What is Control Zero?
Control Zero is an AI governance platform that automatically enforces policies on your AI agents. You define the rules in a dashboard, wrap your AI client with the SDK, and every action is checked against those rules at runtime -- without changing your application logic.
The problem it solves: As AI agents become more autonomous -- executing code, calling APIs, accessing tools via MCP -- you need enforceable guardrails. Control Zero provides them transparently.
Hello World: See It Work in 60 Seconds
You have an AI agent that calls a database query tool. You want to allow read operations but block any writes.
1. You define this policy in the Control Zero dashboard:
{
"name": "db-read-only",
"rules": [
{ "effect": "allow", "action": "database:query", "resource": "*" },
{ "effect": "deny", "action": "database:execute", "resource": "*" }
]
}
2. You initialize the client and call your tool through the SDK:
from control_zero import ControlZeroClient, PolicyDeniedError
client = ControlZeroClient(api_key="cz_live_your_key_here")
client.initialize() # fetches config and policies from Control Zero
# Allowed -- matches "allow database:query"
result = client.call_tool("database", "query", {"sql": "SELECT * FROM orders"})
# Blocked -- matches "deny database:execute"
client.call_tool("database", "execute", {"sql": "DROP TABLE orders"})
# Raises PolicyDeniedError before the tool is invoked
3. The SDK enforces your policies automatically:
from control_zero import ControlZeroClient, PolicyDeniedError
client = ControlZeroClient(api_key="cz_live_your_key_here")
client.initialize()
try:
client.call_tool("database", "execute", {"sql": "DELETE FROM users"})
except PolicyDeniedError as e:
print(f"Blocked: {e}")
# e.decision.reason -- human-readable explanation
# e.decision.policy_id -- which policy matched
You did not write any enforcement logic. You did not reference any policy in your code. The SDK evaluated the tool call against the policies you defined in the dashboard and blocked it automatically.
The Key Idea: Policies Live in the Dashboard, Not in Your Code
This is the core design principle:
- Policies are defined in the Control Zero dashboard (or via the API). They describe what actions are allowed or denied.
- Your code calls tools through the SDK client. No references to specific policies, no action names hardcoded in your application.
- The SDK handles enforcement automatically. Every
call_tool()invocation is evaluated against the locally cached policy bundle before the tool is invoked.
You can change policies at any time in the dashboard without touching your code. New policies take effect within 60 seconds (or immediately with a manual refresh).
What Gets Enforced
Every call made through call_tool() is checked against your active policies before the tool executes. The policy action is derived from the tool name and method you pass:
call_tool() arguments | Policy action checked |
|---|---|
call_tool("github", "list_issues", ...) | github:list_issues |
call_tool("database", "query", ...) | database:query |
call_tool("filesystem", "write_file", ...) | filesystem:write_file |
call_tool("slack", "post_message", ...) | slack:post_message |
You define policies using these tool:method action strings in the dashboard. The SDK evaluates them locally from a cached policy bundle with zero network latency per call.
Architecture
The flow:
- You define policies in the dashboard.
- The server compiles them into an encrypted, signed bundle.
- The SDK downloads the bundle once at startup, caches it locally.
- Every wrapped API call is automatically checked against the local cache. Zero network latency.
- Every decision (allow or deny) is logged for audit.
Enforcement Flow
Key Capabilities
- Automatic enforcement -- Wrap your AI client once. All API calls are governed by your dashboard policies.
- MCP tool control -- Restrict which MCP servers and tools an agent can invoke.
- Tamper-proof bundles -- Policy bundles are encrypted (AES-256-GCM) and signed (Ed25519).
- Offline enforcement -- After the initial bundle download, enforcement is local with zero latency.
- Audit trail -- Every decision is logged with action, resource, result, and timestamp.
- Secrets vault -- Optionally store LLM provider keys in an encrypted vault.
- Multi-language -- Official SDKs for Python, Go, and Node.js.
Next Steps
- Quick Start -- Get up and running in 5 minutes.
- Policies -- Learn how to construct policies in the dashboard.
- Integrations -- OpenAI, Anthropic, LangChain, CrewAI, and more.
- Blueprint Library -- Exhaustive implementation patterns for Enterprise SRE, HR, and Finance.
- Guides -- Build real applications with automatic policy enforcement.