Introducing Strathon: the open-source AI agent firewall

AI agents have graduated from chat demos to systems that take real actions: they query production databases, send customer emails, move money, and call internal tools over MCP. Every one of those actions is a place where a prompt injection, a hijacked goal, or a simple bug becomes a real-world incident.

Strathon is an open-source firewall for exactly that surface. It sits between your agent and its tools, evaluates every call against policies you write, and blocks the dangerous ones before they execute, in under a millisecond, inside your agent process with no network gateway.

Three lines

You instrument your existing agent. Nothing else about your code changes.

from strathon import Client, instrument

client = Client(api_key="stra_...")
instrument(client, frameworks=["langgraph"])
# a matched block policy raises StrathonPolicyBlocked
# before the tool ever executes

The firewall emits OpenTelemetry-native spans for everything it sees, so the dashboard shows you a full trace waterfall of agent behavior, showing which tools fired, what each cost, and which policies matched.

Policies are just CEL

Rules are written in CEL (Common Expression Language), the same expression language Google uses in Firebase, Kubernetes, and Envoy. If you don't know CEL, the dashboard ships 12 OWASP-aligned templates and an AI prompt that turns plain English into a rule.

attrs["gen_ai.tool.name"] in ["delete", "drop_table", "send_email"]

Set that policy to require_approval and any matching call pauses until a human signs off. Set it to block and the call never executes.

Self-host it for free

The whole thing is open source. No license keys, no phone-home. Clone the repo, run Docker Compose, and open the dashboard:

git clone https://github.com/strathon/strathon.git
cd strathon
docker compose up

Read the quickstart to get your first blocked injection in five minutes.