Right now, AI agents share a single API key with root access to everything - databases, CRMs, payment APIs. When they hallucinate, they can delete production data, issue unauthorized refunds, or spam customers.
Features:
â Fine-grained permission scopes (read:*, write:orders, etc.)
â Audit mode (log violations without blocking)
â Human-in-the-loop approvals (Slack integration)
â Session expiry (like JWT tokens)
Open source (MIT). 3 lines of code to integrate. Works with any agent framework.
