返回
GCgithub.com
33
·开发者社区 · RSS

Show HN: Scan your AI agents for dangerous capabilities

查看原文
推荐理由

这条记录涉及编程工具或代码能力更新,适合开发者评估工作流变化和可复用价值。

AI 摘要

TopicRadar 摘要: MakerChecker 是一个开源安全层,旨在扫描并保障 AI 代理的行为。它通过默认拒绝、人工审批和加密签名的审计追踪,确保代理只能执行被授权的操作,并且无法批准自己的工作。该

The open-source security layer for AI agents.

Deny-by-default enforcement, human approvals, and a cryptographically signed audit trail — so your agent runs only what it's granted and provably can't approve its own work.

Website · Live Demo · mc scan · Docs

Your agents keep running in their existing framework (LangChain, Claude SDK, CrewAI). MakerChecker sits in front of every tool call as a checkpoint and behind it as a signed ledger: an agent acts only through a role, runs only the skills it was granted, cannot exceed its limits, and cannot approve its own work.

🚀 Quick Start

1 — Scan your code

Find what your agent can already do on its own, classified by risk. No install, nothing leaves your machine:

npx @makerchecker/scan .

It flags every consequential action — deleting data, moving money, running shell commands, exfiltrating secrets — names each against the real incident it resembles, and can write the governance code for you with --fix. → packages/scan

2 — Guarantee its behavior

Import the controls and wrap any tool. The agent can now only run what its role was granted — a call it isn't allowed is denied before it executes:

npm i @makerchecker/embedded

import { createGovernor , GovernanceDeniedError } from "@makerchecker/embedded" ;

const gov = createGovernor ( ) . defineSkill ( "place-order@1" , { riskTier : "high" } ) . defineRole ( "agent" ) . defineRole ( "risk-desk" ) . grant ( "risk-desk" , "place-order@1" ) // the agent is NOT granted it — deny by default . defineAgent ( "trader" , "agent" ) ;

// Wrap your tool once. Now the agent structurally can't fire it. const placeOrder = gov . governedTool ( "trader" , "place-order@1" , ( order ) => broker . submit ( order ) ) ;

try { await placeOrder ( { symbol : "BTC" , qty : 10 } ) ; } catch ( err ) { if ( err instanceof GovernanceDeniedError ) console . log ( err . code ) ; // "skill_not_granted" }

High-risk skills go to a separate role, so an agent can never approve its own work — and every decision, allowed or denied, commits to a signed audit log. → packages/embedded

3 — Working with auditors?

Step 2 already writes a signed log. When auditors need a durable, queryable, tamper-evident record — plus a human-approval inbox and a review console — run the self-hosted server:

docker compose up

Every decision is Ed25519-signed and hash-chained: change any row and verification breaks. Export a bundle and anyone verifies it offline — no database, no trust in the process that produced it. → full server setup below

These are three independent packages — mc scan , @makerchecker/embedded , and the server — that enforce the same controls and write the same signed audit format. Adopt any one on its own.

🔬 Governed Use Cases

Runnable examples of agents doing consequential work behind a human gate:

主题标签官方公告GitHub开源代码
原始关键词#capabilities#dangerous#agents#scan#show#ai
查看原文github.com
单一来源,暂无交叉验证
Show HN: Scan your AI agents for dangerous capabilities · BuzzRadr