AgentCheck
Prove Your Agents Before They Ship
Discover every agent and tool, gate the risky actions, and ship signed proof that each release was checked and approved.
Discover in Under 30 Minutes
Connect a repo, OpenAPI spec, or MCP server and get a full agent and tool inventory with a risk map.
Gate Every Release
Run agent safety checks on each change, simulate policy, and block risky or regressed actions before production.
Prove It With Receipts
Ship signed, tamper-evident receipts of what was checked and approved — verifiable by anyone, anytime.
The Gap
Agents Act. Nobody Proves It First.
Your AI agents no longer just answer questions — they open tickets, ship code, call internal systems, and move money. But before a release goes live, there's no central way to prove which agent may call which tool, within which scope, with what approval. MCP standardizes transport and OAuth. Each SDK ships its own approval hooks. The missing layer is cross-framework, action-level policy with signed proof — the evidence you can hand a CISO or an auditor, before anything ships.
Cross-framework
One policy model across OpenAI, LangChain, MCP, and OpenAPI — not per-SDK silos.
Action-level
Govern the verb and resource of a real action, not just whether an API is reachable.
Provable
Signed receipts a CISO or auditor can verify independently — before it ships.
How It Works
From Repo to Signed Proof
Four steps, no agent code to rewrite. Point AgentCheck at what your agents can already reach, and it does the rest.
Discover
Scan GitHub, OpenAPI, MCP, and OAuth connections to build an agent inventory, tool surface, scopes, and risk classes.
Define Guardrails
Set policy on which agent may call which tool, verb, and resource — within which scope. High-risk actions require human approval.
Gate Every Release
Run checks on every change, simulate what-if policy, and block risky or regressed actions before they reach production.
Prove
Emit signed, tamper-evident receipts of what was checked and approved — verifiable through an independent API.
Capabilities
Everything You Need to Clear a Release
One evaluation suite for agents — inventory, policy, simulation, gating, approvals, and proof.
Agent & Tool Inventory
A live map of every agent, the tools it can reach, and the scopes it holds — normalized across OpenAI, LangChain, MCP, and OpenAPI.
Policy Packs
Reusable rules for which agent may call which tool, verb, and resource — start from a pack and tailor it to your risk model.
What-If Simulation
Replay proposed policy against real tool surfaces to see what a change would allow or block — before you enforce it.
Release Gating & PR Checks
Run safety checks on every change and fail the build when an action regresses or breaks policy — straight in your pipeline.
Approval Workflows
Route high-risk actions to a human in Slack or GitHub, with the actor and delegation chain attached for context.
Signed Receipts & Verify API
Tamper-evident proof of what was checked and approved, plus SIEM export and an independent API any third party can verify.
Integrations
No SDK. No Code Rewrite.
Connect AgentCheck to what your agents already use. Discovery and governance start with zero code on day one.
GitHub App Scan
Install the app and inventory agents, tools, and scopes straight from your repositories.
OpenAPI Upload
Upload a spec to map every HTTP endpoint your agents can reach into the risk map.
MCP Proxy
Sit in front of any MCP server to discover and gate tool calls in transit.
HTTP Egress Gateway
Route agent traffic through a gateway to allow, deny, or hold outbound actions.
OAuth Connector Broker
Issue scoped, tenant-isolated tokens so agents never hold more access than they need.
Slack & GitHub Approvals
Approve or reject high-risk actions where your team already works — no new tool to adopt.
Honest by design
Zero-Integration Entry, Selective Deep Enforcement
Discovery and governance are strong with zero integration — you map and police your agents from day one. Hard-blocking is strong for HTTP, MCP, and broker-issued tools, where AgentCheck sits in the path. Enforcing in-process function calls inside your own code needs a deeper adapter, which lands in a later phase. We'd rather tell you exactly where the line is than overpromise.
Threat Coverage
Built for the Agent Threat Model
Agents introduce risks classic authorization never saw. AgentCheck pairs each one with an action-level control.
Prompt injection & goal hijack
Tool-level authorization and least-privilege scopes — a hijacked goal still can't reach a tool it was never granted.
Tool misuse
Allowlists plus verb and resource policy, with approval required for anything risky.
Identity & privilege abuse
Scoped tokens with a full actor and delegation chain, and step-up approval for sensitive moves.
Confused deputy
A tenant-scoped broker so one agent can never act with another tenant's authority.
Webhook forgery
HMAC signature checks and a replay window that rejects stale or spoofed events.
Log & receipt tampering
Signed, append-only receipts — any edit breaks the chain and fails verification.
Proof You Can Show
Signed Receipts, Not Just Logs
Most tools either firewall prompts or watch agents after the fact. AgentCheck does neither alone. It enforces action-level policy across every framework, then leaves a signed, tamper-evident receipt of what was checked, approved, and run — proof a CISO or auditor can verify independently, before a release ships.
Tamper-evident
Each receipt is cryptographically signed at decision time.
Append-only
Receipts can be added but never silently rewritten.
Independently verifiable
A third party can confirm any receipt through the verify API.
AgentCheck governs agents before they ship. For live runtime monitoring, see AgentHealth.
receipt.json
- actor
- agent:billing-bot
- principal
- user:dev1@acme
- tool
- stripe.refunds
- verb
- create
- decision
- allow
- approval
- slack:#fin-ops
- signature
- ed25519:9f3a…c21
FAQ
Questions, Answered Honestly
Do I need an SDK?
No. Connect a GitHub repo, an OpenAPI spec, or an MCP server and AgentCheck starts discovering and governing your agents with zero code.
Does it change my agent code?
No rewrite required. Discovery and policy work from the outside. In-process function-call enforcement uses a deeper adapter that arrives in a later phase.
Which frameworks and tools does it cover?
AgentCheck normalizes agents and tools across OpenAI, LangChain, MCP, and OpenAPI or plain HTTP, so one policy model spans your whole stack.
What's in a signed receipt, and can a third party verify it?
Each receipt records the actor and delegation chain, the action and scope, the decision and approval, and a tamper-evident signature — verifiable by anyone through an independent API.
How fast is setup?
Discovery typically runs in under 30 minutes: connect a source and get an agent inventory, tool surface, and risk map.
Does it block actions or just observe?
Both, selectively. Hard-blocking is strong for HTTP, MCP, and broker-issued tools where AgentCheck sits in the path; in-process enforcement is a later phase. Discovery and governance always work with zero integration.
How does approval work?
High-risk actions pause and route to a human in Slack or GitHub, with the actor and context attached, so the right person signs off before anything runs.
Is AgentCheck available now?
AgentCheck is pre-launch. Join the wait list and we'll reach out as access opens — no customers, pricing, or certifications to claim yet.
Get Early Access
Prove Your Next Release Is Safe
AgentCheck is pre-launch. Join the wait list to discover your agents, gate your releases, and ship signed proof before anything goes live.
No spam — we'll only reach out as access opens.