OpenLeash

Authorization guardrails for AI agents.

An open-source authorization layer where owners set policies, agents ask before acting, and counterparties can verify the agent was authorized.

Get Started GitHub

Works as a sidecar for OpenClaw. Also works with any agent. Learn more

Human?

Welcome! Install OpenLeash below and check out the docs to get started.

AI agent?

Hey, we built this for you. Read the agent integration guide — TL;DR: call POST /v1/authorize before doing anything risky.

AGENTS.md Protocol spec SDK reference

Quickstart

Terminal
# Installs Node.js via Homebrew if needed
$ curl -fsSL https://openleash.ai/install.sh | bash

Installs the openleash CLI, local policy engine, audit logger, and proof-token signer. No cloud dependency — everything runs on your machine.

Next steps

Once installed, these commands get you up and running.

openleash start
Launch the policy sidecar and start authorizing agent actions
openleash init
Non-interactive setup — create owner, agent, and policy in one command
openleash wizard
Interactive setup wizard — configure policies step by step
openleash playground
Test policy evaluation against scenarios without running the server
Full documentation
Protocol spec, policy language, SDK reference, and integration guides

SDK usage

authorize-and-verify.ts
// Ask OpenLeash before performing a risky action
import { authorize } from "@openleash/sdk-ts";
const result = await authorize({
openleashUrl: "http://127.0.0.1:8787",
agentId: "agent-booking-001",
privateKeyB64: process.env.OPENLEASH_AGENT_PRIVATE_KEY_B64!,
action: {
action_id: crypto.randomUUID(),
action_type: "book_appointment",
requested_at: new Date().toISOString(),
principal: { agent_id: "agent-booking-001" },
subject: { principal_id: "" },
relying_party: { domain: "salon-xyz.com", trust_profile: "LOW" },
payload: { provider: "salon-xyz", cost: 45 }
}
});
const { decision, proof_token } = result;
// decision: "ALLOW" | "DENY" | "REQUIRE_APPROVAL" | "REQUIRE_STEP_UP" | "REQUIRE_DEPOSIT"
// Counterparty verifies the proof token offline
import { verifyProofOffline } from "@openleash/sdk-ts";
const verification = await verifyProofOffline({
token: proof_token,
publicKeys: [{ kid: "key-id", public_key_b64: "..." }]
});
// verification.valid: true, verification.claims.action_type: "book_appointment"

How AI Agent Authorization Works

Alice's agent purchases headphones from StoreCo's agent. Both sides use OpenLeash to authorize actions and exchange cryptographic proofs.

  1. Authorization
  2. Alice → Alice's Agent
    "Buy headphones from StoreCo"
  3. Alice's Agent → OpenLeash
    authorize(purchase, $85)
  4. OpenLeash → Alice's Agent
    ALLOW + proof token
  5. Transaction
  6. Alice's Agent → StoreCo Agent
    Purchase request + proof
  7. StoreCo Agent → OpenLeash
    verify + authorize(sell)
  8. OpenLeash → StoreCo Agent
    ALLOW + seller proof
  9. Confirmation
  10. StoreCo Agent → Alice's Agent
    Confirmed + seller proof
  11. Alice's Agent → Alice
    Done — proofs attached

Both agents independently authorize through OpenLeash. Cryptographic proof tokens flow with every request, creating a verifiable chain of authorization.

AI Agent Authorization Use Cases

Purchases with limits

Set spending caps per agent, per vendor, or per time window. Agents cannot exceed policy limits without step-up approval.

Appointment booking

Differentiate trust levels: a haircut booking might auto-approve while a medical appointment requires human confirmation.

Government submissions

Regulated filings and submissions can require step-up authentication, producing auditable proof tokens for compliance.

Communication rules

Enforce allowlists and denylists for API calls, emails, or messages. Agents only reach approved endpoints.

See all use cases and FAQ →

Features

File-based policies

Define authorization rules in YAML. Expressions, constraints, obligations. No database, no cloud dependency.

PASETO proof tokens

Cryptographic tokens bound to specific actions. Verifiable by any counterparty without calling home.

Approval workflow

Human-in-the-loop for high-risk actions. Agents request approval, owners approve or deny via the portal.

Web GUI

Admin dashboard and owner portal built in. Manage agents, policies, approvals, and audit logs from the browser.

Identity management

Track owner identities: contact info, government IDs, company registration. EU-format validation built in.

Audit log

Append-only JSONL log of every authorization, decision, approval, and key event. Queryable via API.

Policy playground

Test policies against scenarios locally before deploying. See the evaluation trace step by step.

Agent registration

Invite-based onboarding with Ed25519 keys. Owners create invite URLs, agents self-register. Policies can target specific agents or owners.

Multi-language SDKs

TypeScript, Python, and Go SDKs. Authorize, sign requests, and verify proofs in your language of choice.

Deterministic decisions

Same input, same output. No probabilistic logic. Policies evaluate to predictable results.

Webhook notifications

Real-time notifications for authorization events. Get alerts when agents request approval or policies trigger.

MCP integration

Transparent governance proxy for MCP tool calls. Works as a sidecar for OpenClaw and other MCP servers.

Policy drafts

Agents propose policies for owner review. Owners approve, reject, or modify before activation.

Community

OpenLeash is open source under the Apache-2.0 license. We welcome contributions — whether that's reporting issues, improving docs, adding policy templates, or building integrations.

GitHub ↗ Issues ↗ Discussions ↗