Stop giving your AI agents root access to everything. Fine-grained permission control with audit trails, human-in-the-loop approvals, and session management.
from agentsudo import Agent, sudo
support_bot = Agent(
name="SupportBot",
scopes=["read:orders", "write:refunds"]
)
@sudo(scope="write:refunds")
def issue_refund(order_id, amount):
# Only agents with write:refunds can call this
print(f"Refunding ${amount}")Enterprise-grade permission control for your AI agents
Control exactly what each agent can do with granular permission scopes like read:orders or write:refunds.
Track which agent performed what action, when, and with what permissions. Perfect for compliance.
Require human approval for high-risk actions via Slack, Teams, or custom workflows.
Sessions automatically expire like JWT tokens. Set custom TTLs for temporary agent access.
Topic filtering and prompt injection protection. Keep agents on-topic and block malicious inputs automatically.
Use flexible wildcards like read:* or write:orders* for powerful permission patterns.
Install agentsudo and start protecting your AI agents
pip install agentsudoRequires Python 3.9+
from agentsudo import Agent, sudo
# Create agents with different permissions
support_bot = Agent(
name="SupportBot",
scopes=["read:orders", "write:refunds"]
)
analytics_bot = Agent(
name="AnalyticsBot",
scopes=["read:orders"] # Read-only
)
# Protect functions with @sudo decorator
@sudo(scope="write:refunds")
def process_refund(order_id, amount):
print(f"Refunding ${amount} for {order_id}")
# Support bot can process refunds
with support_bot.start_session():
process_refund("order_123", 50) # ✅ Allowed
# Analytics bot cannot
with analytics_bot.start_session():
process_refund("order_456", 25) # ❌ PermissionDeniedError