GALXEE AI CfAM
GALXEE AI CfAM — First Agentic AI Containment Middleware

AI Agents That Stay In Bounds.

CfAM is the first middleware layer purpose-built for agentic AI containment. It intercepts, verifies, and enforces policy on every action your agents take — before execution.

Model-agnostic. Works across OpenAI, Anthropic, Gemini, and any LLM-based reasoning system. Three lines of code to full containment.

0 funding requested · Denver, CO
Read the Docs Project Brief
agent_setup.py
<2ms
Latency overhead
8+
LLMs supported
100%
Audit integrity
// The Problem

Agentic AI systems are increasingly autonomous — and increasingly uncontained.

Enterprise workflows, government systems, and defense-adjacent deployments rely heavily on AI agents that make real API calls, query databases, and communicate across channels. Today, safety exists only as policy reminders — while the actual ability to enforce those policies at the execution layer is missing.

No execution-layer enforcement

Policy reminders exist. Actual enforcement at the point of execution does not.

Cross-agent contamination

Agents share context across tasks, enabling data leakage and privilege escalation.

No tamper-evident audit trail

When an agent misbehaves, there is no cryptographically verifiable record of what happened.

// Architecture

Three components. Full containment.

CfAM converts GALXEE AI's voice and automation companion service agents into a contained, policy-enforced execution environment. Each component is independently verifiable.

Policy Engine

Cryptographically signed capability manifests that define what an agent is permitted to do. Boundary violations are detected before execution.

example
policy = ContainmentPolicy(
  mode="strict",
  allowed_domains=[...],
  sandbox=True
)

Containment Layer

Executes agent-requested API calls, telemetry, and database communications in ephemeral sandboxes. Validates every proposed action before execution.

example
verdict = await layer.evaluate(
  action=ActionType.HTTP_REQUEST,
  target=url, method="POST"
)

Audit Chain

Immutable, tamper-evident hash-chained log of every agent action. Cryptographically verifiable for compliance and forensic investigation.

example
logger.record(event)
# chain_hash = SHA256(prev_hash + event)
logger.verify_chain()  # → True
Request Flow
Agent proposes action
Policy Engine validates
Containment Layer executes
Audit Chain records
Result returned
If Policy Engine rejects → action is blocked, event is logged, agent is notified
// Integration

Model-agnostic. Drop-in ready.

Works with any LLM-based reasoning system. No infrastructure changes. No proxy servers.

pip install containai-middleware
 1from containai_middleware import AgentMiddleware 2 3agent = AgentMiddleware( 4    policy="strict", 5    allowed_domains=["api.openai.com", "api.anthropic.com"], 6    max_requests_per_minute=60, 7    audit_log=True, 8    sandbox=True 9)1011@agent.secure12async def run_agent(task: str) -> str:13    response = await my_ai_agent.execute(task)14    return response
// Use Cases

Built for high-stakes deployments

CfAM directly addresses the technical and commercial need for autonomous agents that can act, but cannot exceed their authority.

Enterprise Workflow Agents

Finance, HR, and operations agents that interact with internal APIs and databases — contained to their authorized scope.

[ALLOWED] GET /api/hr/employee/123 — 89ms[BLOCKED] GET /api/finance/payroll — not in scope[AUDIT] action logged: evt_7f2a1b

Government & Defense Workflows

Agents operating in sensitive environments where every action must be cryptographically auditable and policy-enforced.

[VERIFY] clearance_level: authorized[ALLOWED] POST /secure/api/report — 201ms[CHAIN] audit_hash: 9f3a2b...verified

Voice & Companion Service Agents

GALXEE AI's own voice and automation companion agents — the first production deployment of CfAM.

[SANDBOX] session: ephemeral-7f2c[ALLOWED] api.openai.com/v1/chat — 142ms[WIPE] context cleared post-session

Critical Infrastructure Readiness

Agents in energy, healthcare, and logistics where a single unauthorized action can have real-world consequences.

[POLICY] mode: strict[BLOCKED] POST /control/valve — domain_not_allowlisted[ALERT] violation_count: 1 → notified
// Project Phases

Roadmap to production

Funded by a $500K grant request, CfAM follows a structured path from R&D to commercial deployment.

01

R&D

  • Core middleware architecture
  • Policy engine design
  • Containment layer prototype
02

Hardening

  • Pen testing & security audit
  • Team validation
  • Benchmark development
03

Pilots

  • Design partner pilots
  • Enterprise deployment tests
  • LLM compatibility matrix
04

Commercial

  • Production-ready docs
  • Federal funding pursuit
  • Enterprise transition
// Get Started

Contain your agents in minutes.

Download the SDK, read the docs, or explore the interactive policy builder. CfAM is model-agnostic and production-ready.

Read the Docs Project Brief PDF
Quick install
Python
pip install containai-middleware
Node.js
npm install containai-middleware
Download
/middleware/containai_middleware.py
Apache 2.0
Open Source
Model-Agnostic
8+ LLMs
Zero-Trust
By default