Stop giving your AI agents root access to everything. Fine-grained permission control with audit trails, human-in-the-loop approvals, and session management.
from agentsudo import Agent, sudo
support_bot = Agent(
name="SupportBot",
scopes=["read:orders", "write:refunds"]
)
@sudo(scope="write:refunds")
def issue_refund(order_id, amount):
# Only agents with write:refunds can call this
print(f"Refunding ${amount}")Enterprise-grade permission control for your AI agents
Control exactly what each agent can do with granular permission scopes like read:orders or write:refunds.
Track which agent performed what action, when, and with what permissions. Perfect for compliance.
Require human approval for high-risk actions via Slack, Teams, or custom workflows.
Sessions automatically expire like JWT tokens. Set custom TTLs for temporary agent access.
Enforce permissions on data models. Perfect for LangChain, LlamaIndex, and other frameworks.
Use flexible wildcards like read:* or write:orders* for powerful permission patterns.
Install agentsudo and start protecting your AI agents
pip install agentsudoRequires Python 3.9+
from agentsudo import Agent, sudo
# Create agents with different permissions
support_bot = Agent(
name="SupportBot",
scopes=["read:orders", "write:refunds"]
)
analytics_bot = Agent(
name="AnalyticsBot",
scopes=["read:orders"] # Read-only
)
# Protect functions with @sudo decorator
@sudo(scope="write:refunds")
def process_refund(order_id, amount):
print(f"Refunding ${amount} for {order_id}")
# Support bot can process refunds
with support_bot.start_session():
process_refund("order_123", 50) # ✅ Allowed
# Analytics bot cannot
with analytics_bot.start_session():
process_refund("order_456", 25) # ❌ PermissionDeniedError