Introduction

The permission layer for AI agents — like Auth0, but for LLMs.

AgentSudo is a lightweight permission engine for AI agents. Enforce scopes, approvals, and safe tool use across LangChain, LlamaIndex, FastAPI, and custom agents.

💡

Think of it as Auth0 for AI agents — simple today, extensible tomorrow.

The Problem

AI agents are becoming powerful, but most run with zero permission control—they can call any tool, access any API, and do unexpected things. This creates risks:

Security - An agent could access sensitive data or perform destructive actions
Compliance - No audit trail of what agents did and why
Control - No way to limit agent capabilities based on context

The Solution

AgentSudo adds a lightweight, framework-agnostic permission engine that enforces scopes, rate limits, and human approvals:

Scoped Permissions - Define exactly what each agent can do
Session Management - Time-limited access with automatic expiry
Audit Trails - Track every permission check
Easy Integration - Simple decorator-based API

Quick Example

from agentsudo import Agent, sudo

# Create an agent with specific permissions
support_bot = Agent(
    name="SupportBot",
    scopes=["read:orders", "write:refunds"]
)

# Protect functions with the @sudo decorator
@sudo(scope="write:refunds")
def process_refund(order_id: str, amount: float):
    # Only agents with write:refunds can call this
    print(f"Processing refund of ${amount}")

# Use the agent in a session
with support_bot.start_session():
    process_refund("order_123", 50.00)  # ✅ Allowed

Key Features

Feature	Description
Framework-agnostic	Works with any Python code—LangChain, LlamaIndex, CrewAI, or custom
Fine-grained scopes	Control access at the function level
Hierarchical permissions	Use wildcards like `read:*`
Session management	Automatic expiry and context tracking
Local audit logging	Full trail of all permission checks (works offline)
Dashboard (optional)	Visual management and monitoring

ℹ️

AgentSudo works completely offline. The SDK provides full permission control and JSON audit logging without any external dependencies. The cloud dashboard is an optional add-on for teams who want visual monitoring and analytics.

Architecture

┌─────────────────────────────────────────────────────────────┐
│                     Your Application                        │
│                                                             │
│  ┌─────────────┐    ┌─────────────┐    ┌─────────────┐     │
│  │   Agent A   │    │   Agent B   │    │   Agent C   │     │
│  │ read:orders │    │   read:*    │    │     *       │     │
│  └──────┬──────┘    └──────┬──────┘    └──────┬──────┘     │
│         │                  │                  │             │
│         └──────────────────┼──────────────────┘             │
│                            │                                │
│                   ┌────────▼────────┐                       │
│                   │   AgentSudo     │                       │
│                   │  Permission     │                       │
│                   │    Engine       │                       │
│                   └────────┬────────┘                       │
│                            │                                │
│         ┌──────────────────┼──────────────────┐             │
│         │                  │                  │             │
│  ┌──────▼──────┐    ┌──────▼──────┐    ┌──────▼──────┐     │
│  │ @sudo       │    │ @sudo       │    │ @sudo       │     │
│  │ read:orders │    │ write:data  │    │ admin:*     │     │
│  └─────────────┘    └─────────────┘    └─────────────┘     │
│                                                             │
└─────────────────────────────────────────────────────────────┘

Next Steps

Getting Started - Install and set up AgentSudo
Agents - Learn about creating and managing agents
Scopes - Understand the permission system
Framework Integrations - Use with LangChain, LlamaIndex, etc.
Dashboard - Visual management interface