RADIUS docs

RADIUS is a deterministic security layer for AI agents. It sits between your agent framework and the operating system, enforcing filesystem, network, shell, and data constraints with zero LLMs in the loop. Every decision is made by code — regex, allowlists, rate counters — not by asking a model to “please be careful.”

If your agent has shell access, file access, or network access, it needs a guardrail that can’t be prompt-injected. That’s what RADIUS does.

Quick links

Start here

If you’re using OpenClaw, the fastest path is the OpenClaw Quick Start — it walks you through the golden path from install to live test, including compatibility checks validated on agentradius@0.4.0 (Node 22+ runtime).

For any other framework (or no framework), start with the Generic Quick Start.

For module-level policy design, continue with Modules and Features.

What RADIUS is not

• Not an LLM filter. No model evaluates safety. All checks are deterministic.
• Not a prompt rewriter. Your agent’s system prompt stays yours.
• Not a sandbox-only tool. Sandboxing is one of 11 modules — RADIUS is a full pipeline.

Architecture (30-second version)

Every agent action passes through a module pipeline — an ordered array of security modules. Each module inspects the event and returns one of: allow, deny, modify, challenge, or alert. The pipeline runs in order; the first deny wins.

The 11 modules: kill_switch, skill_scanner, tool_policy, fs_guard, command_guard, exec_sandbox, egress_guard, output_dlp, rate_budget, approval_gate, audit.

Three profiles control how aggressive the pipeline is: local (strict), standard (balanced), unbounded (monitor).

See the Configuration Reference for the full breakdown, then check What’s New for latest changes.