ops-agent-1 · capfence.enforce()

capfence check ./agentsscore 0.03PASS

payment.transfer amount=5000score 0.42REVIEW

rm -rf /var/lib/postgresqlscore 0.94BLOCK

mcp.read ../../secretsscore 0.87BLOCK

Deterministic. Fail-closed. Local-first.

Authorize agent execution before it reaches production.

CapFence sits between AI agents and privileged targets, enforcing capability policy, approval gates, and tamper-evident audit trails before actions reach APIs, databases, filesystems, shells, or MCP servers.

$pip install capfence

Read the docs

Decision latency<1ms

Default postureFail closed

Audit modelHash chained

Runtime modeLocal first

01 - Platform

Enterprise authorization primitives for agentic execution.

Deterministic policy gates

Evaluate every attempted tool call against declarative capability policy before execution.

Human approval grants

Queue high-risk actions until an expiring, scoped approval is issued for the exact capability.

Tamper-evident audit

Commit every allow, deny, and approval decision into a verifiable hash chain for incident replay.

Agent framework adapters

Wrap OpenAI Agents SDK, LangChain, LangGraph, CrewAI, AutoGen, MCP, and custom tool runtimes.

02 - Coverage

Built for the places agent mistakes become incidents.

Use CapFence as a local-first control plane for production shell access, payment workflows, database operations, MCP tools, and multi-agent handoffs.

DevOps shell control

Block destructive commands, production mutations, and privileged automation drift.

Database write gating

Deny DDL/DML and high-risk analytics queries before they hit production pools.

MCP boundary security

Proxy tool calls and filesystem access through deterministic host and workspace policies.

Trust lineage

Track multi-agent provenance and prevent unverified nodes from reaching privileged tools.

03 - Docs

Formatted from the CapFence repository docs.

Browse all docs

Guides

Runtime Authorization

04 - Cases

Blueprints for high-risk autonomous workflows.

View case studies

Case Study 01: Fintech & Automated Payments Gating Case Study 02: Secure Shell & DevOps Execution Case Study 03: Model Context Protocol (MCP) Boundary Security Case Study 04: Database Write & DDL Guardrails Case Study 05: Multi-Agent Collaboration & Trust Lineage

05 - Blog

Notes on agent security, DevOps controls, and supply-chain trust.

Read the blog

AI Security

Agentic AI Security Is Moving From Prompts to Runtime Control

Why tool misuse, identity abuse, MCP expansion, and approval gaps are making execution authorization a core AI security control.

DevOps Security

Least Agency for Enterprise DevOps

Agentic DevOps needs the same discipline as production access: scoped authority, approval paths, and audit trails.

Reach out

Building autonomous systems with real operational authority?

Talk to the owner about CapFence integrations, enterprise use cases, or early deployments.