Execution graph
ES and NE events become semantic verbs (readFile, spawnProcess, networkConnectExternal) in the behavioral correlation graph. Engine detail: Behavioral detection (appendix). Live UI: Observatory.
Documentation
Concepts
How the AI agent firewall works — execution graph, enforcement planes, agent classification.
Read scenarios first
Attack chains with labs: What TURI does on Mac. Category positioning: docs overview. Honest limits: evaluation.
readFile
spawnProcess
networkConnectExternal
writeFile
Example multi-step rule: secret read → external connect — lab
Two enforcement planes
Synchronous (ES): ExecGovernor, file governors, supply-chain DECIDE. Async (app): causal graph + behavioral rules → VerdictCache. See architecture and enforcement modes.
Optional mf exec
Commercial agents usually spawn via
posix_spawn without capability tokens. Default enforcement uses ExecGovernor + policy. Tokens are a fast-path when present.Why not traditional tools?
TURI is not EDR, SAST, or prompt filtering — see the comparison on the docs overview.
Names
- TURI — the AI agent firewall (product brand)
- MacFirewall — internal engineering codename
- DriftCop — internal name for policy + broker semantics
Running AI agents on Mac at scale? We'll tune policy with you.
Design partners →