Agents interact with critical systems in production. You need to know what they attempted and what actually happened.
Rebuno sits between your agents and their tools. Every action is checked against your policy before it executes, and the outcome is recorded as an immutable event. Your team gets a complete history of every decision an agent made in production.
// how it works
your code
Agent
policy + events
Kernel
APIs, DBs, etc.
Tools
your code
Agent
policy + events
Kernel
APIs, DBs, etc.
Tools
01
Agent proposes
Declares what tool to call and with what arguments.
02
Kernel evaluates
Checks the intent against your policy rules. Allow or deny.
03
Tool executes
If allowed, the tool runs. If denied, the agent is told why.
01
Propose
Agent declares a tool call.
02
Evaluate
Kernel checks policy.
03
Execute
Tool runs or is denied.
Policy enforcement at the kernel level. Not in your agent code.
// features
Declarative Policy
YAML rules with glob patterns and argument inspection for tool access.
Immutable Audit Trail
Every intent, decision, and result recorded as an immutable event.
Local & Remote Tools
Define tools natively, connect via MCP, run in-process or in isolated runners.
Any Framework
Works with LangGraph, CrewAI, AutoGen, or your own agent loop.
Human-in-the-Loop
Pause execution and wait for human approval via signals before proceeding.
// use cases
Where Rebuno matters
A background coding agent attempts to modify a CI/CD deploy config. Policy scopes file access.
> intent: file.write
path: .github/workflows/deploy.yml
> policy: file_access
match: deny write outside src/**
✕ DENIED
> event #1042 recordedThe coding agent can only modify application code.
A PagerDuty alert fires overnight. An oncall agent investigates, scales the service, and restarts pods. The team reviews the complete event log next morning.
> trigger: pagerduty webhook
alert: high_cpu on api-prod-3
> intent: kubernetes.scale
replicas: 3 → 5
> policy: infra_ops
match: allow scale ≤ 10
✓ APPROVED
> intent: kubernetes.restart
pod: api-prod-3
✓ APPROVED
> 2 events recorded, review at 9amAutonomous remediation overnight, full audit trail by morning.
A research agent queries internal and external sources to answer questions. Policy inspects the target URL and blocks requests to non-approved domains.
> intent: web.search
url: sketchy-data.io/raw/d8f3a
> policy: approved_sources
match: deny url not in allowlist
✕ DENIED
> event #2187 recordedAgents only access approved sources.
An agent drafts outbound emails to enterprise prospects. Policy requires human approval before any external communication is sent.
> intent: email.send
to: prospect@example.com
subject: Next steps for your evaluation
> policy: require_approval
match: wait for signal: approval
⏸ BLOCKED
waiting for human approval...
← signal received: approval
✓ APPROVED
> email sent, 3 events recordedExternal communications only go out after a human signs off.
// get started
Requires Go 1.25+ and Python 3.10+
# start the kernel $ go install ./cmd/rebuno $ rebuno dev # start an agent $ pip install rebuno $ python examples/agent/hello.py # create an execution and see the audit trail $ rebuno create --agent hello --input '{"query": "hello world"}' $ rebuno events <id>