Summary

Crust is an open-source AI agent security infrastructure that acts as a transparent, local gateway, intercepting and blocking dangerous tool calls before they execute. It safeguards against accidental destruction, credential theft, data exfiltration, and prompt injection, enabling safer human-AI symbiosis by validating agent actions.

How It Works

Crust functions as a local gateway, inspecting AI agent tool call requests to LLM providers. It analyzes these requests at both the "Layer 0" (pre-LLM) and "Layer 1" (LLM-generated) stages, identifying and blocking dangerous actions like accessing sensitive files or executing destructive commands. This single-chokepoint inspection prevents harmful actions from reaching the real world, with all activity logged locally to encrypted storage.

Quick Start & Requirements

Installation: bash /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/BakeLens/crust/main/install.sh)". Agents connect to http://localhost:9090. Start in auto mode (crust start --auto) or manual mode (crust start --endpoint <URL> --api-key <KEY>). Configuration is in ~/.crust/config.yaml. No specific hardware prerequisites are mentioned for the gateway.

Highlighted Details

• Action Filtering: Customizable YAML rules block specific files (e.g., .env, ~/.ssh/id_*), commands (e.g., rm -rf /), and patterns. Built-in protections cover credential theft, shell history, persistence vectors, self-tampering, and private key exfiltration.
• Near-Zero Latency: Written in Go for high performance, adding minimal overhead to agent API calls.
• Hot Reload Rules: Security rules can be dynamically added or modified without restarting the service.
• Universal Compatibility: Integrates with any agent framework by redirecting API endpoints, requiring no code changes. Auto mode resolves providers from model names.

Maintenance & Community

The project is in "active development" and welcomes contributions. Specific community channels or prominent maintainers/sponsors are not detailed in the README.

Licensing & Compatibility

Licensed under the Elastic License 2.0. This license may impose restrictions on offering the software as a service and requires careful review for commercial use or integration into proprietary systems.

Limitations & Caveats

The "Auto Mode" is explicitly marked as "Experimental." As a project in active development, users should anticipate potential API changes or evolving features. The Elastic License 2.0's terms should be thoroughly evaluated for commercial deployment scenarios.