How do I stop an AI agent from overspending on API calls?

Route the agent's calls through a runtime cost cap. With Tenet, you wrap tool calls in tenet.execute() and set a USD budget over a rolling window (1 hour to 7 days). When the cap is hit, further calls return a clean 429 and the agent pauses until the window rolls over, so a runaway loop can't produce a surprise five-figure invoice.

How do I require human approval before an AI agent does something irreversible?

Use approval gates: calls classified as irreversible (like github.repos.delete or stripe.refunds.create) automatically pause as pending reviews instead of executing. The reviewer gets an email, and the held call only executes after explicit approval. With Tenet this is on by default for every account; routine tools can be granted standing auto-approvals.

How do you audit AI agent actions?

Record every attempted tool call with its policy outcome in a hash-chained log: each entry includes a fingerprint of the previous entry, so editing or deleting history breaks the chain detectably. Tenet writes every decision (allowed, escalated, or blocked) to such a tamper-evident audit log, verifiable on demand, which maps to the operational logging expectations of frameworks like the EU AI Act Article 12.

How do I keep API keys out of my AI agent's code?

Use credential mediation: the agent holds a single Tenet API key and nothing else. When a call is allowed, Tenet injects the real GitHub, Stripe, or Anthropic credential server-side at execution time. If a model output is exfiltrated via prompt injection, no third-party secrets go with it.

Does Tenet work with LangGraph and LangChain?

Yes. Tenet is framework-agnostic: drop tenet.execute() inside any LangGraph tool node, wrap raw OpenAI or Anthropic SDK calls, or call the HTTP API from n8n or custom Python. Install with pip install tenet-python; the free tier includes every safety control with 500 decisions per month.

How to Add Guardrails to Your MCP Server in 5 Minutes

You've built an MCP server. Your AI agent can now read files, query databases, send Slack messages, or use whatever tools you've exposed. The question is: should it be able to do all of that, all the time, without any checks?

This tutorial shows you how to add governance guardrails to any MCP server in about five minutes, without modifying your existing server code.

The Architecture

Tenet acts as a governance proxy between your AI agent and your MCP server. When an agent calls a tool, the request flows through Tenet first. Tenet evaluates the request against your policies, decides whether to allow, deny, or escalate, and then either forwards the request to your MCP server or blocks it.

Agent → Tenet Proxy → Your MCP Server → External APIs
         ↓
    Policy Engine
    (allow/deny/escalate)

Your MCP server doesn't change. Your agent's configuration points to Tenet instead of directly at your server. Tenet handles the governance logic.

Step 1: Register Your Tools

First, tell Tenet about the tools your MCP server exposes. This happens via the Tenet dashboard or API:

curl -X POST https://api.trytenet.com/v1/tools \
  -H "Authorization: Bearer $TENET_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "tools": [
      { "name": "read_file", "description": "Read a file from disk" },
      { "name": "write_file", "description": "Write content to a file" },
      { "name": "send_slack", "description": "Send a Slack message" },
      { "name": "query_db", "description": "Execute a database query" }
    ]
  }'

Step 2: Define a Policy

Policies are JSON documents that define your governance rules. Here's a simple one that allows read operations freely but requires human approval for writes:

{
  "name": "dev-tools-policy",
  "version": "1.0.0",
  "rules": [
    {
      "tools": ["read_file", "query_db"],
      "effect": "allow",
      "governance": "HOTL"
    },
    {
      "tools": ["write_file", "send_slack"],
      "effect": "allow",
      "governance": "HIC",
      "reason": "Write operations require human approval"
    }
  ]
}

This policy says: the agent can read files and query the database autonomously (Human-on-the-Loop), but writing files and sending Slack messages require explicit human approval (Human-in-Command).

Step 3: Authorize Before Execution

In your agent code, before executing any tool call, make an authorization request to Tenet:

const decision = await fetch("https://api.trytenet.com/v1/authorize", {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${TENET_API_KEY}`,
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    tool: "send_slack",
    input: { channel: "#general", message: "Deploy complete" },
    context: { agent: "deploy-bot", user: "marcus" },
  }),
});

const result = await decision.json();

if (result.decision === "allow") {
  // Proceed with the tool call
  await mcpServer.callTool("send_slack", input);
} else if (result.decision === "escalate") {
  // A human needs to approve this
  console.log(`Waiting for approval: ${result.reviewUrl}`);
} else {
  // Denied by policy
  console.log(`Blocked: ${result.reason}`);
}

That's it. There are three possible outcomes (allow, escalate, deny), and your agent handles each one.

Step 4: Review Escalations

When an action gets escalated, it appears in the Tenet dashboard's review queue. The assigned reviewer sees the full context: which agent, which tool, what input, which policy triggered the escalation.

They approve or reject with one click. If approved, your agent gets notified and can proceed. If rejected, the agent gets a denial with a reason.

Step 5: Audit Everything

Every authorization request, whether allowed, denied, or escalated, is logged in Tenet's decision log. You can query it via the API or browse it in the dashboard.

curl https://api.trytenet.com/v1/decisions?tool=send_slack&last=24h \
  -H "Authorization: Bearer $TENET_API_KEY"

This gives you a complete audit trail: what your agents tried to do, what they were allowed to do, and what was blocked or required human review.

What You Get

In about five minutes, you've added three critical capabilities to your MCP server:

Policy enforcement: rules that control which tools can be used and under what conditions
Human escalation: sensitive actions require approval before execution
Audit logging: every decision is recorded for compliance and debugging

No changes to your MCP server. No changes to your tool implementations. Just a governance layer between your agent and the world.

Ready to try it? Tenet's free tier includes 500 decisions per month. Start governing your agents →