The Trust Layer for Autonomous AI Agents
Permiscope is an open-source infrastructure layer that mediates all real-world actions performed by autonomous AI agents. Think of it as OAuth + Policy Engine + Audit System for AI agents.
Without mediation, agents operate with full system permissions — a single bug or prompt injection can cause catastrophic damage. Permiscope enforces least privilege, human oversight, and auditability by default, making autonomous systems safe for production.
The industry has moved beyond “Look what this agent can do” to “How do I stop this agent from breaking critical systems?”
Current agent frameworks typically operate with:
Instead of agents directly accessing files, APIs, or shells, every action flows through Permiscope’s Secure Execution Gateway.
graph LR
Agent[🤖 AI Agent] --> Gateway[🔒 Secure Gateway]
Gateway --> Policy{📜 Policy Engine}
Policy -->|✅ Allow| System[💻 System / API]
Policy -->|❌ Block| Agent
Policy -->|🙋 Approvals| Human[👤 Human Admin]
Human -->|Approve| System
Gateway -.->|📝 Logs| Audit[Audit Trail]
🔐 Granular Control
|
👤 Human-in-the-Loop
|
📝 Trust & Transparency
|
🚀 Advanced Features
|
npm install permiscope
Get a guided tour of Permiscope in action:
npx permiscope --demo
This demo showcases allowed, blocked, and human-approved actions in a safe environment.
Permiscope is designed for high-trust environments. Use these environment variables to harden your installation:
| Variable | Importance | Description |
|---|---|---|
PERMISCOPE_AUDIT_SECRET | Critical | Secret key for HMAC-SHA256 audit log signing. |
PERMISCOPE_DASHBOARD_TOKEN | High | Bearer token required to update approvals via the API/Dashboard. |
PERMISCOPE_STRICT_LOGGING | Medium | Set to true to block actions if the audit log cannot be written. |
Permiscope allows you to wrap agent commands safely:
permiscope run_command "echo hello"
permiscope run_command "rm -rf /"
[!IMPORTANT] In production, always set
PERMISCOPE_DASHBOARD_TOKENfor the control plane.
# From within the repository
npm run dev:dashboard
Permiscope doesn't create agents — it governs what they can do.
Permiscope is a trust layer, not an agent framework. It wraps your existing execution logic with policy enforcement, approvals, and audit logging. Works with:
import { PermiscopeAdapter } from 'permiscope';
// Create a trust layer with default policy
const permiscope = new PermiscopeAdapter();
// Execute actions through the governed gateway
const content = await permiscope.act('read_file', { path: 'config.json' });
Use wrap() to govern any function:
import { PermiscopeAdapter } from 'permiscope';
import * as fs from 'fs';
const permiscope = new PermiscopeAdapter({ policy: myPolicy });
// Wrap your existing executor
const safeReadFile = permiscope.wrap('read_file', async (params) => {
return fs.readFileSync(params.path, 'utf-8');
});
// Now your function is governed
const content = await safeReadFile({ path: 'config.json' });
import { withPermiscope } from 'permiscope';
// Create a governed function in one line
const safeDelete = withPermiscope('delete_file', async (params) => {
fs.unlinkSync(params.path);
}, { policy: strictPolicy });
await safeDelete({ path: '/tmp/temp.txt' });
import { PermiscopeAdapter, defaultPolicy } from 'permiscope';
const permiscope = new PermiscopeAdapter({
policy: {
scopes: [
...defaultPolicy.scopes,
{ actionName: 'call_api', decision: 'REQUIRE_APPROVAL' }
]
}
});
import { PermiscopeAdapter } from 'permiscope';
const permiscope = new PermiscopeAdapter();
async function agentStep(action: string, params: Record<string, any>) {
// All actions go through the trust layer
return permiscope.act(action, params);
}
// Your agent loop
while (hasMoreWork) {
const nextAction = await agent.plan();
const result = await agentStep(nextAction.name, nextAction.params);
await agent.observe(result);
}
import { PermiscopeAdapter, withPermiscope } from 'permiscope';
// Wrap LangChain tool executors
const safeShellTool = withPermiscope('run_command', async (params) => {
return shellTool.call(params.command);
});
// Use in your chain
const tools = [safeShellTool, safeFileTool];
Permiscope works with any agent framework or custom workflow.
| Framework | Pattern | Demo |
|---|---|---|
| LangChain | Wrap Tool Executors | langchain.ts |
| CrewAI | Multi-Agent Governance | crewai.ts |
| Custom Loops | Mediated act() calls | custom-loop.ts |
| Workflows | Functional wrap() | workflow-runner.ts |
Learn more in the Integrations Guide.
Check out src/scenarios/ for full demos:
See the /docs folder for detailed guides:
We welcome community contributions! Permiscope uses structured templates for Bug Reports, Feature Requests, and Pull Requests.
MIT License. See LICENSE for more information.
FAQs
The Trust Layer for AI Agents - Secure gateway for autonomous tools.
We found that permiscope demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.