nano-agentguard
v0.4.0Agent Identity & Permission Guardian - Trust middleware for credential management, permission scopes, human approval workflows, and audit trails. Use when AI agents need secure credential storage, permission boundaries, or human oversight for dangerous operations.
Sourced from ClawHub,
Authored by sendwealth
Installation
AgentGuard - Agent Identity & Permission Guardian
Overview
AgentGuard is a trust middleware for Phase 1 hybrid authentication: - Credential Vault: Encrypted storage for API keys and OAuth tokens - Permission Scopes: Define what operations need human approval - Human Gate: Push confirmation requests for high-risk operations - Audit Trail: Cryptographically signed operation logs - Agent Registry: Track agents with credentials and permissions
Installation
# Install globally
npm install -g agentguard
# Or use as OpenClaw skill
cp -r . ~/.openclaw/skills/agentguard
Quick Start
# Initialize vault
agentguard init
# Register an agent
agentguard register my-agent --owner "[email protected]"
# Store a credential
agentguard vault store my-agent OPENAI_API_KEY sk-xxx
# Define permission scope
agentguard scope set my-agent --level read --dangerous require-approval
# List agents
agentguard list
# Audit log
agentguard audit my-agent --last 24h
Permission Levels
| Level | Auto-approve | Requires Human |
|---|---|---|
read |
✅ Read operations | ❌ |
write |
✅ Read/Write | ❌ |
admin |
✅ Most operations | ⚠️ Dangerous only |
dangerous |
❌ All operations | ✅ Always |
Dangerous Operations (Require Human Approval)
- Send messages/emails
- Financial transactions
- Delete data
- Modify system config
- Access sensitive credentials
- External API calls (configurable)
Human Gate Integration
When an agent attempts a dangerous operation:
- AgentGuard blocks the operation
- Pushes notification to owner (Feishu/Telegram/Email)
- Owner approves/denies with biometric confirmation
- If approved, operation proceeds with short-lived token
- All logged with cryptographic signature
Configuration
~/.agentguard/config.json:
{
"vault": {
"encryption": "aes-256-gcm",
"keyDerivation": "pbkdf2"
},
"humanGate": {
"timeout": 300,
"channels": ["feishu", "telegram"],
"biometric": true
},
"audit": {
"retention": "30d",
"signLogs": true
}
}
API Usage (for skills)
const agentguard = require('agentguard');
// Check permission
const allowed = await agentguard.check('my-agent', 'send_email');
if (!allowed) {
// Request human approval
const approval = await agentguard.requestApproval({
agent: 'my-agent',
action: 'send_email',
details: { to: '[email protected]', subject: 'Test' }
});
}
// Get credential
const apiKey = await agentguard.getCredential('my-agent', 'OPENAI_API_KEY');
// Log action
await agentguard.audit('my-agent', 'api_call', { endpoint: '/completions' });
Security Model
- Vault Encryption: AES-256-GCM with key derived from master password
- Credential Isolation: Each agent has separate encrypted container
- Audit Integrity: SHA-256 hash chain for tamper detection
- Human Gate: Out-of-band confirmation via trusted channel
- Token Expiry: Short-lived tokens (default 5 min)
Files
~/.agentguard/- Data directory~/.agentguard/vault/- Encrypted credentials~/.agentguard/registry.json- Agent registry~/.agentguard/audit/- Audit logs~/.agentguard/config.json- Configuration
OpenClaw Integration
AgentGuard integrates with OpenClaw as a skill:
- Add to
~/.openclaw/skills/agentguard/ - Configure in workspace
AGENTS.md:## AgentGuard All external API calls require AgentGuard permission check. Dangerous operations require human approval. - Use in other skills:
javascript const guard = require('agentguard'); await guard.checkOrApprove(agentId, operation, details);
Roadmap
- [ ] Phase 1: CLI + Vault + Permission Scopes
- [ ] Phase 2: Human Gate (Feishu/Telegram integration)
- [ ] Phase 3: Audit Trail + Export
- [ ] Phase 4: OAuth2 Token Auto-refresh
- [ ] Phase 5: Multi-tenant Support
- [ ] Phase 6: DID Preparation (future Phase 2)
Building trust infrastructure for the Agentic Era.