eunomia-bpf

eunomia-bpf / ActPlane

Public

OS-Enforce AI Agent Harnesses with eBPF

14
1
100% credibility
Found May 29, 2026 at 16 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
C
AI Summary

ActPlane is an open-source security tool that acts as a protective harness for AI assistants. It lets you write simple rules in plain language that define what your AI can and cannot do, then enforces those rules at the computer's operating system level. This means the rules work regardless of which tools or methods the AI uses to accomplish tasks. When the AI violates a rule, ActPlane stops the action and explains why, helping the AI self-correct. The project is designed for developers who want to safely experiment with autonomous AI agents in their codebases.

How It Works

1
💡 You discover ActPlane

You hear about a tool that can watch over your AI assistant and make sure it follows your project's rules, like a safety harness that works at the computer level.

2
📝 You write your first rule

You create a simple policy file that says what your AI assistant can and cannot do, written in plain English-like language that anyone can understand.

3
🔍 You validate your rules

You run a quick check to make sure your rules make sense and will work as expected, with no special permissions needed.

4
🚀 You launch your assistant under supervision

You start your AI assistant through ActPlane, and it silently watches everything the assistant does, ready to step in if needed.

5
🤖 Your assistant works freely within boundaries

The AI assistant completes tasks, reads files, and runs commands, but if it ever tries to do something you forbade, ActPlane gently redirects it with a helpful explanation.

Your project stays safe and on track

Your AI assistant finishes its work without accidentally breaking your rules, and you get a clear report of any times it was redirected, so you always know what happened.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 16 to 14 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is ActPlane?

ActPlane is an OS-level enforcement layer for AI agents that uses eBPF to observe and enforce behavioral rules written in YAML. Instead of relying on probabilistic prompt constraints or tool-layer guards that break when agents shell out to bash or spawn subprocesses, ActPlane sits at the kernel level where every exec, file open, and network connect is visible regardless of how the agent reaches it. The policy language lets you express constraints like "nothing descended from this agent may run git branch" or "data read from .env files cannot leave the workspace" -- rules that follow process lineage and data flow, not just individual operations. When a rule fires, the kernel kills the action and feeds a human-readable reason back to the agent so it can self-correct. Written in C for the eBPF engine and Rust for the collector that compiles policies into kernel config.

Why is it gaining traction?

The core insight is that existing agent constraints are all bypassable at some layer: prompts get ignored, tool gateways fail when agents call subprocess directly, and sandboxes are all-or-nothing. ActPlane fills this gap by operating below the tool layer entirely. The policy language is expressive enough for real workflows -- causal ordering ("run tests before committing"), data-flow constraints ("secret data must not reach the network"), and lineage tracking ("this entire subprocess tree cannot touch git") -- while still being simple enough that agents can write and validate their own rules with `actplane check`. The corrective feedback loop (violations tell the agent why and how to retry) is what separates a harness from a sandbox.

Who should use this?

Security-conscious teams deploying AI agents that handle sensitive code, secrets, or external network access will get the most value. If you're running Claude Code or Codex in environments where you need guarantees beyond what CLAUDE.md files can provide, ActPlane enforces those guarantees deterministically. Platform teams building multi-agent systems where one agent might call another across vendor boundaries will benefit from OS-level confinement that doesn't depend on framework-level guards. It's also relevant for teams with compliance requirements -- the audit trail from violations provides evidence of policy enforcement.

Verdict

ActPlane solves a real problem that most teams haven't fully grappled with yet: how do you constrain agents that can bypass every existing control layer? The architecture is sound and the policy language is well thought out. However, with 14 stars and a 1.0% credibility score, this is early-stage software. The eBPF dependency means Linux 5.8+ with BTF, and block mode requires BPF-LSM enabled -- practical constraints that limit immediate applicability. If you're evaluating this for production use, treat it as a promising prototype that needs community validation before betting your security posture on it. Watch the project, run the examples, but don't ship it without thorough testing in your specific environment.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.