DIMAGGI AI builds runtime policy firewalls for AI agents — the infrastructure layer that sits between an AI system and the tools it executes. Every tool call is intercepted, evaluated against configurable governance policies, and either permitted, blocked, or escalated for human review. Every decision is logged in a tamper-evident, SHA-256 hash-chained audit trail.
The Problem: AI Agents Act Without Oversight
Modern AI agents — built on Claude, GPT-4, Gemini, and similar foundation models — can call APIs, execute code, send emails, modify databases, and interact with external services autonomously. Without a runtime governance layer, these actions happen without any policy check, any audit record, or any human approval step. A single misconfigured policy or hallucinated instruction can trigger irreversible actions at machine speed.
What Tool Guard Does
Tool Guard is DIMAGGI AI's core product. It operates as a transparent proxy between your AI agent and its tool integrations. Every inbound tool call is wrapped in a signed envelope, evaluated against your policy library, and either forwarded (ALLOW), blocked (DENY), or held for human review (ESCALATE). The proxy adds fewer than 15 milliseconds of latency at p99.
Two Deployment Modes
Shadow mode — Tool Guard observes and logs all tool calls without blocking any of them. Near-miss records capture exactly which calls would have been denied under your policies. Use shadow mode to validate policies and quantify your risk exposure before going live.
Enforcement mode — Policy violations are blocked in real time. Escalations queue for human approval before the tool call proceeds. Every denied call is HMAC-signed and hash-chained to the preceding audit record.
Key Capabilities
- Runtime tool call interception — works with any MCP-compatible agent or direct API integration
- Policy library — scope-lock, PII boundary, confidence gate, contraindication check, budget limit, velocity cap
- Immutable audit chain — SHA-256 hash-chained, HMAC-signed decision records
- PII redaction — strip sensitive fields before external transmission, schema-driven
- Human-in-the-loop escalation — approval workflows for high-risk actions
- Near-miss ROI tracking — quantify the value of blocked or escalated actions
Who Uses Tool Guard
Financial services teams use Tool Guard to enforce payment approval thresholds and prevent AI agents from executing unauthorised wire transfers. Cybersecurity teams use it to block AI agents from running shell commands, exfiltrating data, or accessing systems outside their defined scope. Healthcare deployments use Tool Guard to enforce HIPAA minimum-necessary constraints and escalate low-confidence clinical AI outputs to human clinicians.