Runtime control plane for AI agents.
Author policies as YAML. The control plane signs them into bundles. A gateway plugin enforces them on every LLM and tool call. Audit, shadow mode, and safe canary rollouts come standard.
Hosted demo console login: demo / demo.
Gateway API requires a separate Bridle master key —
email contact@bridle.cloud
if you want one.
How it works
One pipeline, end to end. Each stage is independently testable and auditable.
What you get
Six built-in policies
Session budget, model allow-list, PII outbound, tool allow-list, refund threshold approval, tool loop detector. YAML in, signed bundle out.
Shadow + enforce + canary
Every policy ships in shadow first. Promote one policy on one low-risk agent with a single canary command. Rollback is the same command, opposite direction.
Fleet awareness
Inventory agents with owner, environment, risk level, and groups. Target policies by agent, group, or risk tier. See per-agent would-have-blocked counts.
Pilot-decision report
The control plane reads the audit window and recommends one of: expand-shadow, enforce-canary, keep-observing, stop — with the signals that produced the call.
Audit you can trust
Every observation, decision, and outcome is recorded with a hash chain. Redacted payload only by default. Filter by trace, session, or agent.
Two safety valves
BRIDLE_FORCE_SHADOW demotes enforce → shadow at the gateway. BRIDLE_BYPASS short-circuits the plugin entirely. Both reversible in seconds, no redeploy.
Operator console
Local Web UI for fleet status, policy impact, canary management, and trace review. Read-mostly, evidence-first, two-click confirmations on enforce.
Works with LiteLLM
The gateway is LiteLLM Proxy with the Bridle CustomLogger registered. Drop it in front of any OpenAI-compatible upstream (OpenRouter, Anthropic, etc.).
One policy, end to end
This YAML compiles into a signed bundle, gets distributed to the gateway, and starts shadow-evaluating every call within seconds. Flip mode to enforce (or canary one agent) when the shadow report says it's safe.
id: session-budget version: v1 type: session_budget mode: shadow severity: medium # v0.8: per-rule targeting target: environments: [production] agent_groups: [pilot] risk_tiers: [low, medium] # Per-agent enforce canary, while everyone else stays shadow canaries: - agents: [support_summarizer] mode: enforce config: session_budget_usd: 0.50 downgrade_at_ratio: 0.8 downgrade_to_model: mock-model-cheap fail_modes: on_engine_error: fail_open on_bundle_expired: use_cached_policy on_state_unavailable: fail_open
Compile + publish in one shot:
$ bridle policy publish examples/policies/fleet/session-budget.yaml \
--tenant my-tenant --bundle-id b-2026-05 --gateway-id gw-prod
Try it
If you'd rather run it yourself, the README has a one-command local demo that boots Postgres, the control plane, a mock LLM upstream, and the gateway — then walks shadow → canary → rollback in under a minute.