Bulwark

If you're running AI agents that call external tools and APIs, this sits between them as a policy enforcement layer. It proxies MCP tool calls, evaluates YAML rules to allow or deny actions based on glob patterns, injects credentials so agents never see raw tokens, scans requests and responses for secrets and PII, and writes every call to a tamper-evident audit log with hash chains. Works as an MCP gateway over stdio or HTTP, or as a forward proxy for non-MCP clients. Ships with rate limiting, session management, and hot-reload policies. Useful when you need centralized governance across multiple agents hitting the same tools, or when compliance requires you to prove what an agent did and didn't have permission to do.