agentic ai infrastructure

The layer that makes
agents safe

Plyra builds open-source infrastructure for AI agents in production — starting with action control and persistent memory.

Explore Products ↓ plyraAI
action.evaluate("rm -rf /") → BLOCK policy.match(intent) → 0.4ms agent.tool_call → guarded memory.recall(context) → 12 episodes guard.history(limit=100) → 99 ALLOW, 1 BLOCK exporter.emit(action) → otel policy.rules → 8 active action.evaluate("rm -rf /") → BLOCK policy.match(intent) → 0.4ms agent.tool_call → guarded memory.recall(context) → 12 episodes guard.history(limit=100) → 99 ALLOW, 1 BLOCK exporter.emit(action) → otel policy.rules → 8 active

products

Built for production agents

Two focused tools. One mission: make agentic AI safe to deploy.

live
plyra-guard

Action middleware for AI agents. Intercepts every tool call, evaluates it against your policy, and blocks, logs, or escalates — before anything irreversible happens.

  • Policy-as-code: YAML or Python rules
  • Works with LangGraph, AutoGen, CrewAI, LangChain
  • Sub-2ms evaluation overhead
  • Built-in dashboard and OpenTelemetry exporter
  • Full action audit log with SQLite snapshots
Read the docs → v0.1.4 · Apache 2.0
coming soon
plyra-memory

Persistent, structured memory for AI agents. Store episodic context, semantic facts, and working state across sessions — with retrieval that actually works.

  • Episodic + semantic + working memory layers
  • Vector + structured retrieval hybrid
  • Session-aware context injection
  • Works with any agent framework
  • Local-first, cloud-optional
Watch for updates → in development
python · plyra-guard quickstart 
from plyra_guard import ActionGuard

guard = ActionGuard()  # sensible defaults out of the box

@guard.wrap
def delete_file(path: str) -> str:
    import os; os.remove(path)
    return f"Deleted {path}"

delete_file("/tmp/report.txt")   # ✓  ALLOW  0.3ms
delete_file("/etc/passwd")      # ✗  BLOCK  "System config is off-limits"

philosophy

Why infrastructure, not wrappers

Guardrails bolted onto models break when models change. Infrastructure baked into your agent loop doesn't.

🔌
Framework agnostic

Your agent framework will change. Your safety layer shouldn't. Plyra sits below the framework, not inside it.

📋
Policy as code

Rules live in your repo, reviewed in PRs, tested in CI. Not in a vendor dashboard you can't version control.

🔍
Full observability

Every action logged — allowed and blocked. Ship to OTEL, Datadog, or your own system. No black boxes.

Zero overhead design

Evaluation happens in-process. No network hop, no external API, no latency budget consumed by safety.

🌱
Open source core

The safety and memory layers for your agents will always be open source. Apache 2.0, no strings.

🏗️
Composable by design

Use plyra-guard standalone. Add plyra-memory when you need it. Mix with your existing stack.