AgentGuard - Agent Identity & Permission Guardian
Overview
AgentGuard is a trust middleware for Phase 1 hybrid authentication:
- Credential Vault: Encrypted storage for API keys and OAuth tokens
- Permission Scopes: Define what operations need human approval
- Human Gate: Push confirmation requests for high-risk operations
- Audit Trail: Cryptographically signed operation logs
- Agent Registry: Track agents with credentials and permissions
Installation
# Install globally
npm install -g agentguard
# Or use as OpenClaw skill
cp -r . ~/.openclaw/skills/agentguard
Quick Start
# Initialize vault
agentguard init
# Register an agent
agentguard register my-agent --owner "user@example.com"
# Store a credential
agentguard vault store my-agent OPENAI_API_KEY sk-xxx
# Define permission scope
agentguard scope set my-agent --level read --dangerous require-approval
# List agents
agentguard list
# Audit log
agentguard audit my-agent --last 24h
Permission Levels
| Level | Auto-approve | Requires Human |
|---|---|---|
read | ✅ Read operations | ❌ |
write | ✅ Read/Write | ❌ |
admin | ✅ Most operations | ⚠️ Dangerous only |
dangerous | ❌ All operations | ✅ Always |
Dangerous Operations (Require Human Approval)
- Send messages/emails
- Financial transactions
- Delete data
- Modify system config
- Access sensitive credentials
- External API calls (configurable)
Human Gate Integration
When an agent attempts a dangerous operation:
- AgentGuard blocks the operation
- Pushes notification to owner (Feishu/Telegram/Email)
- Owner approves/denies with biometric confirmation
- If approved, operation proceeds with short-lived token
- All logged with cryptographic signature
Configuration
~/.agentguard/config.json:
{
"vault": {
"encryption": "aes-256-gcm",
"keyDerivation": "pbkdf2"
},
"humanGate": {
"timeout": 300,
"channels": ["feishu", "telegram"],
"biometric": true
},
"audit": {
"retention": "30d",
"signLogs": true
}
}
API Usage (for skills)
const agentguard = require('agentguard');
// Check permission
const allowed = await agentguard.check('my-agent', 'send_email');
if (!allowed) {
// Request human approval
const approval = await agentguard.requestApproval({
agent: 'my-agent',
action: 'send_email',
details: { to: 'user@example.com', subject: 'Test' }
});
}
// Get credential
const apiKey = await agentguard.getCredential('my-agent', 'OPENAI_API_KEY');
// Log action
await agentguard.audit('my-agent', 'api_call', { endpoint: '/completions' });
Security Model
- Vault Encryption: AES-256-GCM with key derived from master password
- Credential Isolation: Each agent has separate encrypted container
- Audit Integrity: SHA-256 hash chain for tamper detection
- Human Gate: Out-of-band confirmation via trusted channel
- Token Expiry: Short-lived tokens (default 5 min)
Files
~/.agentguard/- Data directory~/.agentguard/vault/- Encrypted credentials~/.agentguard/registry.json- Agent registry~/.agentguard/audit/- Audit logs~/.agentguard/config.json- Configuration
OpenClaw Integration
AgentGuard integrates with OpenClaw as a skill:
- Add to
~/.openclaw/skills/agentguard/ - Configure in workspace
AGENTS.md:## AgentGuard All external API calls require AgentGuard permission check. Dangerous operations require human approval. - Use in other skills:
const guard = require('agentguard'); await guard.checkOrApprove(agentId, operation, details);
Roadmap
- Phase 1: CLI + Vault + Permission Scopes
- Phase 2: Human Gate (Feishu/Telegram integration)
- Phase 3: Audit Trail + Export
- Phase 4: OAuth2 Token Auto-refresh
- Phase 5: Multi-tenant Support
- Phase 6: DID Preparation (future Phase 2)
Building trust infrastructure for the Agentic Era.