DeerFlow Guardrails

Pre-tool-call authorization for ByteDance's multi-agent system

Python

DeerFlow is a LangGraph-based AI super agent system by ByteDance with sandbox execution, persistent memory, and subagent delegation. APort guardrails add deterministic, policy-driven authorization to every tool call via DeerFlow's native middleware chain.

DeerFlow Repo (32k stars)Integration Docs

Quick Start

1. Create passport & config

npx @aporthq/aport-agent-guardrails deerflow

2. Install guardrails package

uv add aport-agent-guardrails

3. Add to your code

# config.yaml
guardrails:
  enabled: true
  passport: ~/.aport/deerflow/aport/passport.json
  provider:
    use: aport_guardrails.providers.generic:OAPGuardrailProvider

How It Works

🛂

Passport

Your agent gets an OAP passport declaring its identity, capabilities, and operational limits.

🔒

Evaluate

Before every tool call, the guardrail evaluates it against the passport's policy. Locally or via hosted API.

✅

Decision

Allow or deny with structured OAP reason codes. Signed decisions create an auditable trail.

Frequently Asked Questions

How do I add guardrails to DeerFlow?

Install aport-agent-guardrails with pip or uv, run the setup wizard, and add the guardrails section to your DeerFlow config.yaml. The GuardrailMiddleware evaluates every tool call before execution.

Does DeerFlow guardrails work with MCP tools?

Yes. All tools including dynamically-loaded MCP tools are evaluated by the guardrail middleware before execution. MCP tools are mapped to the mcp.tool.execute.v1 policy pack.

Can I use DeerFlow guardrails without network access?

Yes. The guardrail provider supports fully local evaluation with a passport JSON file and local policy evaluator. No API calls required for air-gapped or CI environments.

Ready to secure your DeerFlow agents?

Get started in under 2 minutes with a single command.

Quickstart Guide Browse Policy Packs