Open-source runtime control for AI agents

Stop unsafe agent actions before they reach real tools.

AION Core sits between AI agents and tool calls. It scans risk, blocks dangerous actions, asks for approval when needed, and writes verifiable receipts for every decision.

Install 0.8.3 View Source Verification
Local proof aion-core==0.8.3 
python -m pip install aion-core==0.8.3
aion-demo

[PASS] scan detected unprotected MCP server
[PASS] guard blocked generic shell action
[PASS] team policy required approval
[PASS] blocked destructive shell command
[PASS] blocked secret exfiltration
[PASS] allowed safe read
Receipt verification: PASS

What Is Working Now

Guard

Policy decisions for shell, file, API, database, and MCP tool actions.

MCP Firewall

Wraps stdio MCP servers and blocks risky tools/call requests.

Receipts

Hash-verifiable JSONL receipts with optional HMAC-SHA256 signatures.

Scan

Finds weak MCP and policy coverage before an agent is deployed.

Team Policy

Turns sensitive actions into approval-required decisions.

Cloud Alignment

AION Cloud accepts and verifies aion.receipt.v1 receipts.

Proof

28

unit and integration tests passing

6/6

agent workflow proof scenarios passing

8/8

real-world capacity scenarios passing

0.8.3

published and installable from PyPI

Proof Pack SDK Tests Capacity Test Receipts

8-Stage Core MVP

1

Guard

Runtime action control.

2

Receipts

Decision evidence.

3

Scan

Risk discovery.

4

Docs + Demo

Local proof path.

5

Cloud

Receipt vault alignment.

6

MCP Firewall

Tool-call firewall.

7

Team Policy

Approval rules.

8

Control View

Operator summary.

Honest Status

Ready

Open-source core, PyPI package, local demo, MCP firewall, policy engine, receipt verification, signed receipt foundation, and Cloud receipt alignment.

Not Yet Enterprise SaaS

Hosted auth, billing, tenant key rotation, production database migrations, real Slack delivery, and enterprise audit exports are next.