Overview
Sec0 is an open-source SDK and runtime infrastructure for governing AI workflows with context-aware guardrails that evolve alongside your agents. It captures and curates high-quality trajectory data from orchestrator decisions, agent actions, tool calls, policy outcomes, and human-in-the-loop interventions to support safe, continuous agent improvement. It helps you reduce manual review by making the easy cases automatic:- allow the actions that are clearly safe
- deny the actions that are clearly out of policy
- escalate only the actions that are genuinely high risk or ambiguous
Allow 5%
Deny 8%
Escalate 87%
Allow 60%
Deny 25%
Escalate 15%
Why Sec0?
Modern agent systems cross more boundaries than the app code usually makes obvious:- orchestrator to agent
- agent to agent
- agent to tool server
- tool server to external API or data source
- Too many actions still require manual review because it is not obvious which ones are clearly safe.
- Runtime policy is scattered across agents, tools, and gateways, so the same rule is enforced inconsistently.
- Adding new data sources, tools, agent connections, or a new model or orchestrator version changes the risk profile again. Each time the runtime changes, safety has to be re-evaluated from scratch.
- When something goes wrong, there is no stable audit trail that explains who did what, with which context, and why it was allowed.
How Sec0 Improves Agent Behavior
Sec0 does not evaluate rules against static policy alone. Every rule check can use runtime context such as the actingnodeId, the current runId, the tool or target being accessed, the boundary being crossed, and the agent state propagated from earlier hops.
That context makes the decision layer more precise and gives you a usable improvement loop:
- Sec0 captures runtime context at each hop.
- Policy, Guard, and contextual evaluator checks use that context when deciding whether to allow, deny, redact, or escalate.
- The resulting policy outcomes, findings, and human review decisions are written into the audit trail.
- Those runtime findings and review signals can then be used to refine policy, tighten escalation rules, and make agent behavior safer and more predictable over time.
Where Sec0 Fits
Sec0 has four integration layers.| Layer | What you add | Primary surface |
|---|---|---|
| App code | Decorate the agent or orchestrator hops you already own, and add Guard only when an action leaves those hops | @sec0.agent(), @sec0.orchestrator(), sec0-sdk/guard |
| Middleware | Decorate the tool boundary so Sec0 applies policy, context propagation, and audit automatically at the handler entrypoint | @sec0.middleware(), @sec0.server(), @sec0.tool() |
| Network boundary | Decorate the gateway or router boundary where cross-service calls are forwarded | @sec0.gateway() |
| Hosted control plane | Pull policy from the control plane, manage escalations, upload audit data, and wire approval channels | @sec0/client-sdk, @sec0/hosted, @sec0/approvals-bridge |
What Reduces Human Review
Sec0 is not just a logging layer. It helps reduce review volume by combining:- policy rules that catch the obvious deny cases
- guard rules that block or redact known-bad outbound content
- runtime evaluation that decides whether observed reasons should actually deny
- optional contextual evaluation through
sec0-sdk/evaluatorfor ambiguous actions - approvals and escalations only for the remaining high-risk cases
Next Steps
Installation
Install the current Sec0 surfaces and choose the right entrypoint
Quickstart
Build a local integration with policy, guard, audit, and agent state
Middleware
Decorate the tool boundary where Sec0 should enforce policy automatically
Verify & Troubleshoot
Validate the integration and diagnose common issues