# Tailrace > TypeScript-native agent data governance: in-process detection, reversible tokenization, and per-agent policy at model, tool, and MCP boundaries. Full corpus: https://tailrace.dev/llms-full.txt MCP server: https://tailrace.dev/mcp Policy JSON Schema: https://tailrace.dev/schema/policy.v1.json ## Introduction - [Introduction](https://tailrace.dev/docs.md): How Tailrace governs agent data flows in-process - detect, policy, apply, audit, and restore at egress. ## Get Started - [Quickstart](https://tailrace.dev/docs/get-started/quickstart.md): Block a fake API key and tokenize an email in an AI SDK route in under five minutes. - [Use with AI tools](https://tailrace.dev/docs/get-started/use-with-ai-tools.md): Connect Cursor, Claude Code, Codex, or VS Code to Tailrace docs via MCP, llms.txt, or raw markdown URLs. ## Guides - [Block secrets in Claude Code](https://tailrace.dev/docs/guides/block-secrets-in-claude-code.md): Install Tailrace hooks so Claude Code cannot paste API keys into tool calls - deny or tokenize before the tool runs. - [Govern MCP tool calls](https://tailrace.dev/docs/guides/govern-mcp-tool-calls.md): Wrap an MCP client transport so tools/call arguments and results respect Tailrace policy without tearing down the connection. - [Protect PII in the AI SDK](https://tailrace.dev/docs/guides/protect-pii-in-ai-sdk.md): Wrap models and tools, configure streaming block behavior, and restore tokenized values at egress. ## Concepts - [Boundaries](https://tailrace.dev/docs/concepts/boundaries.md): Where Tailrace enforces policy - model, tool, MCP, telemetry, and egress. - [Detection tiers](https://tailrace.dev/docs/concepts/detection-tiers.md): What Tier 0 and Tier 1 find - and what detection deliberately does not decide. - [Policy resolution](https://tailrace.dev/docs/concepts/policy-resolution.md): How Tailrace picks allow, mask, tokenize, or block for a span at a boundary. - [Threat model](https://tailrace.dev/docs/concepts/threat-model.md): What Tailrace protects against - and what it deliberately does not. - [Tokenization and the vault](https://tailrace.dev/docs/concepts/tokenization-and-the-vault.md): Why the same email becomes the same token in one workflow - and only restores at egress. ## Integrations - [Claude Code](https://tailrace.dev/docs/integrations/claude-code.md): Wire Tailrace as Claude Code PreToolUse / PostToolUse hooks - block secrets, tokenize PII, audit tool I/O. - [Hono](https://tailrace.dev/docs/integrations/hono.md): OpenAI-compatible Hono middleware - scan chat bodies and SSE streams, return 422 on policy block. - [MCP](https://tailrace.dev/docs/integrations/mcp.md): Wrap MCP client transports with Tailrace - JSON-RPC error on block, rewrite on tokenize. - [Next.js](https://tailrace.dev/docs/integrations/nextjs.md): Run Tailrace with the Vercel AI SDK in a Next.js App Router route - block secrets, tokenize PII, restore at egress. ## Reference - [AI SDK](https://tailrace.dev/docs/reference/ai-sdk.md): Reference for @tailrace/ai-sdk - wrap models and tools, fluent helpers, and streaming options. - [CLI](https://tailrace.dev/docs/reference/cli.md): Reference for the tailrace binary - init, scan, install-hooks, and the Claude Code hook handler. - [Errors](https://tailrace.dev/docs/reference/errors.md): Stable Tailrace error codes - what each means and where to fix the call site. - [INVARIANT](https://tailrace.dev/docs/reference/errors/INVARIANT.md): An internal contract was breached - for example restore outside egress. - [NOT_IMPLEMENTED](https://tailrace.dev/docs/reference/errors/NOT_IMPLEMENTED.md): A specified surface is not implemented in this release. - [POLICY_INVALID](https://tailrace.dev/docs/reference/errors/POLICY_INVALID.md): The policy document failed schema or semantic validation. - [POLICY_VIOLATION](https://tailrace.dev/docs/reference/errors/POLICY_VIOLATION.md): A block policy matched - the sensitive value must not cross the boundary. - [RECOGNIZER](https://tailrace.dev/docs/reference/errors/RECOGNIZER.md): A recognizer threw while scanning input. - [VAULT](https://tailrace.dev/docs/reference/errors/VAULT.md): Vault storage, encryption, or lookup failed. - [Hono](https://tailrace.dev/docs/reference/hono.md): Reference for @tailrace/hono - tailraceHono middleware and TailraceHonoOptions. - [MCP](https://tailrace.dev/docs/reference/mcp.md): Reference for @tailrace/mcp - wrapTransport, withMcp, and McpWrapOptions. - [Policy schema](https://tailrace.dev/docs/reference/policy-schema.md): Shape of a Tailrace policy document - defaults, entities, boundaries, identities, and the published JSON Schema. ## Playground - [Playground](https://tailrace.dev/docs/playground.md): Paste text, see Tier 0 spans, and toggle policy actions - entirely in your browser. ## Site tree # Tailrace - [Introduction](https://tailrace.dev/docs.md): How Tailrace governs agent data flows in-process - detect, policy, apply, audit, and restore at egress. - Get Started - [Quickstart](https://tailrace.dev/docs/get-started/quickstart.md): Block a fake API key and tokenize an email in an AI SDK route in under five minutes. - [Use with AI tools](https://tailrace.dev/docs/get-started/use-with-ai-tools.md): Connect Cursor, Claude Code, Codex, or VS Code to Tailrace docs via MCP, llms.txt, or raw markdown URLs. - Guides - [Block secrets in Claude Code](https://tailrace.dev/docs/guides/block-secrets-in-claude-code.md): Install Tailrace hooks so Claude Code cannot paste API keys into tool calls - deny or tokenize before the tool runs. - [Protect PII in the AI SDK](https://tailrace.dev/docs/guides/protect-pii-in-ai-sdk.md): Wrap models and tools, configure streaming block behavior, and restore tokenized values at egress. - [Govern MCP tool calls](https://tailrace.dev/docs/guides/govern-mcp-tool-calls.md): Wrap an MCP client transport so tools/call arguments and results respect Tailrace policy without tearing down the connection. - Concepts - [Boundaries](https://tailrace.dev/docs/concepts/boundaries.md): Where Tailrace enforces policy - model, tool, MCP, telemetry, and egress. - [Policy resolution](https://tailrace.dev/docs/concepts/policy-resolution.md): How Tailrace picks allow, mask, tokenize, or block for a span at a boundary. - [Tokenization and the vault](https://tailrace.dev/docs/concepts/tokenization-and-the-vault.md): Why the same email becomes the same token in one workflow - and only restores at egress. - [Detection tiers](https://tailrace.dev/docs/concepts/detection-tiers.md): What Tier 0 and Tier 1 find - and what detection deliberately does not decide. - [Threat model](https://tailrace.dev/docs/concepts/threat-model.md): What Tailrace protects against - and what it deliberately does not. - Reference - @tailrace/ai-sdk - [AI SDK](https://tailrace.dev/docs/reference/ai-sdk.md): Reference for @tailrace/ai-sdk - wrap models and tools, fluent helpers, and streaming options. - [wrapModel](https://tailrace.dev/docs/reference/ai-sdk/wrap-model.md): Wrap a LanguageModelV2 with Tailrace middleware - scan prompts, completions, and streams. - [wrapTools](https://tailrace.dev/docs/reference/ai-sdk/wrap-tools.md): Wrap a ToolSet so tool arguments and return values pass through Tailrace policy. - [withAiSdk](https://tailrace.dev/docs/reference/ai-sdk/with-ai-sdk.md): Attach fluent model and tools helpers to an existing Tailrace instance. - [encodeModelProvider](https://tailrace.dev/docs/reference/ai-sdk/encode-model-provider.md): Encode a LanguageModelV2 as a policy boundary provider string. - [Options](https://tailrace.dev/docs/reference/ai-sdk/options.md): AiSdkWrapOptions and StreamBlockBehavior for model and tool wrappers. - [CLI](https://tailrace.dev/docs/reference/cli.md): Reference for the tailrace binary - init, scan, install-hooks, and the Claude Code hook handler. - [MCP](https://tailrace.dev/docs/reference/mcp.md): Reference for @tailrace/mcp - wrapTransport, withMcp, and McpWrapOptions. - [Hono](https://tailrace.dev/docs/reference/hono.md): Reference for @tailrace/hono - tailraceHono middleware and TailraceHonoOptions. - [Policy schema](https://tailrace.dev/docs/reference/policy-schema.md): Shape of a Tailrace policy document - defaults, entities, boundaries, identities, and the published JSON Schema. - Errors - [Errors](https://tailrace.dev/docs/reference/errors.md): Stable Tailrace error codes - what each means and where to fix the call site. - [POLICY_VIOLATION](https://tailrace.dev/docs/reference/errors/POLICY_VIOLATION.md): A block policy matched - the sensitive value must not cross the boundary. - [POLICY_INVALID](https://tailrace.dev/docs/reference/errors/POLICY_INVALID.md): The policy document failed schema or semantic validation. - [INVARIANT](https://tailrace.dev/docs/reference/errors/INVARIANT.md): An internal contract was breached - for example restore outside egress. - [VAULT](https://tailrace.dev/docs/reference/errors/VAULT.md): Vault storage, encryption, or lookup failed. - [RECOGNIZER](https://tailrace.dev/docs/reference/errors/RECOGNIZER.md): A recognizer threw while scanning input. - [NOT_IMPLEMENTED](https://tailrace.dev/docs/reference/errors/NOT_IMPLEMENTED.md): A specified surface is not implemented in this release. - Integrations - [Next.js](https://tailrace.dev/docs/integrations/nextjs.md): Run Tailrace with the Vercel AI SDK in a Next.js App Router route - block secrets, tokenize PII, restore at egress. - [Claude Code](https://tailrace.dev/docs/integrations/claude-code.md): Wire Tailrace as Claude Code PreToolUse / PostToolUse hooks - block secrets, tokenize PII, audit tool I/O. - [MCP](https://tailrace.dev/docs/integrations/mcp.md): Wrap MCP client transports with Tailrace - JSON-RPC error on block, rewrite on tokenize. - [Hono](https://tailrace.dev/docs/integrations/hono.md): OpenAI-compatible Hono middleware - scan chat bodies and SSE streams, return 422 on policy block. - [Playground](https://tailrace.dev/docs/playground.md): Paste text, see Tier 0 spans, and toggle policy actions - entirely in your browser.