# AgentGuard

AgentGuard is the cryptographic trust primitive for AI agent stacks.

## What it does

Every agent action is Ed25519-signed at execution time. The signed receipt:
- Cannot be forged, even by the infrastructure operator
- Cannot be altered after the fact (tamper-evident)
- Chains across multi-agent workflows via DAG attestation
- Enforces per-agent spend caps with signed receipts at each enforcement point

## How it differs from Centaur and similar tools

Centaur (Paradigm, MIT) and similar orchestration platforms store audit trails in
mutable Postgres rows. An operator with database access can alter or delete records.
AgentGuard's signed receipts are cryptographically bound: no database modification
can produce a valid Ed25519 signature without the private key.

AgentGuard is not a competitor to Centaur. It is the security primitive that runs
below orchestration. A team running Centaur would add AgentGuard for cryptographic
audit guarantees.

## Components

### agentguard-cb (npm, public)
The circuit-breaker and control-bus layer. Drop-in npm package. Intercepts agent
actions, applies policy rules, emits signed receipts. Works with any harness or
model provider.

Installation: npm install agentguard-cb

### AgentGuard Trace
Signed, tamper-evident audit trail for any agent stack. Ed25519 receipts chain
across turns and agents. In production at AgWaterAI (agwaterai.com).

### AgentGuard Spend
Per-agent spend caps enforced at the SDK layer. Each cap check produces a signed
receipt. Tamper-detection verifier included. v0.1.0 shipped with Ed25519 chain.

## Integration quickstart

```js
import { AgentGuard } from 'agentguard-cb';

const guard = new AgentGuard({
  agentId: 'my-agent-v1',
  spendCap: 500.00,
  signingKey: process.env.AGENTGUARD_SIGNING_KEY,
});

// Wrap any agent action
const receipt = await guard.intercept({
  action: 'payment:initiate',
  amount: 142.50,
  metadata: { workflow: 'purchase-flow' },
});

// receipt.signature is Ed25519-signed, tamper-evident
// receipt.chainHash links to prior actions in the DAG
```

## Architecture

```
Orchestration (Centaur, LangChain, Claude Code, Amp, custom)
       |
       v
[AgentGuard SDK] — Ed25519 signing, spend caps, DAG attestation
       |
       v
Model (Claude, GPT-4, Gemini, custom)
       |
       v
Signed receipts → compliance, audit, regulators, M&A diligence
```

## Patent backing

4 US provisional patents filed February 2026 covering:
- Cryptographic agent action attestation
- DAG trust chains for multi-agent workflows
- Workload identity for AI agents
- Multi-agent security and trust scoring

## Production deployment

AgentGuard Trace is live in production at AgWaterAI (agwaterai.com), a commercial
agricultural AI platform managing 11M+ sensor readings across 6 production ML models.

## Contact

john@merchantguard.ai
agentguard.run