HN Showcase
Back to browse
GitHub Repository
0 starsTypeScript

Arbiter – Deterministic Guardrails for Agents

by randromeda·Apr 2, 2026·1 point·1 comment
Visit ProjectView on HN

AI Analysis

●●●BangerBig BrainSolve My ProblemShip It

OPA policies plus signed tokens beat prompt engineering for agent safety.

Strengths
  • Deterministic Rego policies replace probabilistic prompt-based guardrails for tool execution completely.
  • Signed allow tokens prevent replay attacks and verify identity at execution time.
  • Normalizes OpenAI, Anthropic, and LangChain calls into one canonical request shape.
Weaknesses
  • Alpha status means multi-tenant control plane isn't fully hardened for production yet.
  • Requires modifying tool executors to verify tokens, adding integration overhead.
Category
Security
Target Audience

Backend engineers building LLM agents, Enterprise security teams

Similar To

Guardrails AI · Lakera Guard · Open Policy Agent

Post Description

Most agent guardrails still depend on prompts or markdown files, or use IAM intended for humans which makes the process clunky. I used Open Policy Agent to create deterministic rules for what kind of tool calls the agent is able to execute.

Similar Projects

Security●●Solid

Clawsec - Open-source plugin for OpenClaw that blocks dangerous actions

Every tool call is caught by middleware, scored against built-in rulesets like destructive-commands, secrets/* and exfiltration/* in under 5ms, then enforced as block/confirm/allow via a clawsec.yaml — neat, pragmatic attack surface reduction. The demo and auto-generated config make onboarding trivial, but it currently reads as an OpenClaw-first solution; broader agent-framework integrations or stronger isolation guarantees would make this a must-install.

Solve My ProblemNiche GemSlick
subho007
114mo ago
Security●●●Banger

AvaKill – Deterministic safety firewall for AI agents (<1ms, no ML)

Deterministic <1ms policy kill switch for AI agent tool calls, zero ML.

Solve My ProblemBig BrainShip It
duroapp
333mo ago