Documentation
Guard the actions your agents can't take back.
Arc is the guardrail between your AI agents and production. Define what an
action is allowed to do, hold the risky ones for a human, and let the rest
run only as a signed request your own app verifies — with a spend cap so a
loop can't quietly burn the budget. These docs take you from
npm install to a blocked over-budget action in five minutes.
Free to start — run the local Arc stack and guard your first action.
Start here
Zero to a blocked agent action. The quickstart is the fastest path — it takes you from npm install to a blocked over-budget action against a local Arc server.
- Quickstart 5 min block Guard your first dangerous call and watch Arc block an over-budget action.
- Set up with your AI agent 1 paste ask One prompt for Claude Code or Codex: install, configure, guard an action, verify a run.
- What is Arc? The control plane between your agents and production: allow / ask / block, signed, audited.
- How it works Request → policy → approval → signed execution → audit. The full path of one action.
- Install & configure npm install @geostack/arc, run the local stack, arc config set, ARC_API_URL, dev smoke.
Concepts
One quotable explainer per primitive. The glossary defines them; the product walk-through shows each in the flow.
- Actions defineActions, risk levels, input JSON Schema, sync.
- Policy & decisions allow / ask / block; defaultDecision vs a delegated decision.
- Approvals ask → pending_approval → approve / deny → queued execution.
- Signed execution ES256 JWS, body hash, claims, JWKS — why your app verifies.
- Spend & budgets ask Cost modes, minor units, windows, scope, hard vs soft caps.
- Audit log Redacted, hash-chained events; budget_exceeded; tamper-evidence.
- Glossary Every Arc term defined: guardrails, signed execution, spend caps, MCP.
Guides
Task-oriented and copy-paste. Each step in the quickstart ends with something working.
- Guard a dangerous call Wrap a credentialed tool end to end.
- Set a spend cap & test a block Rolling windows, scoped caps, the block path.
- Verify signed execution handleAction, body hash, timestamp, nonce.
- Durable nonce + idempotency Redis nonce store; invocation_id reconciliation.
- Wire human approvals ask → pending_approval; approval IDs from the CLI.
- Confirm the audit trail arc audit tail; the budget_exceeded event.