As AI agents gain the ability to execute real actions - sending emails, modifying databases, calling APIs - the question of who stops them from doing something destructive gets more urgent. Exogram is a new open-source project that answers with old-school determinism: pure Python logic gates that validate every agent tool call before it executes.
The tool was born from frustration. Creator Richard Ewing was building AI products and kept hitting the same problem: agents hallucinate, forget context, and try to execute malformed or harmful actions on real systems. He built a logging ledger to track what agents were actually doing, then realized the ledger could enforce rules, not just record violations.
Exogram intercepts tool calls made through protocols like MCP (Model Context Protocol, the standard Anthropic created for connecting AI tools to external services). It checks each call against a set of deterministic rules - schema validation, destructive action detection, parameter bounds - and blocks anything that fails. The key design choice: zero AI in the security loop. Rather than using another language model to judge whether an action is safe, Exogram relies entirely on rule-based validation.
The performance claim is 0.07ms per validation, with load testing hitting 137 requests per second on a single container with no dropped payloads. That's fast enough to sit in the critical path of every agent action without noticeable latency.
The project includes a "Proving Ground" UI that shows blocked requests in real time via a split-screen visualization - useful for understanding what your agents are actually attempting before you let them loose.
For teams running AI agents in production, especially those using MCP-based tool calling, Exogram fills a gap that most agent frameworks don't address. The repo is available on GitHub at exogram-protocol-rfc.