NAIL Harness — Middleware Protection for AI Agents

Defence-in-Depth for AI Agents

Semantic firewalls, circuit breakers, and real-time Guard classification — deployed as middleware in your agent stack. Every tool call passes through three security gates before execution.

quickstart.py

from nail_harness import HarnessConfig, AgentOptions, NailAgentClient

# Load policy from YAML — one file configures everything

config = HarnessConfig.from_yaml("harness.yaml")

# Get pre-wired safety hooks

pre_hook, post_hook = config.create_hooks()

# Plug into your agent — done

options = AgentOptions(pre_tool_use=pre_hook, post_tool_use=post_hook)

client = NailAgentClient(options)

result = client.run("Process this customer request")

Three Gates. Every Action.

Every tool call your agent makes is intercepted, classified, and logged before it can affect the real world.

🛡️

Gate 1: Safety Gate

Tool-level blocking, rate limiting, and optional VQC quantum anomaly detection on agent behavioural telemetry.

Blocked tools list (e.g. raw_sql, system_shell)
30 calls/min rate limiter (configurable)
Parameter validation rules per tool
VQC anomaly gate (optional quantum scoring)

🔥

Gate 2: Action Gate

Chains egress policy, semantic firewall, and NAIL Guard model classification in sequence. First failure blocks.

Egress policy — blocks RFC1918, cloud metadata, unapproved domains
Semantic firewall — pattern-matches DROP TABLE, shell injection, exfiltration
NAIL Guard — fine-tuned 7B model classifies BEE/SDF/CIA/CCB in real-time
Custom embedding similarity check (optional)

📋

Gate 3: Audit & Rollback

SHA-256 attested action log with event-sourced undo capability. Every action is immutable and verifiable.

Every tool use logged with content hash
Tamper detection via SHA-256 verification
Event-sourced state rollback for reversible actions
Ready for ISO 42001 and EU AI Act compliance

Circuit Breakers & Containment

Physical limits that stop agents before they cause damage — even when the LLM itself is compromised.

⏱️

TTL Enforcer

Session time-to-live. Destroy sessions after N seconds regardless of agent state. Prevents temporal dysmorphia and state-decay.

Configurable per-session TTL (default 120s)
Context manager support: with ttl.session()
Callback on expiry for graceful shutdown

💰

Token Circuit Breaker

Hard budget limits on tokens, cost, and tool calls per session. Stops Ouroboros loops and runaway spend.

Max tokens per session (default 50,000)
Max cost in USD per session (default $5.00)
Max tool calls per session (default 100)
Trip callback for alerting

⏪

State Rollback

Event-sourced action log. If an unauthorized action is detected post-execution, replay in reverse to restore system state.

Immutable event log with SHA-256 hashes
Identify rollback candidates per session
Integrity verification on every event

SDK Modules

Module	Class	Purpose	Layer
guard_client.py	GuardClient	NAIL Guard model — real-time BEE/SDF/CIA/CCB classification	Middleware
firewall.py	EgressPolicy	URL/domain allowlisting, blocks private IPs + cloud metadata	Infrastructure
firewall.py	SemanticFirewall	Pattern-based forbidden action detection	Middleware
firewall.py	ActionGate	Combined gate: egress + firewall + guard	Middleware
circuit_breaker.py	TTLEnforcer	Session time-to-live enforcement	Logic
circuit_breaker.py	TokenCircuitBreaker	Token/cost/tool-call budget enforcement	Logic
circuit_breaker.py	StateRollback	Event-sourced action log with undo	Logic
hooks.py	SafetyGate	Tool blocking + rate limiting + VQC anomaly	Middleware
hooks.py	AuditLogger	SHA-256 attested action audit trail	Traceability
remediation.py	RemediationEngine	Auto-generated remediation playbooks from diagnostics	Prevention
config.py	HarnessConfig	YAML-driven harness configuration loader	Configuration
memory.py	MemoryManager	Active Forgetting memory with hash verification	Integrity

Module

Class

Purpose

Layer

guard_client.py

GuardClient

NAIL Guard model — real-time BEE/SDF/CIA/CCB classification

Middleware

firewall.py

EgressPolicy

URL/domain allowlisting, blocks private IPs + cloud metadata

Infrastructure

firewall.py

SemanticFirewall

Pattern-based forbidden action detection

Middleware

firewall.py

ActionGate

Combined gate: egress + firewall + guard

Middleware

circuit_breaker.py

TTLEnforcer

Session time-to-live enforcement

Logic

circuit_breaker.py

TokenCircuitBreaker

Token/cost/tool-call budget enforcement

Logic

circuit_breaker.py

StateRollback

Event-sourced action log with undo

Logic

hooks.py

SafetyGate

Tool blocking + rate limiting + VQC anomaly

Middleware

hooks.py

AuditLogger

SHA-256 attested action audit trail

Traceability

remediation.py

RemediationEngine

Auto-generated remediation playbooks from diagnostics

Prevention

config.py

HarnessConfig

YAML-driven harness configuration loader

Configuration

memory.py

MemoryManager

Active Forgetting memory with hash verification

Integrity

Pricing

The diagnostic finds what's broken. The playbook shows how to fix it. The SDK protects you continuously.

Diagnostic + Playbook

£5,000

One-time assessment

7-dimension diagnostic across all agents
Cross-agent topology attack mapping
Auto-generated remediation playbook
Priority-ordered fixes (P0→P3)
Grade projection (current → post-remediation)
Neuravant Rating (AAA → D)

Get Assessed →

Harness SDK

£199/mo

Per agent fleet · Starter

Full SDK: SafetyGate, ActionGate, Guard
TTL enforcer + token circuit breaker
Semantic firewall + egress policy
SHA-256 attested audit trail
YAML-driven configuration
Email support

Start Free Trial →

Enterprise

£799/mo

Per agent fleet · Full

Everything in Starter
NAIL Guard on-prem deployment
Custom Guard fine-tuning for your domain
Continuous TSR monitoring
0.85× insurance premium multiplier
Dedicated Slack + SLA

Contact Sales →

Stop testing agents. Start protecting them.

The NAIL Harness is the bridge between "we tested the agent" and "we continuously protect the agent." It's how you prove to underwriters that a software hallucination cannot translate into a catastrophic real-world loss.