Cost and safety guardrails for AI agents. Drop-in Python SDK.
Four runtime guards. Wrap them around your agent. That's the whole API.
Stop an agent before it burns through $X.
from agentguard47 import Guard
with Guard(budget_usd=5.00):
agent.run(task)Kill runaway agents before they tool-call 10,000 times.
with Guard(max_tool_calls=50):
agent.run(task)Hard time ceiling on agent execution.
with Guard(timeout_s=300):
agent.run(task)Cap tool calls per minute.
with Guard(max_tool_calls_per_min=10):
agent.run(task)The open source SDK is always free. Pro and Team add the hosted dashboard, longer event history, and email alerts.
| Open source | Pro | Team | |
|---|---|---|---|
| Price | Free | $39/mo | $79/mo |
| Runtime guards | ✓ | ✓ | ✓ |
| Local telemetry | ✓ | ✓ | ✓ |
| MIT license | ✓ | ✓ | ✓ |
| Hosted dashboard | — | ✓ | ✓ |
| Event history | — | 500K | 5M |
| Users | 1 | 1 | 10 |
| Email alerts | — | ✓ | ✓ |
| Team visibility | — | — | ✓ |
pip install agentguard47 | Start trial | Start trial |
Pro and Team links use Stripe hosted checkout via NEXT_PUBLIC_STRIPE_AGENTGUARD_PRO_LINK / NEXT_PUBLIC_STRIPE_AGENTGUARD_TEAM_LINK env vars. Set these in Vercel before shipping.
I wrote AgentGuard because the existing options all point at a different problem. Lakera is about prompt injection. Guardrails AI is about output validation. Platform-native guardrails ship with a single vendor and lock you in. None of them stop an agent from burning $200 of OpenAI credit in a runaway loop at 2 AM.
AgentGuard is runtime only. It sits between your code and the model, counts cost and tool calls and wall-clock time, and raises before you get the surprise bill. It works the same whether you're calling GPT-5, Claude, a local llama.cpp server, or something I haven't heard of yet.
I built it for my own agents. I run it on my autotrader and on the agents that post this blog. If it works for me at 2 AM, it should work for you.