A lot of agent frameworks focus on reasoning, planning, or tool orchestration — but very few focus on security boundaries. Right now, most agents can call any tool they’re given, and the only guardrail is “hope the model behaves.”

This repo is an attempt to explore a different pattern: - Agents request actions - A separate layer authorizes or denies them - Capabilities are explicit, not implicit - Policies are external, not baked into prompts

Even a simple mock version helps clarify the architecture. My goal is to make this pattern easier to adopt before agents start touching real systems.

Thanks for checking this out. A quick note: this repo is intentionally lightweight. It’s not trying to be a framework — just a starting point for thinking about agent security in a more structured way.

The next steps I’m considering: - Adding a real capability‑token validator - A more complete “action firewall” example - A Python version - A few real‑world tool integrations (email, DB, file ops) - A diagram of how this fits into an agent stack

If you have thoughts on what would be most valuable, I’d love to hear them.