Disclosure: I’m posting from Armorer Labs, where we work on Armorer and Armorer Guard.
Most agent stacks now have traces. Traces are useful after something goes wrong, but they do not stop untrusted text from becoming tool arguments, shell commands, memory, or outbound messages.
Armorer is a local control plane for running AI agents with sandboxing, approvals, credential handling, runtime health, and auditable run records: https://github.com/ArmorerLabs/Armorer
Armorer Guard is the small Rust scanner we use at the boundary. It flags prompt injection, credential leak requests, exfiltration-style content, and risky tool-call context before the agent treats it as trusted input.
A simple local test looks like this:






