Reference patterns for high-risk autonomous workflows.
Conceptual implementations for payments, shell controls, MCP boundaries, database writes, and early multi-agent handoff checks. These are reference patterns, not customer deployments.
Operational Pattern 01: Payment Threshold Authorization
Payment agents can create real financial side effects. CapFence sits before the payment API and evaluates the requested transfer before money moves.
Read patternOperational PatternsOperational Pattern 02: Shell Execution Boundary
Shell access is one of the highest-risk capabilities an agent can hold. CapFence wraps the shell tool and evaluates command shape before a process is spawned.
Read patternOperational PatternsOperational Pattern 03: MCP Filesystem Boundary
MCP servers often trust the client completely. CapFence runs as a proxy before the upstream MCP server and evaluates each tool call.
Read patternOperational PatternsOperational Pattern 04: Database Write & Schema-Change Boundary
Text-to-SQL agents can generate destructive queries. CapFence evaluates the request class before the database connection executes it.
Read patternOperational PatternsOperational Pattern 05: Experimental Agent Handoff Checks
Multi-agent systems can pass untrusted context into privileged execution. CapFence can evaluate adapter-provided handoff metadata before allowing a privileged tool call.
Read pattern