promptfoo
Policy-as-code for MCP agents: deny risky tool calls before they run, prove what ran with verifiable evidence, and enforce egress in the kernel (eBPF/LSM, Linux). Deterministic, offline-first, bounded claims.
Production-Grade LLM Security Framework - Protect against prompt injection, jailbreaks, and data leakage