tenra Guardrail is a local-first desktop application for running AI agents inside explicit runtime boundaries. The desktop shell wraps a Rust service and routes agent actions through a Tool Host boundary instead of letting models execute tools directly.
The project is not a generic SaaS starter. Its center of gravity is policy enforcement, approvals, auditability, provider configuration, and local runtime control.
- Define a deny-by-default Tool Host boundary for agent actions.
- Keep policy enforcement deterministic and inspectable.
- Separate UI, runtime service, provider configuration, and policy contracts.
- Provide local diagnostics and exportable snapshots for audit review.
- Agents never execute tools directly.
- Network-capable tooling is disabled by default in v0.
- Desktop-first because local filesystem, process, approval, and secrets boundaries live on the machine.
- Web and mobile surfaces are placeholders until the runtime spine is mature.
- Policy and runtime contracts are shared packages, not UI-only conventions.
apps/
desktopapp/ Primary Tauri + React product surface
webapp/ Future web placeholder
mobileapp/ Future mobile placeholder
packages/
runtime-contracts/ Tool Host and runtime service contracts
policy/ Deny-by-default policy helpers
provider-config/ Provider catalog and defaults
secrets/ Secret-detection descriptors and redaction helpers
privacy/ Privacy defaults and audit redaction rules
api-contracts/ UI-to-runtime command and event contracts
domain/ Product models and seeded records
validation/ Runtime validation helpers
ui/ Shared navigation and product copy
- The desktop app is the only active product surface.
- Web and mobile apps are placeholders for future activation.
- Runtime, policy, provider, privacy, and validation packages define the v0 spine.
- The local runtime diagnostics and JSON snapshot export support review work.
Guardrail is a local desktop product scaffold. It should not be positioned as a complete agent-safety platform until real Tool Host enforcement, approval UX, audit storage, provider handling, and OS-level boundaries have been validated.
pnpm run bootstrap
pnpm run dev:desktop
pnpm run launch:desktop
pnpm run verify:all
pnpm run doctor- Harden the Tool Host boundary and runtime command model.
- Add approvals and audit persistence before expanding tool coverage.
- Keep provider configuration explicit and local-first.
- Activate web or mobile surfaces only when they support the runtime model.