Loren Angoni

Project

5D Runtime Policy Engine

Longer, safer, logged autonomous agent loops. Score the action before it runs. Let safe ones through. Review the risky ones. Keep the decision log.

Try 5D on GitHub See integrations
5D Runtime Policy Engine 5D

Start with the pain

Approval fatigue and risky tool execution show up together.

Coding agents and autonomous workflows usually fail in one of two ways. They interrupt the user on every harmless action, or they get put into a permissive mode that quietly removes the last useful checkpoint. 5D exists for that exact boundary.

It is the runtime policy layer that sits right before the side effect: score the tool action, return allow or review or deny, log what happened, and optionally hand the risky action to a user or external review agent.

The current runtime goes further than the early public draft. It now includes prompt-injection scanning, output leakage detection, session-level drift tracking, destination policy controls, and a lightweight @gate decorator that can wrap Python functions directly before execution.

Best fit

  • Coding-agent and ops-agent power users tired of approval spam and blind trust
  • Agent builders who need one policy layer across tools and frameworks
  • Teams productionizing autonomous workflows with real side effects

Why teams care

  • Fewer useless approval prompts on harmless reads and searches
  • Safer shell, write, and network actions without blindly enabling auto mode
  • Longer autonomous loops with a real log of what the agent tried to do

What it does

Policy at the action boundary

Use 5D when your agent can write files, run shell, call external APIs, or touch sensitive tools.

  • Let low-risk actions run without burning human attention
  • Route risky actions to a user inbox or an external review agent
  • Block obvious foot-guns before the tool executes
  • Keep a decision log for every gated action
  • Track session drift before the runtime normalizes bad patterns
  • Scan for prompt injection and output leakage around the tool boundary

Why it is different

Local, configurable, and not locked to one provider

  • Runs locally and stays configurable
  • Not tied to one provider or one hosted approval mode
  • Can hand risky decisions to a user or external review agent
  • Scales across multiple agents with one runtime policy shape
  • Validated through a growing offline benchmark harness and runtime test suite

Available integrations

Use the runtime you already have

Claude Code Add runtime policy in front of Claude Code hooks so low-risk reads stop spamming the user and high-impact actions can be reviewed or blocked. LangGraph Score the pending tool call, route by band, and only interrupt the graph when the action actually deserves review. PydanticAI Use 5D as the decision function behind `ApprovalRequiredToolset` so the agent only defers tool calls that actually cross your risk boundary. OpenAI Agents SDK Treat risky tool calls as tripwires and let 5D return a normalized `allow` / `review` / `deny` decision that your OpenAI runtime can act on. Clawdbot Put a runtime policy layer in front of repo edits, CI reruns, webhooks, and risky maintenance actions so the bot can keep moving without getting reckless.

Open source and disclaimer

Licensed openly. Operated at your own responsibility.

5D is open source under Apache-2.0 and provided as-is. There is no warranty that it will prevent incidents or make a runtime safe by itself. The operator remains responsible for review, testing, configuration, sandboxing, and deployment.

See the GitHub repo Read the approval-fatigue article Browse 5D integrations

Try 5D

Put runtime policy where the side effect begins.

5D is built to be local, configurable, provider-neutral, multi-agent ready, and able to hand risky actions to a user or external review agent. That is what makes longer loops more usable without turning them into a blind trust exercise.

Open the repo See integration guides Back to projects