Skip to main content
Drako’s runtime sits between your agents and the world. Every tool call, every inter-agent message, every action passes through an enforcement pipeline before it executes. No agent bypasses it. No exception.

One-line integration

Add governance to any supported agent framework with a single line: 
from drako import govern

crew = govern(crew)   # every tool call passes through enforcement
govern() auto-detects the framework from the object type (CrewAI, LangGraph, AutoGen) and loads your .drako.yaml by walking up from the current directory. If no config or API key is found, the object is returned unchanged — govern() never crashes your agent.

Enforcement pipeline

When an agent decides to act, the decision travels through this 13-stage chain. Any step can block, modify, or escalate — before a single byte reaches your downstream APIs. 
Agent decides to act

  ├─ Pre-action Hooks ─── custom validation scripts
  ├─ Identity Check ───── is this agent who it claims to be?
  ├─ ODD Check ────────── is this tool permitted for this agent?
  ├─ Magnitude Check ──── does this exceed spend/volume/scope limits?
  ├─ HITL Check ───────── does this need human approval?
  ├─ Intent Gate 1 ────── fingerprint the decision (SHA-256 + Ed25519)
  ├─ DLP Scan ─────────── does the payload contain PII/PCI?
  ├─ Injection Scan ───── does the input contain prompt injection?
  ├─ Trust Check ──────── is this agent's reputation sufficient?
  ├─ IOC Check ────────── does this match a known threat pattern?
  ├─ Circuit Breaker ──── is this tool/agent healthy enough?
  ├─ Intent Gate 2 ────── verify the decision wasn't altered since Gate 1


  Execute (or block with reason)

  ├─ Post-action Hooks ── validate/modify result
  ├─ Topology Tracker ─── log interaction for multi-agent graph
  ├─ Cost Tracker ─────── record tokens, cost, model used
  └─ Audit Trail ──────── SHA-256 hash chain + policy snapshot ID

Key capabilities

Enforcement policies

DLP (Presidio-based PII/PCI), ODD tool allowlisting, circuit breakers, magnitude limits, intent fingerprinting, and collective intelligence.

Human-in-the-loop

Pause agents on high-risk actions and escalate for human approval. Configurable triggers. EU AI Act Article 14 compliant.

Audit trail

Tamper-evident SHA-256 hash chain with Ed25519 signatures. Every action logged with a policy snapshot reference and intent proof.

Proxy mode

Out-of-process enforcement — zero code changes required. The agent can’t bypass what doesn’t run in its process.

Supported frameworks

Drako integrates with the frameworks your agents already run on. Framework detection is automatic inside govern().
FrameworkIntegration method
LangGraphAST-based discovery
CrewAIAST-based discovery
AutoGenAST-based discovery
LangChainImport / pattern detection
LlamaIndexImport / pattern detection
PydanticAIImport / pattern detection

Performance

Policy evaluation is designed to be invisible inside the latency budget of a real LLM call.
ScenarioP50P99
Single rule0.031ms0.08ms
Full scan (97 rules)2.1ms3.8ms
Batch (100 tool calls)1.79ms2.8ms
Governance overhead is <0.3% of a typical LLM call. Policy evaluation runs in <2ms.
Start in autopilot mode — Drako logs all violations without blocking anything. When you’re ready: drako upgrade --balanced enables enforcement.

Build docs developers (and LLMs) love

Get started for freeTalk to us