Runtime policy control plane
for production agents.
Block, degrade, escalate — without a redeploy. Behavioral governance that adapts in real time.
Block, degrade, escalate — without a redeploy. Behavioral governance that adapts in real time.
OPA, Cedar, and Casbin answer "is this allowed?" — a static yes/no. agentplane answers "how should this agent behave right now, given everything that's happened" — and changes the answer without a redeploy.
| OPA / Cedar / Casbin | agentplane | |
|---|---|---|
| Decision model | Static yes/no | ✓ Stateful behavioral history |
| Runtime update | Config reload | ✓ Live — no restart |
| Versioning | External | ✓ Built-in (diff, rollback, promote) |
| Escalation | None | ✓ Alert → HITL → Degrade → Block |
| Degradation | None | ✓ Modes with timed recovery |
| Plug/Unplug | None | ✓ Hard lockout per agent or tenant |
| Agent-native | No | ✓ hookpoints, tenant_id, token/cost budgets |
| Audit | External | ✓ Append-only JSONL, every evaluation |
# zero-dependency core
pip install agentplane-py
# with OpenTelemetry
pip install "agentplane-py[otel]"
# with persistent store + sync
pip install "agentplane-py[sqlite,sync]"
# everything
pip install "agentplane-py[all]"from agentplane import (
PolicyEngine, Policy, Selector, PolicyContext,
AllowlistRule, RateRule, RedactRule, AuditRule,
)
engine = PolicyEngine()
engine.add_policy(Policy(
id="acme.data-access.v1",
selector=Selector(tenants=["acme"], tools=["sql_run"]),
blocking=[
AllowlistRule(tools=["sql_run", "search"]),
RateRule(limit=100, window="1h", per="tenant"),
RedactRule(fields=["ssn", "api_key"]),
],
non_blocking=[AuditRule()],
priority=100,
))
ctx = PolicyContext.new(
agent_id="my-agent", tenant_id="acme",
hookpoint="before_tool_call", tool_name="sql_run",
)
await engine.evaluate(ctx) # raises PolicyBlocked or PolicyDegraded on enforcementEverything needed to govern agents in production — without changing agent code.
Blocking rules wait for a decision. Non-blocking rules fire async. Agents never wait for audit, alerts, or metrics.
Time-aware chains: Alert → HITL → Degrade → Block. Tracks history — 3 breaches in 10 min escalates differently than 1 breach a week ago.
Hard lockout per agent or entire tenant. Cut all access instantly — no redeploy. Re-plug to restore. Perfect for budget exhaustion or incidents.
Publish, diff, rollback. Every change is audited. Rollback creates a new version — history is never destroyed.
Target by agent, tenant, tool, hookpoint, or tag. One policy can cover all agents; another just one tool for one tenant in prod.
One line: engine.attach(registry). Policies enforce at hookpoints automatically — no agent code changes.
Embed in-process for zero latency. Or run the service for centralized policy management. Both sync — agents work offline.
READ_ONLY · NO_EXTERNAL · RATE_THROTTLE · HUMAN_LOOP · SAFE_TOOLS_ONLY · FULL_BLOCK. Auto-recover by time or condition.
Hard kill switch for agents. Cut all access — no rules evaluated, no tools reachable — until you re-plug.
from agentplane import PolicyEngine, PlugBoard
board = PlugBoard()
engine = PolicyEngine(plug_board=board)
# Agent runs out of daily budget — cut all access
board.unplug("billing-agent", reason="budget exhausted", by="ops-team")
# Security incident — lock out entire tenant
board.unplug_all("acme", reason="security incident", by="security-team")
# Restore access
board.plug("billing-agent")| Rule | Type | Description |
|---|---|---|
| AllowlistRule | blocking | Tool allowlist |
| DenylistRule | blocking | Tool denylist |
| RedactRule | blocking | Mark fields as redacted in audit |
| RateRule | blocking | Sliding-window rate limiter per agent/tenant/session |
| RequireTenantRule | blocking | Tenant allowlist |
| TokenBudgetRule | blocking | Token budget per window |
| CostBudgetRule | blocking | USD cost budget per window |
| ApiAllowlistRule | blocking | API path + method allowlist |
| ApiDenylistRule | blocking | API path + method denylist |
| InjectionScanRule | blocking | Prompt injection detection |
| AuditRule | non-blocking | JSONL audit every evaluation |
| AlertRule | non-blocking | Log / webhook alerts |
| CostTrackingRule | non-blocking | Cumulative cost tracking |
| MetricsRule | non-blocking | OTel metrics emission |
| PIIScanRule | non-blocking | PII detection and logging |
agentplane is the control plane. Each layer has one job.