Hey all :)
I've been working an open-source toolkit to stop AI agents from running amok.
You can scan your code (Python, JS, TS) and it will flag any risks and can offer fixes. It runs offline, but you can wire an LLM to do code analysis as well.
You can run it with:
npx @makerchecker/scan
Would love to get any feedback!
haha! WHAT!? So, we had agents that came with a default setting to request for specific permission to perform an action, then we said "screw it!", we need speed and everybody started coding and releasing agents out in the wild to do whatever they want unchecked... and now we have a product that brings back the safeguards... A few years ago we have abstraction after abstraction coming in the way of blocking actual development (js ecosystem bloat), and now we have layer upon layer for coding with AI...
Really great idea, simple yet effective.
this is cool I'm working on a similar project called DashClaw. Great work!
great stuff working in a similar project that enforces guardrails at runtime
[flagged]
Why build separate frameworks for this kind of thing when your operating system is right there?
You can make a file called "orders" and you can run your agent as a user with write access to that file, or as one that doesn't, and then you don't need scans or audits to tell you whether the agent can create orders or not, you can just take your operating system's word for it.
Is there anything all this bolt-on AI security stuff does that can't instead be handled by donning a sysadmin hat and managing your agents as separate users?