Issue 01 · 2026

MeshGuard

The Governance Control Plane for AI Agents

Identity. Policy. Trust. Audit.
Who authorized this agent, what can it do, and who's responsible when things go wrong?

Core Modules

13+

Integrations

Anomaly Types

<5ms

Policy Latency

01The Problem

Agents have the keys to the kingdom.
Nobody's watching the door.

Enterprises are deploying AI agents everywhere — customer service bots, code assistants, research crews, autonomous workflows. Each agent gets API keys, database access, tool permissions, and the ability to call other agents.

But there is no governance layer. No identity management. No policy enforcement. No audit trail. Agents operate with implicit trust, and when one goes rogue — hallucinating actions, escalating privileges, leaking data — nobody knows until the damage is done.

Cloud had this same problem fifteen years ago. The answer was identity, API management, and endpoint security. For AI agents, the answer is MeshGuard.

“Who authorized this agent, what can it do, and who's responsible when things go wrong?”

73%

of enterprises lack agent governance

agents governed without MeshGuard

02The Solution

A governance gateway
that sits between agents and everything else.

MeshGuard is an API-first control plane that intercepts agent actions, checks them against policies, and enforces decisions in real time. Zero code changes. Sub-5ms overhead. Full audit trail.

Enroll

Register agents with cryptographic identities. Assign trust tiers, permission boundaries, and capability surfaces. Integrate with your IdP.

POST /admin/agents
{
  "name": "research-crew",
  "tier": "verified",
  "capabilities": ["read", "search"],
  "delegation": { "maxDepth": 2 }
}

Enforce

Route agent traffic through the gateway. Policies evaluate every action against declarative YAML rules. Deny, allow, or escalate — in real time.

# policy.yaml
rules:
  - agent: "research-crew"
    action: "write"
    resource: "production/*"
    effect: deny
    alert: slack

Audit

Every action is logged with correlation IDs, trace chains, and immutable records. Query the full history of any agent, any action, any time.

GET /admin/audit?agent=research-crew

{
  "entries": 1247,
  "denied": 23,
  "escalated": 4,
  "anomalies": 1
}

03Capabilities

Eight modules.
One control plane.

Every piece of the governance puzzle, purpose-built for AI agents and assembled into a single, coherent system.

Agent Identity

Cryptographic credentials and IdP integration. Every agent gets a verifiable identity before it touches anything.

Policy Engine

Declarative YAML rules enforced at the gateway in real time. No code changes, no redeployments.

Trust Scoring

5-component behavioral trust scores. History, anomaly, delegation, tenure, and voucher signals — updated continuously.

Delegation Chains

Permission ceilings, depth limits, and signed receipts for agent-to-agent calls. No privilege escalation.

Anomaly Detection

9 anomaly types, 4 severity levels, 5 auto-actions. Catches scope violations, rate spikes, and data exfiltration.

DLP Enforcement

Cross-boundary data loss prevention and automatic redaction. Sensitive data never leaves your perimeter.

Unified Audit

Correlation across all agent calls with immutable logs and trace IDs. Full chain of custody, always.

Alerting

Webhook, Slack, and email notifications for policy events. Your team knows the moment something deviates.

04Trust System

Trust is earned.
Never assumed.

Every agent starts at zero. MeshGuard computes a behavioral trust score from five weighted signals, updated continuously as agents operate.

History

Anomaly

Delegation

Tenure

Voucher

Trust Tiers

Unverified

0–39

New agents. Read-only access, no delegation, full audit logging.

Verified

40–59

Identity confirmed. Limited write access, supervised delegation.

Trusted

60–79

Track record established. Broader permissions, can delegate to verified agents.

Privileged

80–100

Full trust. Unrestricted operations within policy bounds, deep delegation chains.

05Integrations

Works with every
agent framework you use.

Native SDKs for Python, JavaScript, and .NET. First-class integrations with every major agent platform. Add governance in minutes, not months.

LangChain

Governed tools and toolkits via Python decorator

CrewAI

Per-agent policies for multi-agent crews

AutoGPT

Rate limiting, circuit breakers, cost tracking

Claude Code

Pre/post tool hooks with policy profiles

OpenAI Agents

Governed tool calls and handoffs

Bedrock Agents

AWS agent governance and data access control

Vertex AI

Google multi-agent governance

Semantic Kernel

.NET function invocation filters

pip install meshguard

npm install meshguard

brew install meshguard/tap/meshguard

06Pricing

Governance that scales
with your agent mesh.

Start with 50 agents. Scale to unlimited. Every plan includes the full platform.

Starter

$2K

per month

✓50 governed agents
✓100K policy checks/mo
✓Full policy engine + audit
✓Trust scoring + anomaly detection
✓Email support

Shipped fast.
Building faster.

Foundation

Shipped

Gateway, policy engine, audit logging, Python/JS/.NET SDKs, CLI, docs, status page, billing

Jan 2026

Trust System

Shipped

Behavioral trust scoring, delegation chains, anomaly detection (9 types), trust API

Jan 2026

Ecosystem

In Progress

SSO/OAuth, webhook integrations, policy templates, Go and Rust SDKs, granular RBAC

Q1 2026

Enterprise

Planned

SOC 2 Type II, multi-region, policy playground, GitHub Actions, Terraform provider

Q2 2026

Frontier