About TameFlare

AI agents are getting access to production systems — source control, payment processors, infrastructure, communication tools. Most agent frameworks have few or no runtime guardrails beyond prompt instructions. The agent decides what to do and does it.

TameFlare exists because agents need architectural enforcement, not just prompt-level instructions. If an agent's API keys live inside the agent, no amount of system prompts can prevent misuse. TameFlare moves the keys to a gateway and requires a cryptographically signed, single-use token for every action.

The result: agents can't bypass policies because the enforcement is structural, not behavioral.

TameFlare is actively developed and source-available under the Elastic License v2 (ELv2). The core platform — transparent proxy gateway, connector system (GitHub, OpenAI, Stripe, Slack), credential vault, per-gateway permissions, approval workflow, dashboard, and CLI — is complete and functional.

TameFlare is licensed under the Elastic License v2 (ELv2). In short:

• + Free to use, modify, and self-host
• + Full source code available
• + Commercial use permitted
• − Cannot be offered as a managed/hosted service by third parties
• − Cannot remove or alter license keys or licensing functionality

TameFlare is maintained by a small team. We believe in transparency about project sustainability.

TameFlare has not yet undergone a third-party security audit. The codebase is source-available for independent review. We have 51 unit tests, 220+ integration tests, and security-specific test coverage (auth bypass, RBAC, rate limiting, nonce replay, input validation).

A formal third-party audit is planned. See the Security documentation for full details on our testing approach and current coverage.