Tyr

The kernel-level governance plane for AI agents. See every file, syscall, and LLM API call your agents make. Stop the dangerous ones before they execute.

Quick start View on GitHub

Kernel enforcement

eBPF programs attached to LSM hooks and tracepoints. Policies evaluated before syscalls complete — no sidecar, no LD_PRELOAD, no SDK.

AI-aware

Auto-detects Cursor, Copilot, Claude Code, AutoGen, LangGraph. Sees LLM API calls to OpenAI, Anthropic, Google, Mistral via TLS SNI.

Cedar policies

Amazon’s open-source policy language. YAML authoring, Cedar evaluation, hot-reloadable fleet-wide, drift-detected server-side.

One control plane

Same agent runs on laptops, bare-metal servers, VMs, and Kubernetes (DaemonSet planned). Central PostgreSQL-backed control plane.

Try it in 60 seconds

curl -sSL https://raw.githubusercontent.com/terranchi/tyr/main/docker-compose.yml \
  | docker compose -f - up

Open http://localhost:7701, complete the setup wizard, and watch real AI/LLM traffic stream into the dashboard. On a Linux host the bundled agent attaches eBPF programs to your real kernel.

→ Full Quick start · Installation · Writing policies