Open Source · MVPv0.1 · LangChain + CrewAI integrations
AI Execution Control Layer

Your AI agents don't actually wait.
ChronoGuard does.

Open-source middleware that sits between your agents and your LLM providers. Enforces time delays, cooldowns, and approval gates with persistent state — outside the model, where LLMs can't override them.

100%
stateless LLMs blocked
4
core API endpoints
MIT
license
chronoguard / execution-loglive
14:23:01.042INFOtimer/start → conversation:c8f2a1 | duration: 600s
14:23:01.043LOCKconversation:c8f2a1 → state: IDLE → LOCKED
14:23:04.218BLOCKmessage/post blocked — active timer T:0941 | remaining: 596.8s
14:23:09.001BLOCKmessage/post blocked — active timer T:0941 | remaining: 591.9s
14:23:14.444INFOstatus:c8f2a1 → LOCKED | expiresAt: 14:33:01
14:23:22.710BLOCKmessage/post blocked — active timer T:0941 | remaining: 579.3s
14:33:01.000EXPIRtimer T:0941 → state: ACTIVE → EXPIRED
14:33:01.001UNLCKconversation:c8f2a1 → state: LOCKED → EXPIRED
14:33:02.120INFOmessage/post accepted → forwarding to LLM provider
14:33:02.311AUDITenforcement event logged | policy: time-lock | result: pass
14:33:05.880INFOtimer/start → conversation:d4c9b3 | duration: 300s
14:33:05.881LOCKconversation:d4c9b3 → state: IDLE → LOCKED
14:33:07.003BLOCKmessage/post blocked — active timer T:0942 | remaining: 298.9s
14:35:10.100OVRDtimer/override → T:0942 | reason: manual | authorized: true
14:35:10.101UNLCKconversation:d4c9b3 → state: LOCKED → OVERRIDDEN
14:23:01.042INFOtimer/start → conversation:c8f2a1 | duration: 600s
14:23:01.043LOCKconversation:c8f2a1 → state: IDLE → LOCKED
14:23:04.218BLOCKmessage/post blocked — active timer T:0941 | remaining: 596.8s
14:23:09.001BLOCKmessage/post blocked — active timer T:0941 | remaining: 591.9s
14:23:14.444INFOstatus:c8f2a1 → LOCKED | expiresAt: 14:33:01
14:23:22.710BLOCKmessage/post blocked — active timer T:0941 | remaining: 579.3s
14:33:01.000EXPIRtimer T:0941 → state: ACTIVE → EXPIRED
14:33:01.001UNLCKconversation:c8f2a1 → state: LOCKED → EXPIRED
14:33:02.120INFOmessage/post accepted → forwarding to LLM provider
14:33:02.311AUDITenforcement event logged | policy: time-lock | result: pass
14:33:05.880INFOtimer/start → conversation:d4c9b3 | duration: 300s
14:33:05.881LOCKconversation:d4c9b3 → state: IDLE → LOCKED
14:33:07.003BLOCKmessage/post blocked — active timer T:0942 | remaining: 298.9s
14:35:10.100OVRDtimer/override → T:0942 | reason: manual | authorized: true
14:35:10.101UNLCKconversation:d4c9b3 → state: LOCKED → OVERRIDDEN
The statelessness problem
Without ChronoGuard
// agent.ts — LangChain agent
 
const result = await agent.run("Wait 10 minutes then retry.");
 
// What the LLM does:
> "I will wait 10 minutes."
> [immediately calls tool again]
 
// LLMs have no persistent timer state.
// "Wait" is an instruction, not enforcement.
With ChronoGuard
// agent.ts — ChronoGuard middleware
 
const cg = new ChronoGuard("http://localhost:3001");
 
await cg.startTimer(conversationId, 600);
// conversation locked for 600s
 
await cg.sendMessage(conversationId, msg);
// ← BLOCKED: 596.8s remaining
 
// After 600s: automatically unlocked.
> enforcement guaranteed. always.
How it works
Your AgentLangChain / CrewAI
ChronoGuardEnforcement Layer
LLM ProviderOpenAI / Anthropic
01LOCKED
Agent requests a timer
Your agent calls POST /v1/timer/start with a conversation ID and duration. ChronoGuard creates a persistent timer and immediately locks the conversation.
02BLOCKED
All LLM calls are blocked
Every subsequent POST /v1/message is rejected with a 423 status until the timer expires. The LLM provider never receives the request — enforcement is absolute.
03EXPIRED → PASS
Timer expires, lock releases
At expiry, the conversation transitions to EXPIRED state. Future messages flow through to the LLM. Every enforcement event is logged for auditability.
04OVERRIDDEN
Override when needed
Authorized parties can POST /v1/timer/override to release a lock early. The LLM never controls this path — override requires an explicit external API call.
Features
MVP
Time Enforcement
Persistent timer state locks conversations and blocks LLM calls until expiry. Enforcement lives in the middleware layer — the LLM has zero control over its own timers.
IDLE → LOCKED → EXPIRED state machine
Hard 423 blocks on POST /v1/message
Configurable duration per conversation
Audit log on every enforcement event
MVP
Time Awareness
Injects real-world temporal context into every prompt: current timestamp, timezone, day of week, and part of day. LLMs can reason contextually — 3am vs. 3pm matters.
Current time + timezone injected
Day-of-week and part-of-day context
Consistent across all conversations
Zero application code changes
Roadmap
Policy Engine
Approval workflows, retry limits, cooldown windows, and role-based overrides. Define execution policies as code and enforce them outside the model at the infrastructure layer.
Approval gate workflows
Retry limits + cooldown windows
Role-based override permissions
Budget-aware routing
Roadmap
Audit & Observability
Every enforcement decision logged, timestamped, and attributable. Full execution audit trail for compliance and debugging — because unexplained AI behavior is a liability.
Immutable enforcement event log
Who triggered each override
Policy evaluation trace
Export to Datadog / Grafana
MVP
Cross-Provider Enforcement
Works with OpenAI, Anthropic, Google, and local models. Enforcement is provider-agnostic — swap your LLM without changing your governance layer.
OpenAI, Anthropic, Google supported
Local model (Ollama) compatible
No vendor lock-in
Single integration point
MVP
Drop-in Integration
Four API endpoints. One SDK install. Integrates into LangChain, CrewAI, AutoGen, and n8n without architectural changes. Add enforcement to existing agents in minutes.
POST /v1/timer/start
POST /v1/message
GET /v1/status/:id
POST /v1/timer/override
Integrations
LangChain
Available
CrewAI
Available
AutoGen
In progress
n8n
Planned
Flowise
Planned
Temporal
Planned
ChronoGuard slots into your existing stack as a middleware layer. No architectural rewrites. No framework lock-in. Drop it in front of any LLM call in under 10 minutes.
# install the SDK
npm install @chronoguard/sdk
 
# or run self-hosted via Docker
docker run -p 3001:3001 \
-e DATABASE_URL=$YOUR_DB \
ghcr.io/chronoguard/chronoguard:latest
Pricing
Open Source
Self-hosted
Freeforever
View on GitHub
Full core enforcement engine
Time enforcement + timer state machine
Time awareness context injection
4 core API endpoints
LangChain + CrewAI SDK
Self-host on any infrastructure
MIT licensed
Recommended
Cloud
Managed · Usage-based
$0.002per enforced event
Join waitlist
Everything in Open Source
Managed hosted infrastructure
99.9% SLA uptime guarantee
Usage-based billing — pay for what you enforce
Dashboard + analytics
Email + Slack support
Coming soon
Enterprise
Custom
Customcontact us
Talk to us
Everything in Cloud
SSO + RBAC
Role-based override permissions
Audit log export (Datadog / SIEM)
Custom retention policies
Dedicated support + SLA
Enterprise governance features
Open source · Start today

Stop trusting LLMs to enforce their own rules.

ChronoGuard is MIT-licensed and ready to drop into your agent stack. Self-host in minutes. No vendor lock-in.

Star on GitHubRead the docs