Ship agents that act. Give them armor.
Your AI agents can do real work — send refunds, move payouts, change access. KIFF wraps every action in a check that runs before it happens, and only lets the safe ones through.
Works with any agent framework. Connect in minutes with one API call — no rebuild.
Agents are easy to build. Hard to trust.
Getting an agent to suggest a refund is easy. Letting it actually send the money is the scary part. Once the action runs you can't take it back — and right now, nothing stops a wrong one before it happens.
Every action is checked before it runs.
Your agent doesn't act on its own. It asks first. KIFF checks the request against your rules and the real state of your systems, then answers in one word.
Keep your agent. Just add the check.
It doesn't matter how your agent is built — from Agno to plain HTTP, KIFF isn't another framework to learn. It's one check you put in front of the actions that matter, in a copy-paste, not a rebuild.
pip install kiff-guard # or: npm i @kiff/guardPick your stack. The KIFF side is identical everywhere — the same three-field contract; only the adapter and one attach line change.
from kiff_guard import Guard, HTTPClient, ToolMap
from kiff_guard.adapters.langgraph import kiff_wrap_tool_call
tm = ToolMap().bind("refund_order", action="REFUND_ORDER",
entity_type="Order", entity_arg="order_id")
guard = Guard(client=HTTPClient(api_key=KEY, tool_map=tm),
tenant="acme", agent="refunds", mode="enforce")
guard.connect(adapter="langgraph")
agent = create_agent(model=..., tools=[refund_order],
middleware=[kiff_wrap_tool_call(guard)])// same three-field contract on every stack: entity + action + parameters -> one verdict.
Sign in, and every decision is right there.
KIFF Cloud is the hosted control layer. It makes the decisions, handles approvals, keeps a signed record of every action, and shows your team what was allowed, held, or blocked — live, in one place.
Three lines. Every dangerous action, caught.
You don't rewrite your agent or your payment code — you add three lines (the + below) in front of the risky call. That same check catches the double payout, the over-limit refund, and the prompt-injection you never wrote a rule for.
Let your coding agent author the domain.
The guard connects your runtime. The domain is the contract it decides against — install the KIFF domain skill and your coding agent writes and extends your kiff.yaml against the real grammar: states, approvals, permissions, executors.
curl -fsSL https://kiff.dev/skills/kiff-domains.md \ -o .cursor/rules/kiff-domains.mdc
// then ask your agent: "add an ISSUE_CREDIT action to the refund domain, PAID-only"
What will your agent do first?
The same control layer, wherever the work is risky. These are the jobs teams put behind KIFF so an agent can finally take them on.
Ship agents that act. Give them armor.
Connect your agent, put KIFF in front of the actions that can't be undone, and go live with control. Start free — no card, first decision in minutes.
Running on your own infrastructure? The framework is open source →