Open source · Self-hosted · Apache 2.0

The risk engine for your AI agents

RiskKernel puts deterministic cost, loop, and time budgets around your agents, with a real kill switch, crash-resumable runs, and human-approval gates. Self-hosted, your keys, no telemetry. Point it at the agents you already run with one environment variable.

Join the waitlist View on GitHub

One Go binary. Works with OpenAI, Anthropic, and your existing stack.

agent-run.sh

# point your existing agent at RiskKernel - one variable export OPENAI_BASE_URL=http://localhost:7070/v1 # every call is metered, logged, checkpointed, then forwarded with your key run a91f2c budget $5.00 · 50 loops · 30m enforcing ✗ killed at $5.00 ceiling - stopped mid-loop, before the bill ran ↻ resume a91f2c restored from checkpoint, no double-spend ✓ run a91f2c completed $5.00 spent · 0 wasted

The problem

Agents break in production the same handful of ways

Frameworks orchestrate agents. They do not put hard limits around them. So the same failures keep shipping to production, and they cost real money the moment an agent runs unattended.

01Runaway loops. An agent gets stuck reasoning in a circle and burns tokens until someone notices.

02Surprise token bills. No ceiling on spend per run. The invoice is the first alert you get.

03No kill switch. Nothing stops a run at a dollar, loop, or time limit. It stops when it is done, or when it breaks.

04Crashed long runs re-spend. A process dies hours in, and the restart pays for all the work again.

05No human in the loop. Side-effecting tool calls fire with no gate in front of the irreversible ones.

06No audit trail. When something goes wrong, there is no per-run record of what was spent or done.

What it does

Deterministic guardrails, in compiled code

Budgets, kill switches, and approvals belong in statically-typed code that runs the same way every time, not in a prompt. RiskKernel is that layer.

Hard cost ceilings

Set a dollar and token budget per run. The kill switch fires the moment the ceiling is hit, mid-loop, before the spend lands.

Loop and time budgets

Cap iterations and wall-clock per run. Runaway loops die deterministically instead of grinding until someone notices.

Crash-resumable runs

Send kill -9 mid-run and resume from the last checkpoint. No re-spending the work already paid for.

The moat

Human-approval gates

Block any side-effecting tool call and route it for approval over CLI, web, or webhook. Framework-agnostic, the LLM cannot bypass it.

OpenTelemetry export

Emit GenAI spans for cost, loops, and checkpoints to Datadog, Grafana, Honeycomb, or whatever backend you already run.

Your keys, no telemetry

One self-hosted binary on your infra. BYO provider keys, never stored in plaintext. Nothing phones home. It is verifiable in the source.

How it works

Three ways to adopt it, one deterministic core

Start with zero code changes through the proxy, then reach deeper when you want loop-level and tool-level control. The enforcement logic is the same Go core underneath.

01 / proxy

One environment variable

An OpenAI-compatible endpoint. Set OPENAI_BASE_URL and every call is metered, capped, logged, and forwarded with your key. No rewrite.

02 / sdk

Python SDK and adapters

Wrap a run for loop counts, time budgets, checkpoints, and approval gates. Adapters for LangChain, the Claude Agent SDK, and the OpenAI Agents SDK.

03 / otel

OpenTelemetry in and out

Ingest GenAI spans from apps you have already instrumented, and export to the observability backend you already pay for.

The LLM proposes. Deterministic code disposes.

Reasoning stays with the model. Every budget, gate, and kill switch is plain compiled logic that runs the same way every time.

Open source

Free to self-host, forever

The runtime is Apache 2.0 and stays feature-complete. No license gates, no phone-home, no lock-in. It is a single Go binary you run on your own infrastructure, with your own provider keys.

Apache 2.0

permissive license

Single binary

Go, ~30-60 MB

Zero telemetry

verifiable in source

Star on GitHub Read the docs

$ docker run ghcr.io/prashar32/riskkernelrun

$ pip install riskkernelpython sdk

$ go install github.com/prashar32/riskkernel@latestfrom source

Early access

Get on the waitlist

The runtime is open source today. The hosted dashboard, runs, spend, and approvals in one place, is in private beta. Join to get early access and launch updates. No spam.

We will only email you about RiskKernel. Unsubscribe anytime.

Contact

Get in touch

Building agents in production, evaluating RiskKernel for your team, or want to be a design partner? Reach out.

Email

For partnerships, pilots, and anything else.

[email protected]

GitHub

Issues, discussions, and the source itself.

github.com/prashar32/riskkernel

Waitlist

The fastest way to follow along and get early access.

Join the waitlist