BeforeWire 中文 Book enterprise POC

AI agent execution control

Add execution control before AI agents take real actions.

BeforeWire runs in your environment to screen tampered model responses, govern MCP tools, skills, and workflow capability surfaces, decide before tool calls execute, and write verifiable audit records.

Review security materials Book enterprise POC
runs in your environment response tamper screening capability snapshots pre-execution decisions hash-chain audit
security review packet pre-execution control
controlBW-ACTION-003 policyrelay-guard / capability-diff scopeagent runtime
response path tool_use
BeforeWire DENY
execution stopped
decision receipt verified
action
pip_install("reqursts")
policy
relay-guard
effect
deny before execution
hash_chain
sha256:7d4... -> 9ab...
review surface 4 findings
  • slopsquat packageblocked
  • capability snapshotbound
  • canary attributionsession
  • audit recordwritten
keys, prompts, capability snapshots, and receipts stay in your environment
capability surface Scan and pin MCP / tools / skills
response path Screen returned content tamper / injection
execution point Decide before run allow / warn / deny
audit record Prove the decision hash-chain receipt

Risk can enter after the model response returns.

AI agents read model output, then convert it into tool calls, package installs, shell commands, file access, network requests, and delegated work.

return-path risk

If a model response is modified after passing through a third-party API router or gateway, the risk may not come from the model itself. It appears after the response returns and before the action is actually executed.

API route tampering

A safe model response is changed into a malicious tool call on the return path.

response path
Tool-result injection

A normal-looking tool result pushes new instructions back into the agent context.

tool output
Slopsquat install

requests becomes reqursts, and the agent proceeds to install it.

package
Canary replay

A fake key appears in a response or tool result and can be traced to a session.

attribution
Capability drift

An approved MCP tool, skill, or workflow changes its schema, script, description, or capability boundary.

surface

BeforeWire sits on the agent execution path.

Security review starts with placement. BeforeWire keeps enforcement close to the agent and tools while preserving the API router, model gateway, and tool-call path around it.

AI client / agent proposes action intent tool_use
BeforeWire screens response, gates action allow / warn / deny
API router / gateway returns model response response path
tools / MCP / shell real execution point execution
audit record every decision is written into a hash-chain receipt

From capability onboarding to action execution, BeforeWire controls three points.

BeforeWire is not a generic AI risk detector. It focuses on the path between what an agent can use, what comes back, and what the agent is about to execute.

Capability Surface Governance

Can this capability be trusted over time?

BeforeWire governs surfaces that change agent behavior: MCP tools, local tools, skills, prompt packs, workflow instructions, and referenced scripts. Each surface can be scanned, snapshotted, approved, diffed, and reviewed again after drift.

Available now

MCP / tool scan, approval, diff, and snapshot hash enforcement.

Expanding through POCs

Skills, prompt packs, workflow instructions, and referenced scripts.

  • MCP / tool scan
  • skill review
  • snapshot hash
  • approve / diff
Action Execution Gate

May this concrete action execute now?

Every proposed tool call, package install, shell command, file operation, outbound request, message, or delegated task is evaluated before it runs. A denied action does not execute.

policy decision deny before execution effect: deny
  • allow / warn / deny
  • policy decision
  • pre-execution denial
  • audit record
Response-Path Guard

Is this response trying to create a dangerous action?

BeforeWire screens model and tool responses before they enter the agent decision flow, catching API route tampering, AI MITM, malicious tool use, tool-result injection, slopsquat suggestions, dangerous commands, secret leakage, suspicious egress, and canary replay.

  • response tamper screening
  • streaming text passthrough
  • buffered tool-call review
  • canary attribution

Scan capability surfaces -> screen the response path -> decide the concrete action -> write an audit record.

BeforeWire gates agent actions, not packets. It makes decisions before actions happen and records verifiable evidence.

See a poisoned response blocked in 60 seconds.

Run BeforeWire in your environment, point an AI client or SDK at the local proxy, and run the first-block selftest.

packet BW-POC-001 mode local proxy evidence hash receipt 
pip install beforewire
beforewire init
beforewire selftest
beforewire proxy
export OPENAI_BASE_URL=http://127.0.0.1:8788/v1
expected result Tampered responses are blocked before they reach pip, shell, network requests, or MCP tools.

When a response tries to install reqursts, run curl | sh, leak a secret, or replay a canary, BeforeWire denies the action and records why.

source
api_route_response
blocked
pip_install("reqursts")
receipt
hash verified

Evidence for security review, not demo screenshots.

Each decision records the source, proposed action, matched policy, effect, reason, capability-surface context, and hash-chain receipt. Security, risk, and audit teams can review the control path instead of relying on model claims or screenshots.

If there is no control before execution, audit is only incident replay. With pre-execution decisions, responsibility has a boundary.

decision receipt verified
source
api_route_response
action
pip_install("reqursts")
policy
relay-guard
effect
deny before execution
reason
slopsquat package
capability_snapshot
sha256:7d4...
audit_chain
hash verified

Give security teams a reviewable control checklist.

BeforeWire should be easy to test as a developer tool. Enterprise review needs the enforcement point, decision record, approval surface, and governance extensions.

review packet BW-SEC-REVIEW-024
What can security review without reading a model trace?

BeforeWire turns response screening and action decisions into concrete review objects: denied actions, capability drift, canary hits, policy changes, and receipt hashes.

scope
agent action boundary
evidence
decision receipts, policy hits, capability snapshots
owner
AI platform / security engineering
CTRL-ENF

Enforcement point

Run response screening and action decisions near the agent and tools, while keeping keys, prompts, capability snapshots, and audit records in your environment.

CTRL-DEC

Decision record

Record source, action, matched policy, effect, reason, capability snapshot, and hash-chain receipt for each allow, warn, or deny result.

CTRL-REV

Review surface

Review denied actions, canary hits, capability drift, unapproved tools, and policy changes before they become production incidents.

CTRL-EXT

Enterprise extension

Add team policy packs, approval workflows, private audit aggregation, compliance evidence, and a managed capability registry.

implementation status Available today

OpenAI / Anthropic-compatible local proxy, SSE text passthrough with buffered tool-call screening, slopsquat / secret / dangerous command / suspicious URL checks, canary attribution, MCP scan / approve / diff, hash-chain audit verification, Claude Code PreToolUse hook example, and 10 enterprise risk cases.

proxy
OpenAI / Anthropic compatible
audit
hash-chain verify
hook
Claude Code PreToolUse
capability roadmap Capability-surface roadmap

MCP/tool governance is already in the current release. Skills, prompt packs, and workflow capability scanning and approval will expand through enterprise POC needs.

now
MCP / tool scan, approve, diff
next
Skills, prompt packs, workflows
enterprise
registry, approval, private audit

From local control to enterprise agent governance.

The open-source release proves the critical control path: local proxy, response screening, pre-execution decisions, capability approval, and verifiable audit records. Enterprise deployments can add team policy distribution, approval workflows, private audit aggregation, compliance evidence, and an enterprise capability registry.

  1. Local control

    Local proxy and audit records

    Run the enforcement point close to the agent and its tools, while keeping keys, capability snapshots, and audit data in your environment.

  2. Team governance

    Team policies and capability approvals

    Distribute policy packs, review changes to MCP tools, skills, prompt packs, and workflow bundles, and require approval before reuse.

  3. Audit evidence

    Private audit aggregation and compliance evidence

    Aggregate receipts privately, map decisions to controls, and produce evidence for internal security review, risk, and compliance.

enterprise review POC dossier
Put BeforeWire on your agent review path.

We can map the first POC around your real agents, MCP tools, approval flow, and audit evidence requirements.

place
control placement
decide
policy decisions
prove
private evidence
Book enterprise POC