Agent Workload Assurance Execution Risk from Silicon to Semantic
Before an autonomous agent executes a critical task, someone needs to answer: "Is it safe to act right now?" FFWD is the only platform that answers this quantitatively — with a real-time Execution Risk Score that evaluates the agent, the full stack beneath it, and the task at hand.
Powered by Nio — our open-source agent guard for Claude Code, Codex CLI, and any tool-calling AI agent.
The 2-way problem
The stack affects the agent. The agent affects the stack.
Most agent safety solutions watch one direction — what the agent says and does. FFWD watches both.
Stack » Agent : Infrastructure instability or changes silently degrades agent judgement. A configuration agent has intermittent reach to its file server. It adapts — resolves an alternative hostname via DNS and connects. What it doesn't know: that hostname was migrated three months ago to a new system still serving draft, unapproved templates. The agent finds differences against production, concludes the switches are out of date, and pushes updates. Six switches now run unapproved configs. Its log reads: "Task complete."
Agent » Stack: Agent actions ripple outward into downstream systems. A legitimate-looking query triggers a full table scan. A configuration change degrades adjacent services. An authentication chain escalates privileges nobody intended. The agent's logs show nothing wrong. The surrounding environment is where the evidence lives.
The clues and symptoms for agent anomalies are scattered across its surrounding environment — not just inside the agent itself.
NIO — OPEN-SOURCE AGENT GUARD
Execution assurance and observability for autonomous AI agents — the open-source agent-side enforcement that produces FFWD’s Execution Risk Score.
Nio installs at the edge with your tool-calling agent — Claude Code, Codex CLI, OpenClaw, Hermes — and evaluates every tool call through a multi-phase pipeline before it runs. Allow, deny, or request confirmation. Every action is captured as OpenTelemetry signals plus a local audit trail.
Not a chatbot guardrail. Not a security-only filter. Nio gates execution for the agents most safety solutions don’t cover — infrastructure, data pipeline, deployment, identity. The agents with elevated privileges, largely irreversible actions, and large blast radii. Their failure mode isn’t a harmful response; it’s an operational cascade that shows up hours later in an outage report attributed to “infrastructure issues.”
- Real-time pre-execution gating across multiple phases, with weighted scoring
- Static, runtime, behavioural, LLM-based and external scoring engines
- OpenTelemetry metrics, traces, and logs out of the box
- Local JSONL audit log; optional external OTEL export
- Apache-2.0 — runs on your machine, no data leaves
EXECUTION RISK SCORE
A composite Go/No-Go verdict before every critical action.
Nio evaluates task criticality at the agent edge and gates execution — a No-Go verdict stops the action before it proceeds.
Agent State
Model interaction health, behavioral drift, anomaly patterns in the agent's own telemetry
Stack State
Infrastructure health from silicon to containers, evaluated by FFWD's cross-domain anomaly correlation across the full stack the agent depends on and acts upon
Task Criticality
The impact level of the specific task the agent is about to execute. A routine log query and a production network re-route carry different risk thresholds.
The score is a composite of quantitative marker signals from FFWD's eight ML models and qualitative assessment from LLM reasoning (Claude, GPT, Gemini, Grok, or on-prem models). Not purely statistical. Not purely generative. Both.
AGENT TELEMETRY COLLECTION
Zero-instrumentation. No code changes. Deploy alongside your agents.
FFWD collects agent telemetry through three approaches — all non-intrusive:
eBPF Probe — Generates OTEL traces from agent activity at the kernel level and sends to FFWD's anomaly backend. Captures main agent and all sub-agents.
Rust Collector — Installed on the host machine for high-performance capture of agent interactions.
Sniffing Approach — Non-intrusive network probe. No agent code changes required.
Nio Agent Framework Plugin — Our open-source agent guard plugs directly into Claude Code, Codex CLI, and other agent frameworks. Captures telemetry and enforces go/no-go decisions at the tool execution boundary. No agent code changes required.
Data collected spans four categories:
Identity — LLM provider, model, request type, agent name. Content — Prompts, responses, tool calls, function names. Usage & Cost — Prompt tokens, completion tokens, total tokens, reasoning tokens, cost, latency. Behavior — Error rate, retry count, finish reason, execution path.
Agent behavior drifts over time — model updates, context changes, infrastructure shifts. Continuous monitoring detects drift before it manifests as failure.
AGENT-NATIVE DELIVERY
Risk Scores delivered where agents already run — through hooks, plugins, and MCP
Hooks and plugin (Nio). FFWD delivers Execution Risk Scores into your agent runtime through Nio — our open-source hooks and plugin for Claude Code, Codex CLI, OpenClaw, Hermes, and other tool-calling frameworks. Scores arrive at the tool execution boundary and gate actions as a hard stop before they run, rather than relying on the agent to self-enforce.
MCP server. The same scores are also exposed via FFWD’s native MCP server. AI apps — Claude, Copilot, GPT, or custom-built — can query agent and stack risk conversationally as part of their standard tool-calling workflow.
Enterprise-grade ReBAC permissions ensure multi-tenant, tiered access control. Agents only see the resources and scores they’re authorised to access.