Govern agent data at the boundary.
Detect secrets and PII in-process. Block, tokenize, or restore - at model, tool, and MCP - with zero required config.
$ npx @tailrace/cli init1import { createTailrace } from "@tailrace/core";2// import { definePolicy } from "@tailrace/core";3 4// Zero-config: secrets → block, common PII → tokenize.5// Customize with definePolicy({ entities: { email: "tokenize", api_key: "block" } })6// and pass { policy } to createTailrace.7// Policy JSON Schema: https://tailrace.dev/schema/policy.v1.json8export const tailrace = createTailrace();Input → detect → resolve → apply.
Sensitive values are found in-process, policy decides the action, and audit records the decision - never the raw value. Boundaries
1// User message → model boundary (out)2const prompt = `3 Email billing@example.com4 Key sk_test_…FAKE5`;Agent prompt crosses the model boundary
In-process, not a proxy.
No network on the hot path
Detection, policy, and vault run inside your process. No proxy, sidecar, or round-trip to apply a block.
Node, Workers, and Edge
@tailrace/core uses WebCrypto only - the same gate runs where your agent already runs.
Policy is the product
Detection engines are pluggable. Effort goes into resolution, tokenization, and audit at each boundary.
| Tailrace | Proxy / gateway | |
|---|---|---|
| Where it runs | In your Node / Worker / Edge process | Separate hop in front of the model |
| Hot-path network | None for check / restore | Required to reach the gateway |
| Policy ownership | Code + config in your repo | Often a hosted control plane |
Drop in at the boundary you already use.
Adapters construct the boundary and call check / restore - they contain no policy logic of their own.
Try Tier 0 in your browser.
Paste text, see spans, toggle policy actions. Scanning stays client-side after load - nothing you paste is uploaded.
Govern the next boundary.
$ npx @tailrace/cli initGet started