Coming soon · open source · Apache-2.0

A capability firewall for AI agents

One YAML file decides what every agent is allowed to do — enforced before the tool call ever runs. Drop-in, Go-based, no infrastructure.

No spam. One email when it launches.

Sneak peek

Watch eunox block a bad tool call

An agent tries to read a .pem key, drop a database table, and DM an external recipient. The proxy fires before the upstream is ever contacted — every decision signed and audited. This is a preview of what’s launching.

eunox-mcp proxy

📄 eunox.policy.yaml

# eunox.policy.yaml — AgentCapabilityManifest
# Validate: eunox-mcp validate ./eunox.policy.yaml

name:    filesystem-agent
version: 0.1.0

capabilities:
  - target: tool:read_file
    actions: [call]
    conditions:
      - type: allowedExtensions
        extensions: [".csv", ".json", ".txt"]
      - type: maxCalls
        count: 50
        windowSeconds: 60

  - target: tool:query
    actions: [call]
    conditions:
      - type: allowedOperations
        operations: [SELECT]

  - target: tool:send_dm
    actions: [call]
    conditions:
      - type: recipientDomain
        domains: [company.com]

Latest writing

4 June 2026

The prompt injection problem: why every AI agent needs a policy layer

Why fixing prompt injection inside the model doesn't work, and why the only reliable defense is a policy layer at the structured tool call.

Read →