Molt Guard Documentation

v1.0.0 Stable

Security Middleware for AI Agents.
Molt Guard implements a Zero Trust architecture where agents never hold master secrets. Instead, they request ephemeral permissions just-in-time.

Molt Guard is a TypeScript library that acts as a security layer between AI agents and their tools. It solves the "God Mode" problem by intercepting tool calls and enforcing strict policies before any API request is made.

Key Features

🛡️ Zero Trust Architecture: Agents never hold master secrets.
⏱️ JIT Token Vending: Ephemeral credentials that expire in minutes.
📝 Content Moderation: PII detection, sentiment analysis, offensive content filtering.
💰 Budget Controls: Daily, hourly, and per-request spending limits.
📊 Audit Logging: Complete trail of all decisions and token issuances.

Architecture

┌─────────────────┐      ┌─────────────────┐      ┌─────────────────┐
│                 │      │                 │      │                 │
│    AI Agent     │─────▶│   Molt Guard    │─────▶│  External APIs  │
│   (OpenClaw)    │      │   (Interceptor) │      │ (Stripe, AWS)   │
│                 │◀─────│                 │◀─────│                 │
└─────────────────┘      └─────────────────┘      └─────────────────┘
                                │
                                │
                                ▼
                    ┌───────────────────────┐
                    │                       │
                    │    Guard Server       │
                    │    (The Brain)        │
                    │                       │
                    │  • Policy Engine      │
                    │  • Content Moderation │
                    │  • Token Vending      │
                    │  • Audit Logging      │
                    │                       │
                    └───────────────────────┘

Installation

Molt Guard is available as an npm package.

npm install molt-guard

Quick Start

1. Initialize and Protect

import { guard } from 'molt-guard';

// 1. Initialize the guard
await guard.init();

// 2. Define your legacy/unsafe tools
const myToolsList = {
    stripe: new StripeClient('...'),
    aws: new AWSClient('...')
};

// 3. Wrap them with security
const protectedTools = guard.protectAll(myToolsList);

// 4. Use them normally - they're now secured!
// This call will be intercepted, validated, and executed via JIT token
await protectedTools.stripe.charge({ amount: 1000 });

Core Concepts

GuardRequest

Every tool call is converted into a GuardRequest before it is processed.

interface GuardRequest {
  intent: string;           // Human-readable intent
  toolName: string;         // Name of the tool being called
  parameters: object;       // Arguments to the tool
  metadata: {
    userId: string;
    budgetUsed: number;
    userRole?: UserRole;
    cost?: number;
  };
}

JIT Tokens

If a request is allowed, the Guard Server vends a Just-In-Time (JIT) Token. This is an ephemeral credential (like an AWS STS token or a restricted Stripe key) that works only for a specific action and expires immediately.

Using Decorators

If you prefer a class-based approach, you can use the @Protected decorator.

import { Protected } from 'molt-guard';

class PaymentService {
  
  @Protected('financial_policy')
  async processPayment(amount: number): Promise {
    // This method is now guarded.
    // If the policy check fails, this code is never executed.
  }
}

Direct Token Vending

Sometimes you need raw credentials for an SDK that doesn't support interception easily. You can ask Guard for a token directly.

const awsToken = await guard.vendToken(ServiceType.AWS, {
  userId: 'user_123',
  toolName: 'deploy_lambda',
  intent: 'Deploy new function',
});

// Use the temporary credentials
const s3Client = new S3Client({
  credentials: {
    accessKeyId: awsToken.accessKeyId!,
    secretAccessKey: awsToken.secretAccessKey!,
    sessionToken: awsToken.sessionToken!,
  },
});

Policy Configuration

Policies are defined in JSON format. You can load them during init() or update them dynamically.

{
  "strictMode": false,
  "budget": {
    "dailyLimit": 1000,
    "perRequestLimit": 100
  },
  "moderation": {
    "detectPii": true,
    "detectOffensive": true,
    "analyzeSentiment": true
  },
  "rules": [
    {
      "id": "rule-001",
      "name": "Block negative posts",
      "targetTools": ["post_to_moltbook"],
      "action": {
        "decision": "ALLOW",
        "requireModeration": true
      }
    }
  ],
  "denylistedTools": ["delete_all", "format_disk"]
}

Environment Variables

# Guard configuration
MOLT_GUARD_JWT_SECRET=your-secure-secret
MOLT_GUARD_API_KEY=your-api-key

# AWS (for JIT token vending)
AWS_ACCESS_KEY_ID=...
AWS_SECRET_ACCESS_KEY=...
MOLT_GUARD_AWS_ROLE_ARN=arn:aws:iam::123456789012:role/AgentRole

# Stripe
STRIPE_SECRET_KEY=sk_live_...