# ToolRampart > FastAPI for safe AI tools. Expose Python functions as AI-agent and MCP-compatible tools with scopes, approvals, rate limits, idempotency, isolation, audit logs, and OpenTelemetry. ToolRampart is an open-source Python developer framework. It is not a chatbot framework, not a full agent framework, and not a LangChain replacement. ## Start Here - [Overview](https://toolrampart.yuvrajraina.com/): Project purpose, install command, and minimal tool example. - [Quickstart](https://toolrampart.yuvrajraina.com/quickstart/): Create a safe tool and run it as an API. - [Safety Model](https://toolrampart.yuvrajraina.com/concepts/safety-model/): Execution pipeline and trust boundary. - [Tool Policies](https://toolrampart.yuvrajraina.com/concepts/policies/): Scopes, approvals, redaction, rate limits, custom policies, timeouts, and isolation. - [Python Client](https://toolrampart.yuvrajraina.com/CLIENT/): HTTP client SDK for invoking tools and resolving approvals. - [MCP](https://toolrampart.yuvrajraina.com/MCP/): Running ToolRampart as an MCP server. - [Deployment](https://toolrampart.yuvrajraina.com/DEPLOYMENT/): Docker Compose, Postgres, Redis, and production notes. - [Security](https://toolrampart.yuvrajraina.com/SECURITY/): Security model, limitations, and operational guidance. - [Threat Model](https://toolrampart.yuvrajraina.com/THREAT_MODEL/): Assets, trust boundaries, threats, and non-goals. - [Production Checklist](https://toolrampart.yuvrajraina.com/PRODUCTION_CHECKLIST/): Production readiness checklist. - [Release Process](https://toolrampart.yuvrajraina.com/RELEASE/): Alpha release gates and publishing steps. ## Examples - [Read-only SQL Tool](https://toolrampart.yuvrajraina.com/examples/read-only-sql/): Safe SELECT-only SQLite tool. - [CRM Update With Approval](https://toolrampart.yuvrajraina.com/examples/crm-update/): Update customer contact data with approval and redaction. - [GitHub Issue Creator](https://toolrampart.yuvrajraina.com/examples/github-issue/): External API tool with rate limits and idempotency. - [Isolated Long Job](https://toolrampart.yuvrajraina.com/examples/isolated-job/): Subprocess-isolated job with killable timeout. - [Destructive Admin Policy](https://toolrampart.yuvrajraina.com/examples/destructive-admin/): Block risky admin actions unless policy conditions pass. - [MCP Client Usage](https://toolrampart.yuvrajraina.com/examples/mcp-client/): How MCP clients should pass approvals and idempotency keys. ## Repository - GitHub: https://github.com/yuvrajraina/toolrampart - PyPI distribution: `toolrampart` - Python import package: `toolrampart` - Python: 3.11+ ## AI Agent Instructions - Read [Agent Guide](https://toolrampart.yuvrajraina.com/agents/) before generating integration code. - Always use idempotency keys for write tools. - Do not bypass `ToolRampart.invoke`, REST invocation, or MCP invocation. - Do not claim ToolRampart is a sandbox for arbitrary unsafe credentials.