The open-source safety stack for AI agents. Enterprise-grade protection, completely free.
Policy engine, approval workflows, content scanning, cryptographic audit trail, and real-time monitoring. Works with LangChain, OpenAI, CrewAI, Claude, Vercel AI SDK, and MCP servers. Self-host everything. No usage fees.
npx @authensor/create-authensor my-agentCopyYour agent wants to do something. Authensor checks whether that action is allowed. If yes, it goes through. If no, it gets blocked. If it's risky, you get asked. Then it logs a tamper-proof receipt of what happened.
Low-risk actions go through instantly. Logged with a receipt.
Policy violations are stopped before they can cause harm.
Risky actions get sent to you for approval first.
Other agent safety tools charge per request, require enterprise contracts, or only cover part of the stack. Authensor gives you everything — self-hosted, MIT licensed, no usage limits.
| Feature | Authensor (Free) | Enterprise Tools |
|---|---|---|
| Policy Engine | Free (MIT) | $0.000025/req or enterprise contract |
| Approval Workflows | Free | Custom build ($50K+) |
| Cryptographic Audit Trail | Free | Doesn't exist elsewhere |
| Content Safety Scanner | Free (Aegis) | $10K+/yr |
| MCP Tool Governance | Free | Doesn't exist elsewhere |
| Real-Time Anomaly Detection | Free (Sentinel) | $15K+/yr |
| Framework Agnostic | 8 adapters | Vendor-locked |
| Self-Hosted | Docker Compose | Sometimes |
| Fail-Closed Default | Yes | Most fail open |
Why free? Agent safety is infrastructure, not a luxury. Every agent should have policy enforcement, audit trails, and content scanning — regardless of budget. Self-host everything at no cost, or use the hosted tier for $5/mo.
See every agent. Every action. Every decision. One screen, zero infrastructure.
Authensor works alongside whatever AI tools and platforms you already use. You don't need to switch anything. You add a safety layer on top.
It can delete files, leak API keys, or run commands you didn't expect
Authensor checks every action before it runs. Dangerous commands get blocked. Sensitive ones ask you first.
A prompt injection or bad output can trigger a real transaction you can't undo
Every API call goes through a policy. High-value actions require human approval. Everything is logged.
Your agent has access to tools that can read, write, and execute. There's no guardrail between intent and action.
Drop in one line of code. Authensor sits between your agent and its tools. Works with any framework.
EU AI Act, SOC 2, HIPAA all require logging, oversight, and risk controls for automated decisions
Hash-chained audit receipts, multi-party approval workflows, and 10/10 OWASP Agentic coverage out of the box.
Wrap any agent action with guard() and policy evaluation, content scanning, and audit logging happen automatically.
# Try Authensor in 30 seconds npx @authensor/create-authensor my-agent cd my-agent && npm install && npm run demo # Watch the demo: # 1. Agent tries to delete files → BLOCKED # 2. Agent tries to leak credentials → BLOCKED # 3. Agent tries high-value API call → REQUIRES APPROVAL # 4. Agent tries allowed action → ALLOWED + receipt logged
Each package works on its own. Use the content scanner without the policy engine. Use the policy engine without the control plane. Mix and match.
@authensor/engineDeclarative rules with session forbidden sequences, budget evaluation, and constraint enforcement. Synchronous, zero-dependency, pure evaluation.
@authensor/aegis15+ prompt injection rules, 22 MINJA memory poisoning rules, PII detection, credential scanning, multimodal safety. Zero dependencies, sub-ms latency.
@authensor/sentinelPer-agent behavioral baselines with EWMA/CUSUM anomaly detection. Deny rate tracking, chain depth alerts, fan-out alerts. Zero dependencies.
@authensor/mcp-serverTransparent policy proxy implementing the MCP SEP authorization protocol. authorization/propose, authorization/decide, authorization/receipt message types.
@authensor/redteam15 adversarial attack seeds mapped to MITRE ATT&CK. Test any agent's safety automatically.
@authensor/safeclawLocal agent gating with browser dashboard, approval workflows, and audit ledger.
$ npx @authensor/create-authensor my-agentGenerates a working project with guard() wired in. Includes a live demo showing policy enforcement, content scanning, and approval workflows in action.
$ docker compose up -dPostgreSQL + control plane on your machine. Policy engine, approval workflows, hash-chained receipts, real-time dashboard.
$ authensor.com/hostedSame engine, zero ops. Managed PostgreSQL, webhook integrations, and SLA. $5/month — no per-request fees.
Plus alignment with EU AI Act (August 2026 deadline), NIST AI RMF, SOC 2, and HIPAA.
ASI01Agent Goal HijackingAegis prompt injection (15+ rules), memory poisoning detection (22 MINJA rules), session forbidden sequencesASI02Tool Misuse & ExploitationPer-tool policy rules, constraint enforcement (maxAmount, allowedDomains), budget limits, session risk scoringASI03Identity & Privilege AbusePrincipal binding, strict binding mode, RBAC API keys (admin/ingest/executor)ASI04Supply Chain VulnerabilitiesMCP Gateway with SEP authorization protocol, Ed25519 tool integrity verificationASI05Unexpected Code ExecutionDeny-by-default policy, container sandboxing, workspace scopingASI06Memory & Context PoisoningAegis 22 MINJA-informed rules, Sigstore transparency log, hash-chained receiptsASI07Insecure Inter-Agent CommsparentReceiptId chain tracking, delegation depth alerts, principal bindingASI08Cascading FailuresSentinel anomaly detection (EWMA/CUSUM), budget enforcement, kill switch, rate limitingASI09Human-Agent Trust ExploitationTOCTOU re-evaluation, multi-party approval, shadow/canary policy testingASI10Rogue AgentsSentinel behavioral baselines, session risk scoring, forbidden sequence detectionFree, self-hosted, and open source. Every feature. No usage limits. Get started in 30 seconds.
npx @authensor/create-authensor my-agentCopy