Security-first AI agent runtime

Build AI agents that can be trusted to act.

Manasvi is a policy-governed runtime for building agents with approval-gated actions, auditable execution, tool mediation, sandboxing, and memory provenance.

Get Started →View Architecture

agent-runtimeLIVE

01:01intent.receivedactive

02:02policy.evaluatedpass

03:03tool.access.requestedgranted

04:04approval.requiredpending

05:05execution.completedok

06:06audit.event.storedrecorded

A control plane for AI agents

One message. Six governed steps.

Manasvi separates conversation, policy, approval, memory, tools, and execution so agents can be useful without becoming blindly autonomous.

◎

Intent

→

⬡

Policy

→

⚙

Tools

→

◈

Approval

→

▶

Execution

→

◻

Audit

Intent — user message received and parsed into an execution intent

Policy — every proposed action evaluated against operator-defined rules

Approval — sensitive or high-risk actions paused for human sign-off

Audit — every outcome written to an append-only, integrity-checked trail

Start here

Where do you want to go?

⚡

Quickstart

15 minutes from zero to a running, governed AI agent.

Read docs →

🏗

Architecture

How the services, runtime, and policy layer fit together.

Read docs →

⚙

Tool System

How tools are mediated, sandboxed, and governed.

Read docs →

🛡

Policy Engine

Rules that decide what the model is allowed to propose.

Read docs →

🧠

Memory

Ephemeral and persistent memory planes across sessions.

Read docs →

✅

Approvals

Human-in-the-loop gates for sensitive or high-risk actions.

Read docs →

Security-first by design

Governance built into every layer

Agents that propose, policies that decide, humans that approve. Every capability is mediated — not bolted on after the fact.

⬡

Policy-first execution

Every sensitive action is evaluated against explicit policy before execution. The model proposes; policy decides.

◈

Approval-gated tools

Agents propose actions. Humans or policies approve them. Executors only run approved, cryptographically-signed intents.

📋

Auditable by design

Every decision, tool call, approval, denial, and execution result is written to an append-only, integrity-checked trail.

🛡

Sandboxed runtime

Tool execution is isolated with controlled filesystem, network, secret, and process access. Plugins can't escalate trust.

🧠

Trust-aware memory

Memory is separated by provenance and trust level to reduce poisoning risks and prevent unsafe context reuse across sessions.

🔌

Built for real integrations

Telegram, Gmail, Calendar, filesystem, and web tools can all be governed consistently through the same policy engine.

Design principle

The model doesn't call tools directly.

In most agent frameworks, the model outputs a tool call and the system runs it. Manasvi puts a governance layer in between. The model proposes. Policy decides. A signed intent is created. Execution is sandboxed. Everything is recorded.

This means you get real control — not just logging after the fact, but actual gates that can stop, redirect, or require approval for any action.

Policy-firstSigned intentsApproval flowsSandboxed executionAppend-only audit

Why this design matters →

Model output

↓

Policy evaluation

↓

Approval gate

↓

Signed intent

↓

Sandboxed execution

↓

Audit record

A governed runtime for trustworthy AI agents.

Free, open source, and runs entirely on your machine. Policy-first execution from the ground up.

Start the quickstart →Learn more