 Open sourceProTeam
PriceFree$39/mo$79/mo
Runtime guardsyesyesyes
Local telemetryyesyesyes
MIT licenseyesyesyes
Hosted dashboardnoyesyes
Event historyLocal500K5M
Users1110
Email alertsnoyesyes
Team visibilitynonoyes
pip install agentguard47Start trialStart trial

Want more like this?

AI agent builds, real costs, what works. One email per week. No fluff.

Why this exists

I wrote AgentGuard because the existing options all point at a different problem. Lakera is about prompt injection. Guardrails AI is about output validation. Platform-native guardrails ship with a single vendor and lock you in. None of them stop an agent from burning $200 of OpenAI credit in a runaway loop at 2 AM.

AgentGuard is runtime only. It sits between your code and the model, counts cost and tool calls and wall-clock time, and raises before you get the surprise bill. It works the same whether you're calling GPT-5, Claude, a local llama.cpp server, or something I haven't heard of yet.

I built it for my own agents. I run it on my autotrader and on the agents that post this blog. If it works for me at 2 AM, it should work for you.

FAQ

Why is the install name different from the import name?
Install `agentguard47` from PyPI. Import `agentguard` in Python. That is the public SDK module exposed by the package.
Why not use framework-native guardrails?
Framework guardrails usually handle model policy, tool schemas, or output validation. AgentGuard handles runtime failure: spend, repeated tool calls, call rate, and elapsed time. It is the layer you keep when you swap frameworks.
What data leaves my machine?
The OSS SDK does not need a network call to enforce guards. Trace events go to the sink you choose. If you use a local JSONL sink, they stay local. If you wire the hosted dashboard, send runtime metadata only. Do not put prompts or responses into trace data unless you intend to store them.
What is OSS and what is hosted?
The Python SDK is MIT and runs locally. The hosted trial is for dashboards, event history, and alerts when you want a product surface around the runtime events.
Which stacks does this work with?
Raw Python works directly. The SDK also exposes OpenAI patching and integration modules for LangChain, LangGraph, and CrewAI. You still decide where tool calls, costs, and events are recorded.

Start the 14-day trial.

No credit card until day 14.

Start trial