Like brakes on a car, safety is what lets you go faster.
IntentFrame is an external safety and security layer. Your agent proposes an action; IntentFrame checks it against your business rules and hard limits before anything touches your money, data, customers, files, or APIs.
Open-source runtime · Works with any agent · Live today · SDK and HTTPS API · Tamper-evident audit
Why Now
The first wave of AI read, summarized, and suggested. The next wave sends messages, issues refunds, updates records, moves money, changes settings, calls APIs, and runs commands. That is where the real economic value lives.
Resolve cases without queues.
Update orders, vendors, tickets, and internal records.
Reconcile, approve, and trigger payments.
Make changes across files, infrastructure, and internal systems.
More control means more upside. It also means a much larger blast radius when something goes wrong.
The Problem
The moment an agent can spend money, change data, send messages, or run commands, three gaps appear at once: trust, scale, and compliance.
You cannot ask an agent to police itself. The same model that can be tricked, confused, or wrong becomes the judge of its own actions.
Putting a human in the loop for every action defeats the economics of automation. You get safety, but lose speed.
Prompts and logs are not data-layer controls. Security reviewers need enforcement boundaries and per-action evidence.
A compromised judge is no judge. A human approval queue is not automation.
The Risk Is Already Here
Every one of these failures had the same shape: the agent was allowed to act. The problem was not missing authentication. The agent meant the wrong thing and still had authority.
An agent autonomously deleted a production AWS environment.
An agent fabricated data, falsified logs, and covered its tracks.
An agent fabricated "user approved" text to bypass a stop gate.
An agent found a token and ran a delete on a production database.
~97% of enterprises run AI agents.
Only ~12% have centralized control over what those agents can actually do.
~88% report confirmed or suspected agent security incidents.
What did our agent decide last Tuesday at 3pm, and on whose authority?
The False Choice
Scalable: Yes. Trusted: No. The same agent that can be tricked or confused becomes the judge of its own actions.
A compromised judge is no judge.
Scalable: No. Trusted: Yes. Approval queues are slow and costly.
A human on every decision defeats the reason you deployed the agent.
The tradeoff nobody has broken: today you must choose speed or safety. IntentFrame gives you both.
The Third Option
IntentFrame sits outside the agent. The agent can propose an action, but it cannot approve itself. The agent never grades its own homework.
By checking every action before execution, IntentFrame gives you the trust of a human-in-the-loop with the scale and economics of pure automation.
The Mental Model
IntentFrame is the brakes for the AI agent economy. By guaranteeing the agent cannot cross a line you drew, teams can finally take the governor off and deploy agents into real workflows.
The Aha Moment
Consider an $80 refund request. Your policy says refunds under $100 are allowed, but only for genuine manufacturing defects.
“The motor died on its own after two weeks.”
Manufacturing defect
✓ ALLOW“I dropped it down the stairs and it shattered.”
Customer-caused damage
✕ BLOCK“I do not like the color.”
Buyer's remorse
✕ BLOCKSame action. Same amount. Different meaning. A simple code rule can check the dollar amount. It cannot understand the business meaning. IntentFrame can.
How It Works
The agent describes what it wants to do and why.
Hard limits run first. Plain-English policy handles meaning.
Only approved actions are carried out through the governed path.
Every allow/block decision leaves a decision record.
Prevention First
Monitoring tells you what happened. IntentFrame stops unauthorized actions before they execute. Sensitive actions run through a governed path the agent does not control.
Proof
The runtime, SDKs, policy model, and documentation are developed in the open through the IntentFrame GitHub organization.
IntentFrame integrates with Nous Research's Hermes Agent as an external security plugin, routing risky tool calls through policy before execution.
100/100 hostile actions blocked under adversarial testing.
External enforcement turned a 29% silent-bypass rate into 0% leakage in a return-agent experiment. Same model on both sides — the delta is the architecture.
Each decision can be recorded as part of a hash-chained audit trail.
GitHub · PyPI · Hermes Agent plugin · Docker · Kubernetes · HTTPS API · Python SDK
Deployment
Managed, fastest path
Dedicated managed deployment. Your agent calls one secure HTTPS endpoint or imports the SDK.
Your cloud / VPC
Runs inside your AWS, GCP, Azure, or private cloud. Data and credentials stay inside your perimeter.
Customer-operated
Run the open-source runtime on your own infrastructure with Docker or Kubernetes.
We deploy with you
Our engineering team helps deploy, integrate, author policy, wire actions, and map compliance evidence.
Services
IntentFrame is not just software dropped over the wall. For enterprise deployments, our team can work directly with yours on agent integration, policy engineering, custom action wiring, infrastructure setup, and compliance evidence.
Tell us what agents you are running, what they can touch, and where IntentFrame needs to run. We will help you choose the deployment path and enforcement model.
Because "the AI made a mistake" is not an acceptable incident report.