Carapace

Armor for your AI agent. Carapace is a local-first security system that protects autonomous AI agents from prompt injection and goal drift. It verifies actions against user-defined rules before execution, uses rotating HMAC keys that injected prompts can't forge, re-reads goals every 15 minutes to prevent drift, logs all agent activity, and grades each session with actionable insights that make your agent sharper over time. Five tools: carapace_verify (security checkpoint), carapace_anchor (goal journal + drift detection), carapace_log (action logger), carapace_status (security posture), carapace_review (session grading). Runs locally, zero cloud dependencies, works with OpenClaw and any MCP-compatible agent. Free and open source.