Use case · Enterprise agent governance

Govern what your agents
see, use and remember.

LeanCTX is the governance layer for agent fleets: PathJail confines file access, a shell allowlist blocks dangerous commands, secrets are redacted before models see them, budgets cap spend per role, and an Ed25519-signed audit ledger proves what happened. Local-first: nothing leaves the machine.

Book a pilot Read the security model
The problem

What it costs you today.

01

"Trust us" is not a security model

Agents touch production code and customer data. Without enforced boundaries, every prompt is one injection away from an incident.

02

Spend without accountability

Token bills arrive as one number. Which team, which agent, which task? Most stacks cannot attribute a single dollar.

03

Audits have nothing to read

When compliance asks what an agent read and ran in March, a log folder of raw prompts is not an answer.

Shipped today

The capabilities that do the work.

Everything below ships in the open-source binary today. No roadmap items, no waitlists.

Your tools LeanCTX Model
PathJail filesystem confinement: agents read only what policy allows
Shell allowlist dangerous commands blocked before execution
Secret redaction keys and credentials stripped before any model sees them
Injection detection OWASP-aligned screening of untrusted content
Signed audit ledger Ed25519-signed, hash-chained record of reads, commands and savings
Quickstart

From zero to first gain.

# inspect the active security posture
$ lean-ctx doctor
# verify the signed savings chain end to end
$ lean-ctx savings verify
# export the ledger for compliance
$ lean-ctx savings export
# live observability for the whole layer
$ lean-ctx dashboard
Go deeper

One guide. Two journeys. Full reference.

guide Security model PathJail, allowlists, redaction and detection in depth. journey Security & governance journey Policies, budgets and audit in practice. journey Prove It: the signed savings receipt How the Ed25519 chain works and verifies. reference Enterprise overview SSO, fleet policies, air-gapped deployment.
FAQ

Questions teams ask before adopting.

What leaves the machine?

Nothing, and you can verify it. LeanCTX runs locally with zero telemetry. The audit ledger, cache and knowledge store are local files; network egress happens only where your own configuration sends it.

How does the audit ledger resist tampering?

Entries are hash-chained and Ed25519-signed. Any modification breaks the chain, and lean-ctx savings verify proves integrity end to end, exportable for compliance.

Does governance slow agents down?

No. Policy checks run in-process in the same Rust binary that serves reads. Microseconds, not round-trips. Governance and compression share one pass.

Take back control of your context.

Free for local use, forever. CI enforces it. One binary, ten minutes to the first measured gain.

Book a pilot See plans