Who is Gensee Crate for?

Gensee Crate is for teams and developers running AI agents that can use tools, access files, execute commands, persist memory, and affect real systems.

How is Gensee Crate different from prompt guards?

Prompt guards focus on input text. Gensee Crate watches what agents do to the machine: tool calls, file access, commands, memory artifacts, skills, scripts, and network targets.

What value does Gensee Crate add?

Gensee Crate gives teams enforceable runtime policy, artifact provenance, pre-execution inspection, evidence for incident response, and integrations with existing systems.

How can Gensee Crate be adopted?

Gensee Crate can start with a local agent workflow and expand into customer-controlled deployments with company policy, audit, alerting, and integrations.

Which agents does Gensee Crate support?

Gensee Crate supports coding agents, customized workflow agents, customer support agents, general-purpose agents, Codex, Claude Code, OpenClaw, Hermes Agent, and proprietary agents.

Gensee Crate Action-layer security

Runtime security for agents that take real actions.

Q: What is Gensee Crate?

Gensee Crate is execution-aware runtime security for AI agents. It combines policy, provenance, and response for tools, files, commands, memory, skills, network paths, and artifacts.

Crate protects the execution layer: tools, files, shell commands, memory, skills, network calls, and the artifacts agents leave behind.

Why Crate See packaging

Prompt filters inspect language. Crate governs what the agent actually does.

Policy allow / ask / deny

Inspect assembled scripts

Protect secrets + memory

Trace artifact lineage

tool_call.shelldeny

memory.writeask

artifact.execinspect

Built from local runtime enforcement · provenance · policy · benchmarks

Runtime policy Artifact lineage OWASP mapped

App-layer governance sees what tools report. Crate records intent, effects, artifacts, and policy evidence.

Quick answer

What is Gensee Crate?

Gensee Crate is an execution-aware security layer for AI agents. It turns agent intent, runtime evidence, and artifact provenance into policy decisions before risky actions complete.

Different layer Protects tool execution and side effects, not just prompt text.
Different evidence Correlates requests, commands, files, artifacts, risk tags, and alerts.
Different outcome Moves teams from after-the-fact logs to live allow, ask, or deny decisions.

Why Crate

Prompt guards miss the machine surface.

Once agents can use tools, access files, browse networks, write memory, and execute scripts, security has to follow the action path, not just the text prompt.

What breaks

Credentials move through tools.

Secrets, config files, and local credentials are exposed by reads and tool outputs, not only by prompts.

Actions outrun intent.

Agents can install packages, run scripts, modify files, change permissions, or reach external networks.

Persistence hides in artifacts.

Poisoned memory, modified skills, shell scripts, and hooks can survive beyond the current request.

What Gensee Crate adds

Ground-truth provenance.

Track prompts, tool calls, file intents, observed effects, artifacts, risk tags, and lineage in a queryable provenance graph.

Prevention before damage.

Return allow, ask, or deny before tool execution; inspect assembled script content at execution time.

Deployable policy.

Use the same core controls wherever agents touch tools, files, credentials, memory, or network paths.

Product

Runtime controls for the agents you already use.

Crate plugs into agent execution paths, records evidence locally, and turns policy into action before the tool call completes.

Monitor

Prompts, tool calls, file intents, observed effects, commands, artifacts, and network targets.

Prevent

Block risky reads, writes, egress, destructive commands, poisoned memory, and dangerous scripts.

Respond

Give security and platform teams timeline evidence for review, escalation, and incident handling.

Analyze

Query lineage across sessions, requests, artifacts, alerts, and risk tags.

Integrate

Connect policy, identity, alerting, SIEM, code hosts, agent gateways, and internal platforms.

Supported agents

Built for the agent surfaces teams actually run.

Crate starts where agent risk becomes concrete: code workspaces, shell access, files, tools, memory, skills, and external network paths.

Codex

Claude Code

Code Workspaces

MCP

Internal Agents

Architecture

Defense in depth where agents take action.

Crate combines hook-level intent, filesystem and process observations, artifact provenance, and policy decisions into one enforceable runtime graph.

Agent Intent

Prompt context
Tool input
File intent

Endpoint Evidence

File effects
Process signals
Artifact digests

Policy Engine

Allow / ask / deny
Risk tags
Lineage queries

Prevention Layer

Auto-generated policies
Pre-exec inspection
Sandbox boundaries
Credential protection

Response Layer

Timeline evidence
Alert routing
Exception workflow
Enterprise audit

Use cases

For agents that can change real systems.

Local coding agents

Keep Claude Code and Codex-style agents away from secrets, dangerous scripts, poisoned memory, and destructive commands.

Agent workspaces

Apply policy, alerting, and evidence to agents working across code, tools, files, and internal systems.

Internal agent platforms

Integrate runtime enforcement into existing systems, MCP gateways, code hosts, identity, and incident response workflows.

FAQ

Answers for teams evaluating AI agent security.

What does Gensee Crate protect?

It protects agent execution paths: tools, shell commands, file access, memory artifacts, skills/plugins, network targets, and resulting artifacts.

Who is it for?

Teams building or adopting agents with access to code, credentials, files, memory, tools, or networked systems.

How is it different from prompt guards?

Prompt guards focus on input text. Gensee Crate watches what agents do to the machine and enforces policy before risky tool calls proceed.

What value does Crate add?

It turns runtime evidence into enforceable decisions, so teams can prevent dangerous actions and keep a provenance trail when they need to investigate.

How does Crate fit existing systems?

Crate is designed to connect with existing policy, identity, alerting, code-hosting, incident-response, and agent-platform workflows.

Which agents are supported?

Claude Code is the current local hook focus; Codex, MCP, generic launchers, internal agents, and company-specific integrations are part of the broader direction.

Packaging

Adopt Crate where your agents take action.

Start with the open-source runtime or talk to us about customer-controlled deployments and integrations.

See packaging