For platform & infra leads

Govern your agents without renting governance from your model's vendor.

AgentGuard® runs as a library inside your runtime — no proxy, no data plane. Enforce spend caps before a call is dispatched, prove every agent action with a signed tamper-evident ledger, and see the spend a provider console can't: the open-weight and self-hosted dark tokens.

Prompts, provider keys, and the signing key never leave your process. Governance is a library review, not a data-vendor security review.

npm install @agentguard-run/spend Watch the attestation demo → Verify a receipt →
no data planeEd25519 signed ledgerworks with OpenAI · Anthropic · Bedrock · OpenRouter · self-hosted
The reckoning is here

Your token bill doubles every 45 days. Then the CFO asks for the ROI.

Cheap tokens didn't reduce the problem — they multiplied it. Teams run parallel agents across a mix of frontier APIs, open-weight models, and self-hosted GPUs. Spend fragments; attribution disappears; nobody can prove what each agent did or spent.

What a provider console can't answer: which agent, which job, which hour — and it never sees the open-source and self-hosted usage at all, because those tokens never touch a provider's bill. You can't govern what you can't see.
Why not native provider controls, or a proxy

You can't rent governance from a vendor you might compete with.

Frontier labs watch where value accrues on top of their models, then move in — Figma → Claude Design, Cursor → Claude Code. Your spend governance and audit trail shouldn't be owned by the vendor that may one day compete with you. And a proxy sees only its own traffic — it can't gate a cross-agent chain, and it can't see a token it never routed.

"You can't rent intelligence from the same place that rents it to your competitor."— the AI-sovereignty argument now driving enterprise buying decisions
What you get

A neutral control plane, one npm install.

Pre-dispatch spend caps

Block or downgrade a call before it costs money, scoped by model, provider, agent, or workflow. The saved-by-policy number is the ROI line the CFO asked for.

See the quickstart →

Signed, tamper-evident ledger

Every decision is Ed25519-signed and hash-chained in your runtime. Anyone with the public key can verify it. Nothing to certify because nothing leaves the process.

Verify a receipt →

Multi-agent attestation

Gate a payment on an unbroken, signed cross-agent chain. Tamper one upstream receipt and the escalation is denied. A proxy can't do this — it sees single calls.

Watch the demo →

Dark-token cost attribution

See spend by hour, model, and workload — including the self-hosted and open-weight usage no provider bill shows. Frontier-vs-dark split, computed from the signed ledger.

Read the docs →
Built for a headless, multi-model world

Governance that follows the model — even your own weights.

Start the quickstart → Watch the attestation demo →
All terminology (receipt, audit log, attestation, evidence) describes cryptographically-signed software records — not legal definitions or guarantees of compliance.

AgentGuard® Reg. No. 8281464 · DAG Trust Attestation Tokens, Patent D §7.3 (App. No. 63/984,626), and additional U.S. provisional applications · Dunecrest Ventures Inc.