Local runtime wrapper for AI agents: sessions, replay, and hard caps
Project description
Vallignus ๐ฅ
The Infrastructure-Grade Firewall for AI Agents
Because prompts are not permissions.
Built for local agents, headless workflows, and unattended execution.
Problem
AI agents are unpredictable. They can loop indefinitely, overspend on API calls in seconds, or execute dangerous network requests that compromise security.
Solution
Vallignus is a local execution firewall that sits between your agent and the internet. It enforces who can run, what they are allowed to do, and logs every decision, without changing your code.
How It Works
โโโโโโโโโโโ โโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ
โ Agent โ โโโโถ โ Vallignus โ โโโโถ โ LLM / APIs / Netโ
โโโโโโโโโโโ โโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ
โ
identity + policy
+ spend limits
+ audit log
Every outbound request is checked against the policy before it leaves.
๐ 5-Minute Quickstart
Protect any AI agent with identity, limits, and audit - without changing your code.
Install
pip install vallignus
1. Initialize Vallignus
Creates local authority storage and cryptographic keys.
vallignus auth init
This creates:
~/.vallignus/
โโโ agents/
โโโ policies/
โโโ keys/
โโโ revoked/
2. Register an agent identity
vallignus auth create-agent \
--agent-id support-bot \
--owner "you@example.com"
An agent now has a stable identity.
3. Create a permission policy
Define what the agent is allowed to do.
vallignus auth create-policy \
--policy-id support \
--max-spend-usd 5 \
--allowed-domains "httpbin.org"
This policy allows:
- up to $5 in API spend
- network access only to
httpbin.org
Policies are versioned automatically.
4. Issue a signed execution token
export VALLIGNUS_TOKEN=$(vallignus auth issue-token \
--agent-id support-bot \
--policy-id support)
This token cryptographically binds:
- the agent identity
- the policy version
- an expiration time
5. Run your agent (no code changes)
vallignus run -- python agent.py
Vallignus will now:
- โ allow permitted requests
- โ block disallowed domains
- ๐ธ stop runaway spending
- ๐งพ log every allow/deny decision with identity and policy context
Example: Blocked Request
If your agent tries to access an unauthorized domain:
{
"decision": "deny",
"agent_id": "support-bot",
"owner": "you@example.com",
"policy_id": "support",
"policy_version": 1,
"deny_reason": "domain_not_allowed"
}
Nothing escapes silently.
What Vallignus Does
Before every network request, Vallignus asks:
"Is this agent allowed to do this under its policy?"
- If yes โ request proceeds
- If no โ request is blocked and audited
All decisions are enforced locally.
Why Not Just Kill the Process?
For simple local scripts, killing a process may be enough.
However many agent setups today run:
- headless or remote workloads
- long-lived background processes
- scheduled or unattended execution
- indirect network calls through libraries or subprocesses
In these cases, control often degrades into emergency shutdowns or power cuts.
Vallignus provides a safer middle layer by enforcing permissions before actions occur, rather than reacting after something goes wrong.
Why Monitoring Isn't Enough
Dashboards show damage after it happens. Alerts arrive too late.
By the time you see the spike:
- the budget is already gone
- the requests already hit production
- the agent already accessed what it should not have
Prevention must sit inline, not alongside.
Vallignus gates execution before it occurs. It does not observe and report. It decides and enforces.
What Vallignus is NOT
- โ Not a model wrapper
- โ Not prompt engineering
- โ Not surveillance
- โ Not cloud-hosted
Vallignus runs entirely on your machine.
When to Use Vallignus
- You're building autonomous agents
- You want hard spend limits
- You need domain allowlists
- You want auditability and reproducibility
- You don't trust "just prompts"
Key Commands
# Policy management
vallignus auth update-policy --policy-id X --max-spend-usd 50
# Token management
vallignus auth inspect-token <token> # Debug token contents
vallignus auth revoke-token --jti <id> # Instantly stop an agent
# Key rotation
vallignus auth rotate-key # Rotate signing keys
Demo
Project Status
Vallignus is early-stage infrastructure under active development.
APIs may evolve, but core guarantees are stable:
- local-only execution
- explicit permissions
- revocable authority
- auditable decisions
License
MIT
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file vallignus-0.4.0.tar.gz.
File metadata
- Download URL: vallignus-0.4.0.tar.gz
- Upload date:
- Size: 32.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
258477e68e741d387cfe5a069c82e8c5519dab6fd6231224678381b71597c8fc
|
|
| MD5 |
49bf7bf32516edcc49b7fe84f8463834
|
|
| BLAKE2b-256 |
359773b89c2e16d750d5e814a1ae708dde9732051eda6dba6ce3bc5481b2be58
|
File details
Details for the file vallignus-0.4.0-py3-none-any.whl.
File metadata
- Download URL: vallignus-0.4.0-py3-none-any.whl
- Upload date:
- Size: 27.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
42e30115181c079212817ab699eee914d17a620c100681f37c57cc4f67c247b7
|
|
| MD5 |
d0e0be93249938dde29277cb81290763
|
|
| BLAKE2b-256 |
72b0fe0b49cc2273eddc7f871a4555383c8b8218ddd03c09b7ba8e9e8fed33e1
|
