warden

warden is the decision core of the governance suite: a policy DSL engine that answers one question for any agent action — allow, deny, or ask. It’s written from scratch in Rust with a hand-written lexer, parser, and evaluator and zero dependencies, so the component making security decisions is small enough to audit by reading it.

No LLM is involved in the decision path, and the engine is deterministic — the same policy and the same action always yield the same verdict. It runs standalone, or as the brain behind barbican, which enforces its verdicts on live MCP traffic.