Runplane

Your AI wants to act. You decide if it can.

Runplane controls every AI action before it runs.

Guard API — Live Demo

Select an action

Action Payload

{
  "action": "transfer_funds",
  "target": "finance-system",
  "amount": 12000,
  "environment": "production"
}

Decision Result

REQUIRES APPROVAL
Policy:transfer_funds → REQUIRE_APPROVAL
Risk Score:58
Reason:High-risk financial action in production

Every action is evaluated before execution — allowed, blocked, or paused for approval.

Prompts are not enforcement. Observability is not control.

AI agents execute real operations. They can delete databases, provision infrastructure, and move money. The current stack has no execution boundary.

Prompt instructions

Can be bypassed. No runtime enforcement.

Observability tools

Log what happened. Cannot stop execution.

Agent frameworks

Orchestrate execution. No policy evaluation.

Runplane

Sits in the execution path. Enforces decisions before actions run.

Connect any tool system. Enforce at the execution boundary.

Runplane standardizes tools into canonical actions and prepares source-scoped policies for runtime enforcement. Works with MCP, OpenAPI, internal APIs, and custom agent tools.

MCP Tool Systems

Parse MCP tool schemas. Enforce execution control before tools run.

OpenAPI & JSON

Import OpenAPI specs or JSON definitions. Derive canonical actions automatically.

Internal APIs

Protect internal systems with runtime enforcement and approval workflows.

Custom Agent Tools

Standardize custom tools into canonical actions. Enforce policies at execution time.

Platform → Tools → Canonical Actions → Source-Scoped Policies

Tools are standardized into canonical actions like transfer_funds, delete_record, and deploy_infrastructure. Policies are scoped to each source: Stripe Policy, AWS Production Policy, GitHub Repository Policy.

Stripe PolicyAWS PolicyGitHub PolicyWorkday PolicyInternal API Policy
Core Concepts

Runtime execution control architecture

How Runplane enforces decisions at the execution boundary before actions reach production systems.

Runtime Governance

Policy enforcement at the execution boundary, not in prompts or logs.

Learn more

Execution Containment

Block destructive operations before they reach production systems.

Learn more

Runtime Policy Engine

Evaluate actions against source-scoped policies in real-time.

Learn more

Production Deployment

Deploy AI agents with execution control and approval workflows.

Learn more
AI Agent
runplane.guard()

Execution boundary — policy enforced before action runs

ALLOWBLOCKREQUIRE APPROVAL
Execution

or blocked

Runtime enforcement—not observability. Control—not logging.

Operational Examples

Real enforcement decisions for production operations. Blocked, escalated, or allowed.

Production Database Drop

DROP TABLE users CASCADE

BLOCKED

Destructive Shell Command

rm -rf /var/data/*

BLOCKED

Infrastructure Deploy $48K

aws.ec2.provision: 120 instances

APPROVAL

Force Push to Main

git push --force origin main

APPROVAL

Stripe Payout $25,000

stripe.payouts.create

APPROVAL

Read Customer Data

stripe.customers.retrieve

ALLOWED

Gateway Mode: The Enforcement Boundary

Runplane enforces decisions in the execution path itself.

Gateway Mode = enforcement boundary via Guard API. SDK Mode = optional wrapper for convenience. The decision happens server-side.

TypeScript
await runplane.guard(
  "delete_employee",
  "hr_system",
  { employeeId: "emp_7421" },
  async () => {
    await deleteEmployee("emp_7421")
  }
)
ALLOW

Execution proceeds

BLOCK

Execution is stopped

REQUIRE_APPROVAL

Execution is paused until approval

Gateway Mode = enforcement boundary. SDK Mode = convenience wrapper. All decisions are server-side.

Execution Control vs No Control

Without Execution Control

  • AI executes immediately—no control boundary
  • No runtime policy enforcement
  • Destructive operations reach production
  • No execution audit trail

With Runplane

  • Execution boundary enforced via Guard API
  • Runtime policy evaluation before every action
  • High-risk actions escalated for human approval
  • Full execution trace for compliance

Runtime Execution Architecture

Tools are standardized into canonical actions. Policies are evaluated at runtime. Decisions are enforced before execution.

1. Connect Tools

Import from MCP, OpenAPI, or custom agent tools

2. Derive Actions

Tools standardized into canonical action types

3. Apply Policies

Source-scoped policies prepared for enforcement

4. Enforce at Runtime

Guard API returns decision before execution proceeds

Execution Control Flow

Agent
guard()
Policy Engine
Risk Engine
Decision
ALLOWREQUIRE_APPROVALBLOCK

All decisions are logged to the audit trail for compliance.

Integrate with Your Framework

Runplane works with the agent frameworks and AI tools you already use. Add runtime control in minutes.

LangChain

Python guardrails

MCP

Tool protocol

OpenAI

Function calling

Vercel AI

AI SDK tools

CrewAI

Multi-agent

View all SDK integrations

Runtime execution infrastructure for AI systems

Execution boundary

Guard API sits in the execution path—not after the fact

Approval workflows

High-risk actions escalate for human review before execution

Source-scoped policies

Separate enforcement rules per platform and tool source

Execution audit trail

Every action, decision, and approval logged for compliance

Start controlling what your AI is allowed to execute

Get an API key and start controlling AI execution in minutes.

No billing requiredUnder 2 minutesStarter policies included

Start with a 14-day free trial. No setup required.

Pricing

Built for teams running AI in production

Starter

$129/month
  • 5 AI agents
  • 250,000 controlled actions/month
  • Policy engine + containment rules
  • Approval workflows
  • Full audit log explorer
Most Popular

Growth

$499/month
  • 20 AI agents
  • 1,000,000 controlled actions/month
  • Advanced containment controls
  • Approval workflows
  • Priority support

Scale

$1990/month
  • 50 AI agents
  • 5,000,000 controlled actions/month
  • Advanced containment controls
  • Approval workflows
  • Enterprise support

Deploy AI Agents Without Losing Control

Bring your tools. Send actions through Runplane. Control execution at runtime.

No action executes without passing through Runplane.

Execution Control Layer for AI Agents

What is Runplane?

Runplane is the execution control layer for AI agents. It sits between your agent and the real world. When an agent attempts to execute a tool, the SDK wraps the execution with guard(), evaluates the action against your policies, and enforces a decision: ALLOW, BLOCK, or REQUIRE_APPROVAL.

The integration is SDK-first. You bring your existing agent tools from any framework. Runplane automatically maps those tools into canonical action types and applies baseline policies. You remain in full control—customize policies for any action type. All tool execution is wrapped via runplane.guard(), and decisions are enforced at runtime.

How It Works: Tools to Actions to Policies

The Runplane model follows a clear flow: bring your tools, actions are auto-mapped, baseline policies apply, wrap with guard(). First, you connect your existing agent tools from whatever framework you use—LangChain, Vercel AI SDK, CrewAI, or custom implementations. These tools are the input layer.

Runplane automatically maps your tools into canonical action types. A delete_user tool becomes a "delete_record" action. A send_email tool becomes a "send_email" action. This standardization allows policies to be written once and applied consistently across different tool implementations.

Baseline policies are applied automatically, providing ready-to-use governance out of the box. You remain in full control—customize any policy to match your specific requirements. Policies specify whether an action should be allowed, blocked, or require human approval.

Finally, all tool execution is wrapped with runplane.guard(). The guard function sends the action type and context to Runplane, receives a decision, and either executes the callback, blocks it, or waits for human approval.

SDK-First Integration

Runplane is SDK-first, not API-first. The primary integration is through the SDK's guard() method, which wraps your tool execution callbacks. This design ensures that policy enforcement happens automatically at the execution boundary, without requiring manual decision handling in your application code.

When you call runplane.guard(), you provide the action type, target system, context, and a callback function. If the policy allows the action, the callback executes immediately. If the policy blocks the action, the callback never runs. If the policy requires approval, guard() waits until a human approves or denies the request.

Why Prompt Safety Is Insufficient

Prompt engineering and input validation operate at the wrong layer of the stack. They attempt to constrain AI behavior through instructions, but autonomous agents ultimately translate those instructions into concrete tool invocations. A well-crafted prompt cannot prevent a determined agent from calling a database deletion function or provisioning expensive cloud resources if the tooling allows it.

Runtime execution control operates at the tool boundary. When an agent attempts to execute a tool, Runplane intercepts the call. The action is evaluated against your policies. The decision is enforced before execution. This cannot be circumvented by the agent—the guard() wrapper is in the execution path.

Execution Containment

Execution containment is the core mechanism of runtime governance. It means wrapping every tool execution at the boundary between the AI agent and external systems, then applying policy evaluation before allowing the action to proceed. Runplane implements execution containment through the SDK guard() method.

When an agent attempts to execute a tool that interacts with an external system— database, payment processor, email service, cloud provider—the guard() wrapper intercepts the call. The action is evaluated against configured policies. Based on the evaluation, Runplane returns one of three decisions: allow the callback to proceed, block the callback entirely, or hold execution pending human approval.

Blast Radius Control

Blast radius control limits the potential damage from any single AI action. Even when an action is permitted, runtime governance can constrain its scope. For database operations, this might mean limiting the number of records affected. For infrastructure provisioning, it might mean capping resource sizes or quantities. For email sends, it might mean limiting recipient counts.

Runplane implements blast radius control through policies that specify boundaries for permitted actions. An agent might be allowed to delete records, but only one at a time, never in bulk. An agent might be allowed to send emails, but require approval for sends exceeding 100 recipients. These constraints are enforced at runtime through the guard() wrapper.

Financial Guardrails

Financial guardrails prevent autonomous AI systems from incurring unexpected costs or executing unauthorized financial transactions. AI agents with access to cloud infrastructure, payment APIs, or procurement systems can inadvertently or deliberately trigger significant expenses. Runtime governance intercepts these actions and applies financial policies before execution.

Runplane allows you to set spending thresholds that trigger different policy responses. Actions below a certain threshold might be automatically approved. Actions between thresholds might require human review. Actions exceeding maximum thresholds might be automatically blocked. This graduated approach allows agents to operate autonomously within defined financial boundaries while escalating high-impact decisions to humans.

Human Approval Workflows

Human approval workflows provide a mechanism for escalating high-risk or high-impact actions to human reviewers before execution. When Runplane evaluates a tool execution and determines it requires approval, the guard() method holds, the relevant context is presented to designated approvers, and execution only proceeds if a human explicitly approves the action.

Approval workflows are configurable based on action type, risk level, financial impact, and other criteria. A routine database query might execute automatically. A bulk email send might require single approval. A large financial transaction might require multiple approvers. The workflow integrates with notification systems to alert approvers promptly and provide them with the context needed to make informed decisions.

Audit and Compliance

Every tool execution wrapped with guard(), every policy evaluation, and every decision is logged immutably in the Runplane audit log. This creates a complete record of what autonomous AI systems attempted to do, what policies were evaluated, what decisions were made, and who approved actions that required human review.

Organizations deploying autonomous AI systems in regulated industries need demonstrable governance. The Runplane audit log provides the evidence trail required for compliance reporting, showing that AI actions were subject to policy controls, that high-risk actions received appropriate human oversight, and that all decisions are traceable to specific policies and approvers.