What is Caracal?

Caracal turns ambient credentials into short-lived, signed mandates that every agent action is checked against — before a single line of code runs.

Mandates

Short-lived, signed authority objects scoped to a principal, policy, and intent. The replacement for long-lived API keys.

Read the model →

Policies

Declarative rules evaluated at the gate. Every action is permitted, denied, or constrained — deterministically and explainably.

Author a policy →

Audit

Every decision recorded in an append-only ledger. Replay any agent run, prove compliance, and revoke authority instantly.

Audit & replay →

Pick your path Where to start

Caracal serves three audiences. Jump straight into the docs that match how you work.

Operators

Run Caracal in production

Install the CLI, bring up the runtime, and route agent traffic through enforced authority in minutes.

CLI & configuration →

Developers

Build agents under authority

Use the SDKs to request mandates, wrap tool calls, and ship agents that obey policy by construction.

SDK & API →

Security & Platform

Design the control plane

Understand the runtime model, threat surface, and data flows behind pre-execution enforcement.

Architecture & threat model →

Choose your edition Open Source & Enterprise

The same enforcement core. Pick the distribution that fits how you ship.

Caracal Open Source

For builders and self-hosted teams

• Full enforcement runtime, CLI, and SDKs
• Mandates, policies, caveats, delegation
• Local audit ledger
• MCP adapter and tool integrations
• Apache-2.0 licensed
• Community support

Read the OSS docs →

Caracal Enterprise

For regulated and large-scale deployments

• Everything in Open Source
• Tamper-evident, signed audit ledger
• SSO, RBAC, and multi-tenant control plane
• Air-gapped and on-prem deployment
• SLA-backed support and incident response
• Compliance reporting and exports

Talk to us →

Join the community Build with us

Caracal is built in the open. Ask questions, file issues, and shape the roadmap.

GitHub

Source, issues, and pull requests. Star the repo to follow releases.

Garudex-Labs/caracal →

Discord

Real-time chat with maintainers and other operators. Share what you build.

Join the server →

Contribute

Roadmap, contribution guide, and good-first-issue list for new contributors.

Start contributing →

Get in touch Talk to Caracal

Pick the channel that fits your question. We answer fast.

Sales & demos

Book a 30-min call

Walk through your use case, see Caracal Enterprise live, and scope a deployment.

Schedule on Cal.com →

General inquiries

Email us

Partnerships, press, support escalations, and everything else.

hello@garudexlabs.com →

Security disclosures

Report a vulnerability

PGP-signed reports welcome. We acknowledge within one business day.

security@garudexlabs.com →

Caracal

Authority infrastructure for production agents.

Docs

Get started Concepts CLI SDKs

Product

Open Source Enterprise Architecture Glossary

Community

GitHub Discord Contribute Style guide

Company

Contact Security Disclosure Hardening

© 2026 Garudex Labs. All rights reserved.

Caracal is open source under Apache-2.0.