惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

GbyAI
GbyAI
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
IT之家
IT之家
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
N
News | PayPal Newsroom
Cloudbric
Cloudbric
Webroot Blog
Webroot Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Simon Willison's Weblog
Simon Willison's Weblog
Spread Privacy
Spread Privacy
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
V
Vulnerabilities – Threatpost
Attack and Defense Labs
Attack and Defense Labs
C
Cyber Attacks, Cyber Crime and Cyber Security
Cisco Talos Blog
Cisco Talos Blog
C
Cybersecurity and Infrastructure Security Agency CISA
H
Hackread – Cybersecurity News, Data Breaches, AI and More
P
Proofpoint News Feed
阮一峰的网络日志
阮一峰的网络日志
S
Secure Thoughts
T
Tor Project blog
Latest news
Latest news
aimingoo的专栏
aimingoo的专栏
V2EX - 技术
V2EX - 技术
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
Securelist
T
Tenable Blog
N
Netflix TechBlog - Medium
Google Online Security Blog
Google Online Security Blog
博客园 - Franky
T
Troy Hunt's Blog
量子位
大猫的无限游戏
大猫的无限游戏
T
Threat Research - Cisco Blogs
T
The Exploit Database - CXSecurity.com
MongoDB | Blog
MongoDB | Blog
H
Heimdal Security Blog
D
Docker
W
WeLiveSecurity
Stack Overflow Blog
Stack Overflow Blog
G
Google Developers Blog
博客园 - 叶小钗
腾讯CDC
The Hacker News
The Hacker News
WordPress大学
WordPress大学
人人都是产品经理
人人都是产品经理
Project Zero
Project Zero
Martin Fowler
Martin Fowler

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
GitHub - enforra/enforra: Open source action governance SDK for AI agent tool calls.
rohitguptap · 2026-05-20 · via Hacker News - Newest: "AI"

CI License

System prompts are not a security boundary. When an AI agent can issue refunds, run commands, send emails, or export data, the control point should sit before the tool action executes.

Enforra Core is a local action governance SDK for AI agent tool calls. It lets developers define policy, test it in CI, trace decisions, enforce before application-owned callbacks run, and write redacted audit evidence locally.

Enforra wraps application-owned tool callbacks. It is not an agent runtime, MCP proxy, or model firewall.

At runtime, it returns one of four decisions: allow, block, require_approval, or log_only. The OSS core runs locally, makes no network calls, and does not execute your tools remotely.

import { createEnforraClient } from "@enforra/sdk-node";

const enforra = await createEnforraClient({
  policyPath: "./policies/starter/support-agent.yaml",
  auditPath: ".enforra/audit.jsonl"
});

const result = await enforra.enforceToolCall({
  agent: "support-agent",
  tool: "stripe.refund",
  args: {
    customerId: "cus_123",
    amount: 250
  },
  context: {
    environment: "production"
  },
  execute: async () => {
    return { refundId: "ref_123", status: "created" };
  }
});

// execute only runs when policy returns allow or log_only.
console.log(result.decision);
// "require_approval"

Install

npm install @enforra/sdk-node

What is Enforra?

This open source repository contains the local runtime core for Enforra. It evaluates policy before a tool callback runs and returns one of four decisions: allow, block, require_approval, or log_only.

Enforra is designed for teams that need control over agent actions, not just agent outputs. It lets developers define which tool calls are allowed, blocked, logged, or marked as requiring approval before the application callback runs.

The customer application owns actual tool execution. The Enforra runtime does not execute tools remotely, does not require your secrets, and does not call a hosted API.

Why runtime control?

Agent instructions are useful, but they are not a security boundary. Runtime control gives developers a typed enforcement point immediately before side effects happen.

Why not just use a system prompt?

System prompts can guide behavior, but enforcement should happen at the point where an agent action becomes a real side effect.

Enforra evaluates policy immediately before the tool callback runs, so manipulated or unexpected agent behavior can still be blocked, marked as requiring approval, or logged before side effects happen.

Prerequisites

  • Node.js 20 or newer
  • pnpm via Corepack

Quickstart

git clone https://github.com/enforra/enforra.git
cd enforra
corepack enable
pnpm install
pnpm build
pnpm test
pnpm policy:test:all
pnpm demo:all
pnpm benchmark:all

Develop from source

This repository is a pnpm monorepo. To work on packages from source:

pnpm install

CLI

Use the Enforra CLI to create starter policies and run policy tests locally.

npx @enforra/cli init
npx @enforra/cli test

The CLI creates a starter policy and test cases so you can validate decisions before wiring Enforra into your agent tools.

Run the demos

pnpm demo:support-refund
pnpm demo:openai-style
pnpm demo:mcp-style
pnpm demo:approval-evidence
pnpm demo:audit-integrity
pnpm demo:db-unsafe
pnpm demo:db-enforra
pnpm demo:all

The support refund demo runs three fake refund calls: a small allowed refund, a medium refund requiring approval, and a large blocked refund.

Enforra support refund demo

Tool call: stripe.refund
Agent: support-agent
Amount: 20
Decision: allow
Executed: yes

Tool call: stripe.refund
Agent: support-agent
Amount: 250
Decision: require_approval
Executed: no
Reason: matched policy approve-medium-refunds

Tool call: stripe.refund
Agent: support-agent
Amount: 1000
Decision: block
Executed: no
Reason: matched policy block-large-refunds

Audit log written to .enforra/audit.jsonl

Examples

  • examples/support-refund-agent: runnable local demo for allow, require approval, and block decisions.
  • examples/openai-style-tool-wrapper: wrapper pattern for calling enforceToolCall before an application tool callback.
  • examples/mcp-style-tool-policy: starter policy pattern for MCP-style tool names at the application boundary; this repository does not implement an MCP gateway.
  • examples/approval-evidence-demo: local evidence demo for allow, require approval, block, and log-only decisions.
  • examples/audit-integrity-demo: optional hash-chain audit integrity demo for local audit logs.
  • examples/db-delete-video-demo: simple video demo contrasting a direct table-delete callback with the same callback protected by Enforra.

Basic usage

Call enforceToolCall with agent, tool, args, optional context, and an execute callback. Enforra only calls execute when the decision is allow or log_only.

Test policies before runtime

Policy tests simulate tool-call inputs against local YAML policy files without executing callbacks.

pnpm policy:test:all

Use policy tests in local development and CI to catch policy regressions before agent tool calls create side effects.

Decision trace

Enforra can explain why a policy decision happened. This helps developers debug policies before runtime and produce clearer evidence for blocked or approval-required actions.

See docs/decision-trace.md.

Policy example

Starter YAML policies live in policies/starter as examples. They are not required runtime configuration. In a real application, pass createEnforraClient the path to your own YAML policy file. The SDK is not hardcoded to the starter policies.

version: 1
defaults:
  decision: block
policies:
  - id: allow-small-refunds
    match:
      agent: support-agent
      tool: stripe.refund
    conditions:
      - field: args.amount
        operator: lte
        value: 50
    decision: allow

Coding-agent policy example

version: 1
defaults:
  decision: block
policies:
  - id: block-env-file-access
    match:
      tool: filesystem.read
    conditions:
      - field: args.path
        operator: contains
        value: ".env"
    decision: block

  - id: approve-package-install
    match:
      tool: terminal.run
    conditions:
      - field: args.command
        operator: contains
        value: "npm install"
    decision: require_approval

Conditions use dot paths rooted at args or context, such as args.amount, args.recipient, or context.environment. Supported operators are eq, neq, gt, gte, lt, lte, contains, and not_contains. Conditions can be written as a flat array where every condition must pass, or grouped with all and any. Policies can optionally set priority; lower numbers evaluate first.

The four decisions

  • allow: write a pre-execution decision audit event, execute the callback, and log executed.
  • block: do not execute the callback and log blocked.
  • require_approval: do not execute in the open source local runtime and log pending_approval.
  • log_only: write a pre-execution decision audit event, execute the callback, and log logged.

What gets logged

Audit events are appended to .enforra/audit.jsonl. Arguments and context are recursively redacted for common secret fields before they are written. For allow and log_only, the runtime writes a decision audit event before calling execute; if that audit write fails, the callback is not run. Successful executed tool calls can create more than one audit event: a pre-execution decision_logged event and a final executed or logged event.

Optional hash-chain mode can add tamper-evident integrity metadata to local audit logs. It helps detect modified, deleted, or reordered events when verified later, but it is not tamper-proof.

Security model

This open source runtime loads policies from local YAML files so developers can inspect and run the enforcement logic without a hosted service. Policy decisions are deterministic for the same policy and tool-call input.

The runtime performs no network calls, telemetry, analytics, database writes, or hidden background work. The customer application owns actual tool execution. Enforra only decides whether the local execute callback should run.

This repository is focused on local runtime enforcement. Policy management, team workflows, and hosted audit retention are outside the scope of this OSS core.

Scope

Enforra focuses on application-level action governance. It is not an MCP proxy, model firewall, kernel sandbox, or prompt-injection detector. It gives developers a local policy boundary around the tools their agents already call.

What this repository does not include

This repository contains the local runtime core only.

It does not include a hosted API, cloud dashboard, hosted audit retention, team approvals, auth, billing, RBAC, SSO, Slack or email approvals, compliance reports, remote tool execution, or MCP gateway behavior.

What is included

This repository includes:

  • policy loading, validation, and evaluation
  • Node SDK wrapper for agent tool calls
  • local JSONL audit logging with redaction
  • optional hash-chain integrity for local audit logs
  • starter policy examples
  • runnable support, OpenAI-style, MCP-style, approval evidence, audit integrity, database guard, and benchmark demos
  • tests for policy evaluation, audit redaction, and SDK behavior
  • CI for build, test, and lint

Project structure

packages/policy-core       Policy loading, validation, and evaluation
packages/policy-simulator  Local policy simulation and case runner
packages/sdk-node          Node SDK enforcement wrapper
packages/cli               CLI for init, policy tests, audit verification, and setup checks
packages/local-audit       Local JSONL audit logging and redaction
examples/support-refund-agent
examples/openai-style-tool-wrapper
examples/mcp-style-tool-policy
examples/approval-evidence-demo
examples/audit-integrity-demo
examples/db-delete-video-demo
examples/benchmark-policy-eval
policies/starter
docs
packages/*/test

Docs

Feedback and Community

We are actively looking for feedback from developers building production AI agents, MCP servers, and agentic workflows.

  • Found a bug? Open a GitHub issue.
  • Have a feature request or integration idea? Open a GitHub issue.
  • Want to talk directly with the team or explore becoming a design partner? Join our Slack or Discord community.
  • Security-sensitive feedback? Email security@enforra.com.

Slack: https://join.slack.com/t/enforra/shared_invite/zt-3xs2z71z5-9Cf_dqTbYRe3Z1WBiFvRRA
Discord: https://discord.gg/PkXtk9C3q

Roadmap

See docs/roadmap.md.

Contributing

See CONTRIBUTING.md.

License

Apache-2.0.