We open-sourced gitfence — deterministic guardrails for AI coding agents→ GitHub

Docs

Integrate an agent in minutes

Everything an engineer needs to see how Froda AI drops into a stack — no SDK, no code changes. For the full topology, see the architecture overview.

Overview

Froda AI is a runtime enforcement gateway that governs every action an AI agent takes. Every agent does two things: it calls a model, and it calls tools. Froda sits on both connection points and evaluates each one against your policy before it runs.

You integrate by pointing an agent at two gateway endpoints — there is no SDK to install and no per-call code to rewrite. The same integration works across every framework, so swapping frameworks never changes your governance.

Quickstart

  1. 1. Register the agent. Add the AI system and its agent in the dashboard (or via the Admin API) and pick its framework. The agent becomes a governed identity in your registry.
  2. 2. Mint an agent-bound token. The Register Agent drawer mints a bearer token bound to that agent. Point it at a different agent's endpoint and the gateway returns 403.
  3. 3. Point the two slots at the gateway. Wire the agent's tool slot and model slot to the gateway URLs below. That is the entire integration.
agent config

# Tool calls — MCP server (Streamable HTTP or SSE)

mcp_url: https://<your-gateway>/mcp/stream/<agent_id>

auth: Bearer <agent_token>

# Model calls — metered LLM gateway (OpenAI-compatible)

model_base_url: https://<your-gateway>/v1/llm

auth: Bearer fgw_<gateway_token>

On the first connection the agent issues tools/list and the gateway returns only the methods its policy authorizes. Every tools/call after that runs the full enforcement pipeline.

Wiring the agent is the starting line, not the finish. From here you link it to a system in the AI Registry, apply a policy, and set a budget cap — each covered below.

How governance works

Integration is one step of a larger loop. Governing an agent end to end is four moves — inventory it, decide the rules, enforce them at runtime, and keep the receipts. Everything below expands on one of these.

1

Register

Every AI system and agent is inventoried into one registry with an owner and a risk tier — a single source of truth for what AI you run and who owns it.

2

Define

Decide the rules. Adopt a built-in policy pack, or author your own policy in plain language in the policy editor. No PDFs — the policy is the thing that runs.

3

Enforce

The platform turns that policy into live controls that evaluate every model and tool call before it executes, and meters and caps spend at the same chokepoint.

4

Prove

Every decision — allowed or blocked — is written to a tamper-evident, cryptographically signed ledger, so audit-readiness is continuous rather than a scramble.

AI Registry

The Registry is your inventory of AI, in two layers. An AI System is the governed record for a use case — a permit with an owner, purpose, and data profile. An Agent Instance is a running bot that connects through the gateway. Instances link to a system to inherit its governance.

You register a system through a short tiered intake that captures its purpose, ownership, and data sensitivity. From that intake the platform computes a risk profile automatically — you classify the use case, not a spreadsheet of scores. Higher-risk tiers carry stricter defaults downstream.

Any agent that transits the gateway but is not yet linked to a system is surfaced as unlinked and held to a zero-trust default — read-only, audit-only — so the gap is visible before it is closed. A system-level kill switch cascades to every agent linked beneath it.

Policies & controls

There are two ways to govern an agent, and they compose. Install a built-in policy pack — curated rule sets and attestable compliance frameworks (ISO 42001, OWASP Agentic Top 10, and more) — or author your own in the policy editor, writing intent in plain language rather than code.

Either way, the policy becomes enforceable controls that evaluate every tool and model call deterministically before it runs, resolving to ALLOW, BLOCK, REDACT, or route to a human. Controls resolve across four scopes — Global → Department → System → Agent — with the most specific scope winning, so a rule set once at the top is inherited by every agent beneath it.

Roll out in Shadow mode first — violations are logged, never blocked — then flip to Enforce when you are ready. One authored policy drives both live enforcement and the audit evidence for the frameworks it maps to, so the two never drift apart.

Cost controls

Spend is governed at the same chokepoint as policy. Every model and tool call is metered and attributed to a specific agent identity, so you can see cost per agent in real time rather than reconstructing it from a monthly invoice.

Set a hard budget at the agent, system, or org level and the agent physically cannot exceed it. Loop and retry-storm protection stops a single stuck agent from running up the tab overnight — spend you can see, and spend you can stop.

Audit & evidence

Governance is only as good as what you can prove. Every decision the gateway makes — allowed or blocked, and every registry, policy, and tier change — is written to an immutable, cryptographically signed ledger with the actor, the agent, the tool, the policy that applied, and the outcome.

Because enforcement and compliance are driven from the same policy, framework attestation evidence is generated as a byproduct of running the system. “Prove your AI is controlled” is answered with a receipt — a board-ready report and forensic timeline — rather than a fire drill.

Core concepts

Zero-Trust Registry

Agents start unlinked and are restricted until an admin links them to a system and owner. Nothing operates unaccounted for.

Hierarchical policy

Rules resolve across four scopes — Global → Department → System → Agent — with the most specific scope winning.

Policy effects

Every tool call resolves to ALLOW, BLOCK, REDACT, or route to a human (HITL) — deterministically, before it runs.

Shadow vs Enforce

Roll out in Shadow mode (violations logged, never blocked) to observe safely, then flip to Enforce when you are ready.

Dual-identity (OBO)

A tool call is authorized by both the agent's policy and the user behind it — an agent never has more power than its human.

Kill switch

One action severs an agent's tool calls, model access, and credentials, and can cascade to every agent in a system.

Cost metering

Every model and tool call is metered and attributed to an agent identity, with per-agent budget caps.

Audit ledger

Every decision — allowed or blocked — is written to an immutable ledger with the agent, tool, policy, and outcome.

Framework packs

Attestable compliance packs (ISO 42001, OWASP Agentic Top 10, and more) map to enforced rules and generate audit evidence.

Transports & connectors

The gateway serves both MCP transports side by side — Streamable HTTP (POST/GET/DELETE /mcp/stream/{agent_id}) and SSE (GET /mcp/sse/{agent_id}). Wire whichever your framework prefers; the bearer token and agent-binding behave identically on both.

First-party tools — Gmail, Google Workspace, Stripe, Slack — run in-process against the provider API. Anything else connects as a standard MCP server. Either way, credentials stay in the vault and the agent never sees the raw keys.

Examples

Copy-pasteable, end-to-end integrations ship for n8n, CrewAI, and LangGraph — each demonstrating an ALLOW path, a BLOCK path, and the audit row that results. To see the governance decisions those examples exercise, browse the use cases.

Onboarding & support

These docs are deliberately high-level. They cover what the platform does and how an agent connects — enough to evaluate the fit and plan an integration. The deeper operational playbook is delivered directly, not published.

When you become a customer, we run a guided onboarding program tailored to your stack — policy authoring patterns, mapping your obligations to enforceable controls, tuning enforcement for your environment, and rollout from Shadow to Enforce. The hard-won details behind our approach are shared as part of that engagement.

Want to see it against your own use case? Book a demo and we'll walk through it together.

Ready for Governed AI Innovation?

From a zero-trust agent registry to real-time enforcement and compliance—all in one platform.

Book a demo

No credit card required. Deploy from Azure Marketplace or SaaS in under 30 minutes.