ARF · Agent Rule Framework · It's the agent watchdog!

ONE PROXY. ONE POLICY PLANE. ALL AGENTS.

ARF the Agent Runtime Firewall sits between your AI coding agents and the world. Every request governed. Every action attested. Every decision cryptographically sealed. Works with any CLI, any model, zero code changes.

See How It Works View the TUI Documentation →
ARF AGENT RULE FRAMEWORK · GOVERNANCE PROXY
Sessions
[claude] refactor auth module
tokens: 28.4k  ·  running
✓ Write(session.ts) approved
─────────────────────────
[gemini] update integration tests
tokens: 8.7k  ·  running
✓ Read(*.test.ts) auto-approved
─────────────────────────
[codex] clean build artifacts
tool: Bash(rm -rf /)
BLOCKED: no-destructive-commands
Governance · standard
Grade: A ● Nominal
violations: 0  ·  blocked: 1
budget: 68% used
─────────────────────────
Circuit Breakers
CLOSED token_budget
CLOSED repeated_failure
─────────────────────────
Provenance Chain
✓ 142 records · Ed25519 intact
↑/↓:agents · Tab:prompt · F1:nav · q:quit F1:Nav  F4:Launch  F7:Govern  F8:Settings
ARF stands for a lot of things. It's the agent watchdog.

Agent Rule Framework.
Also:

When intercepting
Agent Runtime Firewall
sits between agent and API like a firewall sits between your LAN and the internet
When attesting
Attestation & Record Foundation
Ed25519 signatures and hash-chained proof bundles not logs
When governing
Authority Reference Framework
declarative policy, circuit breakers, governance profiles
When orchestrating
Autonomous Runtime Framework
work graphs, fan-out dispatch, parallel agent branches
When sandboxing
Agent Relay Fence
jailed worktrees, OS-level isolation, network policy enforcement
When auditing
Audit Record Foundry
tamper-evident Merkle DAG, session attribution, compliance export
When filtering
Agent Router & Filter
inbound/outbound message interception and rewriting
When assessing risk
Agent Risk Framework
health grading A–F, circuit breakers, violation tracking
When adapting
Adaptive Runtime Framework
any CLI runner, any model engine, one governance plane
The core idea

Governance at the
infrastructure layer.
Not the framework layer.

Every other approach to agent governance requires you to use their SDK, their framework, their agent runtime. ARF doesn't care what your agents are built on. It intercepts at the HTTP layer between the CLI tool and the API so governance just works, for every agent, transparently.

No SDK changes. No prompt wrappers. No agent modifications. Point your CLI tool's API endpoint at ARF, set your policy, and your agents are governed.

How interposition works →
YOUR CLI TOOL
claude · codex · gemini · ollama · deepseek · qwen
│ HTTPS
ARF PROXY
policy · governance · attestation · steering
│ HTTPS (translated)
MODEL API
anthropic · openai · google · ollama · deepseek
What ARF the Agent Risk Framework does
01 · Interposition
Agent Interposition & Protocol Translation

HTTP proxy between CLI and API. Bidirectional protocol translation between Anthropic, OpenAI, and Gemini wire formats. One ARF, any runner, any model.

 02 · Governance
Declarative Policy & Circuit Breakers

TOML-based rules. Circuit breakers that trip on violations. Governance profiles: Strict, Standard, Minimal. Health grades A–F. Compatible with industry policy languages.

 03 · Audit
Proof Beyond Git History

Ed25519-signed, SHA-256 hash-chained proof bundles. Merkle DAG for concurrent branches. Not what changed but what the agent decided, under what policy, by whose approval.

 04 · Planning
Propose, Approve, Execute, Seal

Agent work goes through a governed lifecycle. Agents propose before they act. Humans approve. Completed work gets a cryptographic seal. Cross-agent review workflows.

 05 · Environments
Controlled Dev Environments

Jailed git worktrees. OS-level sandboxing (macOS sandbox-exec, Linux unshare namespaces). Network policy enforcement. Local or remote. The Agent Relay Fence.

 06 · Compatibility
Every Runner. Every Engine.

Works with Claude, Codex, Gemini CLI, Ollama, DeepSeek, Qwen, and any OAI-compatible local model. The Adaptive Runtime Framework.

 07 · Orchestration
Work Graphs & Parallel Agents

UIA (Unified Instruction Assembly) decomposes complex tasks. Fan-out to multiple agents in parallel. Merge only branches that pass governance. The Board coordinates everything.

 08 · Steering
Inbound & Outbound Message Control

Intercept and rewrite messages before the agent sees them or after it responds. Add context, constraints, corrections. Detect and block prompt injection. The Autonomous Request Filter.

 09 · Interface
The ARF Terminal Dashboard

Live proxy traffic. Governance events. Circuit breaker controls. Config hot-reload. Session persistence. Diff viewer. Agent call signs. The Agent Rendering Framework.

 10 · Examples
Wild Things You Can Do With ARF

12 agents in parallel, quality-gated merges. Dead man's circuit breakers. Fully auditable AI code review pipelines. Route tasks by type to different models. And a lot more.
The fundamental claim

PROOF, NOT LOGS.

Logs can be altered. Logs can be deleted. Logs only exist if someone remembered to write them. ARF's Attestation & Record Foundation produces cryptographically signed, hash-chained proof bundles that cannot be silently modified.

Every agent action is signed with Ed25519. Every record is hash-linked to the previous break the chain and you know something was tampered with. Concurrent agent branches are organized into a Merkle DAG that can be verified in whole or in part.

When you need to know what happened, ARF tells you not just what the agent did but what it was asked to do, what policy governed it, whether a human approved it, and exactly when each event occurred in the cryptographic chain.

Explore audit trails →
Session ARF-029F · Ed25519
block:0001
type: session_start · policy: STRICT
hash: 029f3a4b8c…
│ links to ↓
block:0002
type: tool_call · Write(src/main.rs)
approved: human · policy check: pass
hash: 02a04f9d1e… · prev: 029f3a4b8c…
│ links to ↓
block:0003
type: seal · work_complete
Ed25519 signature: 7f4a8b…
chain integrity: ✓ verified

READY TO GOVERN YOUR AGENTS?

Get Started See the TUI Press Release