BeforeWire 中文 Book enterprise POC

AI agent execution control

Add execution control before AI agents take real actions.

BeforeWire runs in your environment to screen tampered model responses, govern MCP tools, skills, and workflow capability surfaces, decide before tool calls execute, and write verifiable audit records.

Review security materials Book enterprise POC
runs in your environment response tamper screening capability snapshots pre-execution decisions hash-chain audit
response screened policy: deny before execution
response action intent tool_use
execution decision DENY 
{
  "action": "pip_install",
  "package": "reqursts",
  "effect": "deny",
  "reason": "slopsquat package",
  "capability_snapshot": "sha256:7d4..."
}
execution stopped no tool call
receipt written hash-chain verified
capability surface Scan and pin MCP / tools / skills
response path Screen returned content tamper / injection
execution point Decide before run allow / warn / deny
audit record Prove the decision hash-chain receipt

Risk does not only live inside the model. It also appears after the response comes back.

AI agents do not just read model output. They turn it into tool calls, package installs, shell commands, file access, network requests, and delegated work.

If a model response is modified after passing through a third-party API router or gateway, the risk may not come from the model itself. It appears after the response returns and before the action is actually executed. Tool results and capability drift can lead agents toward the same outcome.

API route tampering

A safe model response is changed into a malicious tool call on the return path.

Tool-result injection

A normal-looking tool result pushes new instructions back into the agent context.

Slopsquat install

requests becomes reqursts, and the agent proceeds to install it.

Canary replay

A fake key appears in a response or tool result and can be traced to a session.

Capability drift

An approved MCP tool, skill, or workflow changes its schema, script, description, or capability boundary.

BeforeWire sits on the agent execution path.

Security review starts with placement. BeforeWire keeps enforcement close to the agent and tools while preserving the API router, model gateway, and tool-call path around it.

AI client / agent proposes action intent tool_use
BeforeWire screens response, gates action allow / warn / deny
API router / gateway returns model response response path
tools / MCP / shell real execution point execution
audit record every decision is written into a hash-chain receipt

From capability onboarding to action execution, BeforeWire controls three points.

BeforeWire is not a generic AI risk detector. It focuses on the path between what an agent can use, what comes back, and what the agent is about to execute.

Capability Surface Governance

Can this capability be trusted over time?

BeforeWire governs surfaces that change agent behavior: MCP tools, local tools, skills, prompt packs, workflow instructions, and referenced scripts. Each surface can be scanned, snapshotted, approved, diffed, and reviewed again after drift.

Available now

MCP / tool scan, approval, diff, and snapshot hash enforcement.

Expanding through POCs

Skills, prompt packs, workflow instructions, and referenced scripts.

  • MCP / tool scan
  • skill review
  • snapshot hash
  • approve / diff
Action Execution Gate

May this concrete action execute now?

Every proposed tool call, package install, shell command, file operation, outbound request, message, or delegated task is evaluated before it runs. A denied action does not execute.

policy decision deny before execution effect: deny
  • allow / warn / deny
  • policy decision
  • pre-execution denial
  • audit record
Response-Path Guard

Is this response trying to create a dangerous action?

BeforeWire screens model and tool responses before they enter the agent decision flow, catching API route tampering, AI MITM, malicious tool use, tool-result injection, slopsquat suggestions, dangerous commands, secret leakage, suspicious egress, and canary replay.

  • response tamper screening
  • streaming text passthrough
  • buffered tool-call review
  • canary attribution

Scan capability surfaces -> screen the response path -> decide the concrete action -> write an audit record.

BeforeWire gates agent actions, not packets. It makes decisions before actions happen and records verifiable evidence.

See a poisoned response blocked in 60 seconds.

Run BeforeWire in your environment, point an AI client or SDK at the local proxy, and run the first-block selftest.

pip install beforewire
beforewire init
beforewire selftest
beforewire proxy
export OPENAI_BASE_URL=http://127.0.0.1:8788/v1
expected result Tampered responses are blocked before they reach pip, shell, network requests, or MCP tools.

When a response tries to install reqursts, run curl | sh, leak a secret, or replay a canary, BeforeWire denies the action and records why.

Evidence for security review, not demo screenshots.

Each decision records the source, proposed action, matched policy, effect, reason, capability-surface context, and hash-chain receipt. Security, risk, and audit teams can review the control path instead of relying on model claims or screenshots.

If there is no control before execution, audit is only incident replay. With pre-execution decisions, responsibility has a boundary.

decision receipt verified
source
api_route_response
action
pip_install("reqursts")
policy
relay-guard
effect
deny before execution
reason
slopsquat package
capability_snapshot
sha256:7d4...
audit_chain
hash verified

Give security teams a reviewable control checklist.

BeforeWire should be easy to test as a developer tool. Enterprise review needs the enforcement point, decision record, approval surface, and governance extensions.

Enforcement point

Run response screening and action decisions near the agent and tools, while keeping keys, prompts, capability snapshots, and audit records in your environment.

Decision record

Record source, action, matched policy, effect, reason, capability snapshot, and hash-chain receipt for each allow, warn, or deny result.

Review surface

Review denied actions, canary hits, capability drift, unapproved tools, and policy changes before they become production incidents.

Enterprise extension

Add team policy packs, approval workflows, private audit aggregation, compliance evidence, and a managed capability registry.

Available today

OpenAI / Anthropic-compatible local proxy, SSE text passthrough with buffered tool-call screening, slopsquat / secret / dangerous command / suspicious URL checks, canary attribution, MCP scan / approve / diff, hash-chain audit verification, Claude Code PreToolUse hook example, and 10 enterprise risk cases.

Capability-surface roadmap

MCP/tool governance is already in the current release. Skills, prompt packs, and workflow capability scanning and approval will expand through enterprise POC needs.

From local control to enterprise agent governance.

The open-source release proves the critical control path: local proxy, response screening, pre-execution decisions, capability approval, and verifiable audit records. Enterprise deployments can add team policy distribution, approval workflows, private audit aggregation, compliance evidence, and an enterprise capability registry.

  1. Local control

    Local proxy and audit records

    Run the enforcement point close to the agent and its tools, while keeping keys, capability snapshots, and audit data in your environment.

  2. Team governance

    Team policies and capability approvals

    Distribute policy packs, review changes to MCP tools, skills, prompt packs, and workflow bundles, and require approval before reuse.

  3. Audit evidence

    Private audit aggregation and compliance evidence

    Aggregate receipts privately, map decisions to controls, and produce evidence for internal security review, risk, and compliance.