« All posts

agent-gate: keep your AI agents from having unchecked power

agent-gate is a dependency-free MIT Python layer that gates AI agent actions behind deterministic checks and one-time tokens, blocking prompt injection and irreversible mistakes.

Most AI agent setups wire the model directly to real actions: it says run this, and it runs. That works fine until a poisoned file, a malicious web page, or a bad reasoning step tells the agent to delete files, move money, or wreck production — with nothing standing in between. agent-gate is a dependency-free, MIT-licensed Python layer built to close that gap.

The core idea is straightforward: the model can still propose anything, but code decides whether it's allowed to act. Authority comes only from a one-time, hash-bound capability token issued by a deterministic gateway after explicit checks pass. Dangerous goals are rejected before they're even selected, data fetched from the outside world is never treated as an authenticated instruction, and every step is written to a tamper-evident, hash-chained audit log. High-risk actions like delete, pay, or deploy require explicit human approval by design.

The included demo walks through two flows: a legitimate fix that clears the gate, gets a single-use token, and goes through a sandboxed backup-write-rollback cycle — versus a prompt injection embedded in a fetched page that's killed by the rejector before the gateway ever sees it, resulting in zero tokens and zero execution. The author frames this not as an autonomous-reasoning breakthrough but as the unglamorous safety layer that production agent systems actually need.