Kynara/DevOps & Engineering
⚙️ DevOps & Engineering

Control what your AI agents can do in production

Coding assistants, CI/CD agents, and infrastructure automation are powerful — and dangerous without guardrails. Kynara enforces per-action policies, requires human approval before production changes, and audits everything.

Book a demo Try the policy sandbox
Production environment guard LangChain, AutoGen, CrewAI support Claude Code / Cursor governance MFA-gated destructive ops Anomaly detection + auto-revoke
The problem

AI agents in your codebase with unchecked access

Without Kynara
  • Claude Code / Cursor agent runs a shell command on a production server
  • CI/CD agent deploys to production without a change ticket
  • Infrastructure agent resizes a database in the wrong region
  • Prompt injection causes an agent to drop a table
  • No record of which AI made which infrastructure change before the incident
With Kynara
  • Shell execution on production requires MFA and on-call engineer approval
  • Production deploys gated by environment condition + ticket_url context field
  • Infra changes blocked outside US/EU and outside maintenance windows
  • Policy engine sits outside LLM trust boundary — prompt injection can't bypass it
  • Every agent action hash-chained — full audit trail for incident retrospectives
Use cases

Engineering AI agent scenarios

💻
Coding assistants (Claude Code, Cursor)
Allow agents to read code and run tests freely. Require approval before running arbitrary shell commands, modifying CI configuration, or pushing to protected branches.
🚀
CI/CD pipeline agents
Gate production deploys behind an environment condition check and mandatory change ticket. Staging deploys proceed automatically. Rollback commands require on-call approval.
☁️
Infrastructure automation
Terraform / Pulumi agents can plan freely. Apply to production requires approval. Destructive operations (terminate, delete, drop) always require MFA-verified approval regardless of environment.
📊
Observability & incident response
Allow agents to query logs, metrics, and traces freely. Gate write operations — creating alerts, modifying dashboards, triggering runbooks — behind the on-call engineer's approval.
🗄️
Database agents
SELECT queries are unrestricted. DDL statements (ALTER, DROP, TRUNCATE) require both an environment condition (non-production) and an explicit approval. Cross-database queries are denied by default.
🔑
Secrets & credential management
Agents can read secrets they're explicitly scoped for. Writing or rotating secrets requires a JIT grant with justification. Any access to production credentials is logged with full context.
Integration

Works with the tools your team already uses

# LangChain agent with Kynara enforcement
from kynara_sdk.langchain import KynaraCallbackHandler

executor = AgentExecutor(
    agent=infra_agent,
    tools=infra_tools,
    callbacks=[KynaraCallbackHandler(
        kynara, agent_id=AGENT_ID
    )],
)
# Every on_tool_start is checked before execution
# Policy: require MFA for production infra changes
{
  "effect": "require_approval",
  "actions": ["infra.apply", "infra.destroy"],
  "condition": {
    "op": "and",
    "args": [
      { "op": "eq",
        "args": ["ctx.context.env", "production"] },
      { "op": "eq",
        "args": ["ctx.context.mfa_verified", false] }
    ]
  }
}
# TypeScript — Express middleware for API agents
import { requirePermission } from "@kynara/sdk/express";

app.post("/infra/deploy",
  requirePermission({
    client,
    action: "infra.deploy",
    resource: (req) => ({
      type: "environment",
      id: req.body.env,
      attrs: {
        environment: req.body.env,
        service: req.body.service,
      }
    }),
    context: (req) => ({
      env: req.body.env,
      mfa_verified: req.user.mfaVerified,
      ticket_url: req.body.ticket_url,
    }),
  }),
  deployController,
);
Prompt injection safe: Kynara evaluates structured data from your code — not text from the LLM. No matter what a prompt injection attack writes, the policy engine evaluates the action, resource, and context your wrapper provides.
⚙️ DevOps & Engineering

Govern your engineering AI agents today

Free plan to get started — 3 seats, 10,000 decisions/month, full policy engine and audit log. No credit card required.

Get started free Try the policy sandbox Read the docs