Completely agree, though the LLM part of the scanner can help with that contextual part of the analysis.
Runtime enforcement already exists (the embedded governor wraps tool calls in-process); extending it with a quarantined contextual evaluator like you describe would the logical next step.
Thanks for the feedback, actually will raise an issue on that to explore
The scanner is just one part of the codebase, good for maintaining quality in a pipeline.
There is also @makerchecker/embedded, which has runtime permission primitives you wrap around the agent's actions, so the restraints live in the app exactly like you're describing
Less whack-a-mole, more wrap the risky calls and they're bound
I’d say the biggest difference would be:
1. Parameter-aware rules: OS permissions don’t know your application logic. (How would you tell OS permissions not to let your AI to trade on over 1M dollars)
2. You can’t easily model multi-pary and RBAC.
3. Agents call remote APIs for alot of those tools. Native OS doesn’t really parse web traffic to decide if a request is safe or not.
OS sandboxing is good for host security, but not necessarily for governing business logic or AI agents
I've been working an open-source toolkit to stop AI agents from running amok.
You can scan your code (Python, JS, TS) and it will flag any risks and can offer fixes. It runs offline, but you can wire an LLM to do code analysis as well.
It wraps around agents you already have and provides structured controls:
- Each agent acts only through a role and can only run skills its approved for.
- It cannot approve its own work.
- Support for human approval gates.
- Every action is committed to a hash-chained signed log.
I also built alot of runnable examples based on real life case studies (e.g. Knight Capital, Air Canada refund chatbot) and how it can be used to prevent them.
The goal is to help get agents that do impactful work (move money, healthcare triaging, prod releases, etc) out of pilot and into production.
A bit past the OpenClaw hype-train, but I remember seeing all this news about the massive security risks OpenClaw has, so I wrapped it with MakerChecker so you can have sophisticated guarantees and controls over OpenClaw. Good enough that you could have it be an employee ;)
Made a few demos where you could control how it uses finances, customer databases, etc. And how it could actually be used in the workplace.
I think that's where alot of the focus is going to be in the next few years, and it'll be what blocks us from getting AI into alot of risk averse industries. Been working alot on this.
Wanted to share this project I have been working on for a while. In the past few years and my previous startup, I really struggled to get any form of AI adoption in regulated industries. So I built MakerChecker: A way to add structural guarantees into how Agents and AI systems would operate in high risk environments.
It wraps around agents you already have and provides structured controls:
- Each agent acts only through a role and can only run skills its approved for.
- It cannot approve its own work.
- Support for human approval gates.
- Every action is committed to a hash-chained signed log.
I also build alot of runnable examples based on real life case studies (e.g. Knight Capital, Air Canada refund chatbot) and how it can be used to prevent them.
The goal is to help get agents that do impactful work (move money, healthcare triaging, prod releases, etc) out of pilot and into production.
Happy to answer any questions and always looking for constructive feedback :)