DEV Community: Anant

Easier Bets to Get Early Customer Validation and VC Attention

Anant — Sun, 24 May 2026 04:26:55 +0000

There is not much of scale to be achieved in the Enterprise AI space unless you have a big team, a solid funding pipeline and a large multi-capability platform. Most AI work on the B2B large organization side is going to be building services, data products, APIs and integrating AI agents.

From my experience, what VCs look for is user adoption/ customer validation. Now, that typically takes a year or so depending how strong your network is or whether you have a dedicated sales and marketing org within. Most startups do no have that kind of money or resource, so getting customer validation early is difficult.

Personalized AI agents, recruitment AI, domain specific GPTs, smaller SaaS etc. are better ideas to get both, some early recurring revenue and the consecutive VC support.

VCs outside of the US ( especially San Francisco) are risk averse and need to see the money before they can potentially invest.

I am not trying to dissuade people from entering the enterprise space, rather I have listed the things that I have observed being in this space for the past few months or so.

Would love to know yall's views.

Runtime Agent Governance for AI Agents in JavaScript and Node.js

Anant — Tue, 19 May 2026 03:56:51 +0000

agent-governance

Cerone
.

Install it, create an agent and validate a real action. Get a live governance decision in minutes.

This package talks to the Cerone runtime and returns explicit runtime decisions before an action executes:

approved
flagged
rejected

The npm package name is agent-governance for discoverability. The hosted runtime behind it is Cerone.

Why developers use it

start immediately with hosted trial access from the SDK
validate agent actions before they execute
keep your own OpenAI, Anthropic, or other model key
add runtime governance without replacing the rest of your stack
get real decisions instead of vague policy claims
use a lean trust layer instead of a heavy platform rewrite

Install

npm install agent-governance

Node 18+ is required because the SDK uses the built-in fetch and AbortController.

Quick start

import { CeroneClient } from "agent-governance";

const client = new CeroneClient();

const agent = await client.createAgent(
  "Customer billing support",
  ["db_read", "billing_api"],
);

const result = await client.validate(
  agent.agentId,
  "database_query",
  { table: "billing", customer_id: "123" },
);

console.log("Agent:", agent.agentId);
console.log("Decision:", result.result);
console.log("Trust:", result.trustScore);

Hosted trial and access

If you do not pass an API key, the SDK automatically bootstraps a hosted trial token by calling:

POST /trial/session

That token is persisted locally at:

~/.cerone/trial_token

Protected API routes still use:

X-API-Key: sk_trial_...

Current access paths:

Hosted trial
no manual signup required to begin evaluation
designed for testing, demos, and first integrations
if the trial is exhausted, contact us for persistent access
Persistent access
use a provisioned key for POCs, pilots, and production environments

Support:

Hosted service terms:

What this SDK does

It is a thin Node client for the hosted Cerone runtime. It can:

create root agents
spawn child agents
validate actions
validate action batches
fetch usage
issue delegated tokens
verify and revoke delegated tokens

The goal is to keep the client side light while identity, validation, trust, governance, and audit logic stay centralized in the Cerone runtime.

Runtime policy and containment

Cerone is also evolving into a stronger runtime policy layer, not just an
identity and semantic-alignment layer.

The current direction includes runtime detections for patterns such as:

prompt injection
instruction override
role manipulation
policy evasion
secret harvesting
data exfiltration
obfuscation and encoded payload tricks

These checks are meant to complement semantic validation:

semantic alignment asks whether the action fits the declared purpose
runtime policy checks ask whether the action payload itself looks unsafe, manipulative, evasive, or exfiltration-oriented

Cerone also has an operator-controlled containment direction:

manual kill switch support
soft containment
hard containment

Important:

detection does not automatically activate containment by default
the intended default behavior is operator-controlled, manual activation

For integrators, the practical rule remains simple:

approved -> continue
flagged -> review or warn according to your app policy
rejected -> block execution

Single action vs batch validation

Start with validate(...) for a single action. Use validateBatch([...]) only when you already have two or more validation items to send together.

Single action:

import { CeroneClient } from "agent-governance";

const client = new CeroneClient();

const agent = await client.createAgent(
  "Customer billing support",
  ["db_read", "billing_api"],
);

const result = await client.validate(
  agent.agentId,
  "database_query",
  { table: "billing", customer_id: "123" },
);

console.log(result.result, result.trustScore);

Batch validation:

import { CeroneClient } from "agent-governance";

const client = new CeroneClient();

const results = await client.validateBatch([
  {
    agentId: "agt_123",
    action: {
      tool: "database_query",
      parameters: { table: "billing", customer_id: "123" },
    },
  },
  {
    agentId: "agt_456",
    action: {
      tool: "refund_lookup",
      parameters: { refund_id: "rf_789" },
    },
  },
]);

for (const item of results) {
  console.log(item.agentId, item.result, item.trustScore);
}

If you call validateBatch([]), the SDK raises a local error before making a request.

API

Main exports:

CeroneClient
AgentGovernanceClient (alias)
CeroneError
AuthenticationError
ValidationError
RateLimitError
NetworkError

`new CeroneClient`

Options:

apiKey
baseUrl default: https://api.homersemantics.com
timeoutMs default: 30000
maxRetries default: 3
retryNonIdempotent default: false
enableCache default: false
cacheTtlMs default: 300000
trialTokenPath

Agent / certificate methods

createAgent(purpose, capabilities?, options?)
spawnAgent(parentId, purpose, capabilities?, options?)

Validation methods

validate(agentId, action, parameters?)
validateBatch(validations)

Trial / health / usage methods

healthCheck()
getUsage()
ensureApiKey()

Delegated token methods

delegateToken(options)
verifyToken(accessToken, options?)
revokeToken(accessToken)

Request shape

Validation requests use the Cerone runtime request shape:

{
  "agent_id": "agt_...",
  "action": {
    "tool": "database_query",
    "parameters": {
      "table": "billing"
    }
  }
}

Runtime headers

The SDK sends telemetry headers including:

User-Agent: agent-governance-node-sdk/<version>
X-Cerone-SDK-Name
X-Cerone-SDK-Version
X-Cerone-Platform
X-Cerone-Client-Intent

Bring your own model key

Cerone governs agent behavior, not inference.

You keep your own OpenAI, Anthropic, or other provider key and pass it directly to your model calls. Cerone validates the intended action and records the governance trail, but it does not sit in the middle of your model billing path.

Other SDKs

Cerone now has more than one SDK surface.

Current SDKs:

Node / JavaScript SDK
- package: agent-governance
- repo: github.com/AnantDhavale/agent-governance-js
Python SDK
- package: cerone
- repo: github.com/AnantDhavale/cerone_sdk

The product name is Cerone across both SDKs.

The npm package uses the name agent-governance for discoverability.

If you are building in Node:

npm install agent-governance

If you are building in Python:

pip install cerone

Notes

this package is server-side Node code
do not expose your Cerone API key in browser bundles
for enterprise or persistent access, contact info@homersemantics.com

cerone-openclaw-plugin : check OpenClaw tool calls before they run

Anant — Sat, 16 May 2026 17:20:47 +0000

I’ve been working on cerone-openclaw-plugin, a native OpenClaw plugin that checks tool calls with Cerone before execution. (Cerone is an AI agent runtime.)

OpenClaw agents can read files, write files, call APIs, and trigger other tools.

This plugin adds a pre-execution check layer using OpenClaw’s existing before_tool_call hook, without modifying OpenClaw core.

What it does:

loads as a normal third-party OpenClaw plugin
intercepts tool calls through before_tool_call
sends the tool name, parameters, and runtime context to Cerone
gets back a decision: approved flagged rejected
maps that into OpenClaw behavior: approved -> tool runs flagged -> require approval by default rejected -> block the tool call

Example shape:

{
  "plugins": {
    "entries": {
      "cerone-openclaw-plugin": {
        "enabled": true,
        "config": {
          "trialMode": "auto",
          "flaggedBehavior": "requireApproval",
          "networkFailureBehavior": "allow",
          "agentPurpose": "Read repository files and inspect code inside OpenClaw for software engineering tasks.",
          "agentCapabilities": ["file_read", "file_write", "network_access", "api_call"]
        }
      }
    }
  }
}

In practice, this means OpenClaw keeps its normal workflow, but the sdk gets a chance to allow, flag, or block a tool call before it executes.

Repo:

https://github.com/AnantDhavale/cerone-openclaw-plugin

npm:

https://www.npmjs.com/package/cerone-openclaw-plugin

Would appreciate feedback from people using OpenClaw for:

coding agents
tool-heavy assistants
agents that can touch files or external APIs
workflows where some actions should pause for approval before execution

Thanks!

Beta Users for Agent Governance Runtime

Anant — Sun, 10 May 2026 15:29:47 +0000

Hey folks!

I'm looking for beta users to try out Cerone — an AI Agent governance runtime.

It helps monitor, control, and enforce policies on AI agents at runtime, would love early feedback from anyone building with agents.

Install it via PyPI: pip install ceroneFull details & docs on the PyPI page: pypi.org/project/cerone

If you try it out, drop your feedback in the comments or reach out directly — every bit helps shape the roadmap!

cerone · PyPI

Zero Trust Security for AI Agents

pypi.org

pip-guardian on Pypi

Anant — Tue, 07 Apr 2026 09:25:03 +0000

The LiteLLM supply chain attack is a bit of a wake-up call.

Somehow it has not been very prominent in the news. I received an email from Mercor stating a recent supply chain attack involving LiteLLM affected their systems.

According to reports, malicious code was injected directly into official versions of the LiteLLM package, which were published on PyPI.

When developers installed the package in production using pip as usual, they unknowingly introduced the malicious code into their environments. The malicious package reportedly harvested cloud credentials, SSH keys, API tokens, and even tried lateral movement in Kubernetes environments.

The lesson here is simple: “pip install latest” in production is no longer safe.

At a minimum, before installing a package in production, check:

When was this version published?
Are you pinning versions?
Are you using hash-locked requirements?

I’ve experimented with a small tool that adds a check before pip installs a package. Not commercial yet, just a safety layer for developers after the LiteLLM incident.

You can check it out here, please star if you like it :

https://github.com/AnantDhavale/pip-guardian/tree/main

Download it from Pypi

pip install pip-guardian

pypi.org

Here's the readme version for you with some details::

Feature set

1) Pre-install risk policy
Version age rules:
block if version is very new (default < 5h)
warn if version is recent (default < 48h)
Blocks yanked releases.
Blocks known-compromised versions from local blocklist.
Blocks maintainer identities from local blocklist.

2) Deep artifact scanning
Downloads wheel/sdist artifacts from PyPI before install.
Verifies artifact SHA256 against PyPI metadata.
Static scan heuristics for:
executable .pth startup hooks
sitecustomize.py / usercustomize.py
obfuscated payload patterns (e.g., long base64 + dynamic execution)
credential-exfiltration-like behavior
persistence indicators (e.g., systemd artifacts)
Kubernetes lateral-movement indicators

3) Built-in incident guard (LiteLLM March 2026)
Blocks:
litellm==1.82.7
litellm==1.82.8
Runbook:
docs/INCIDENT_LITELLM_2026.md

4) CI-friendly JSON mode
--json emits one machine-readable JSON object.
--yes allows non-interactive proceed on WARN.
Exit codes:
0 install succeeded
1 blocked, warn-not-confirmed, or pip install failure
2 usage/argument errors

5) Logging
Decision logs written as JSONL.
Primary path: ~/.pip_guardian/guardian.log
Fallback path (if home not writable): ./.pip_guardian/guardian.log
Installation
Install from PyPI:

python -m pip install pip-guardian
Upgrade:

python -m pip install --upgrade pip-guardian
Install from source (development):

git clone https://github.com/AnantDhavale/pip-guardian.git
cd pip-guardian
python -m pip install .

Usage

guardian install requests
guardian install litellm==1.82.8
guardian install fastapi --index-url https://pypi.org/simple
guardian install requests --json --yes

Policy and IOC files
policies/config.yaml:
age thresholds
deep-scan score thresholds
executable .pth blocking toggle
policies/blocklist.json:
package/version deny list
maintainer deny list

Repository structure
guardian/cli.py - command entrypoint
guardian/policy_engine.py - risk decision logic
guardian/scanner.py - deep artifact scanning
guardian/pypi_checker.py - PyPI metadata collection
guardian/logger.py - local decision logging

Notes:
This reduces risk but is not a full malware sandbox.
For production, use pinned dependencies and hash-locked installs.

OAuth for AI Agents

Anant — Thu, 02 Apr 2026 23:03:29 +0000

New here. I am looking for some beta users for Agent Guard, it is aimed at building zero trust / Oauth for AI Agents. Think of it as Runtime permission checks for AI agent actions.

Agent Guard is a lightweight enforcement layer that sits between your agent and tool execution. Before a tool runs, Agent Guard asks Cerone whether the action should be allowed. Cerone is the backend mastermind - the policy decision point (PDP).

Some features :

Add runtime guardrails without rewriting your app.
Keep your current tools/functions and wrap them in minutes.
Cache approvals for low-latency hot paths.
Stay framework-agnostic (OpenAI tools, LangChain, CrewAI, custom agents).

Please check it out, feedbacks/ comments/ suggestions highly appreciated ! https://github.com/AnantDhavale/Agent_Guard

The image is a weak Chat GPTized attempt at humor of mine, I hope you like it lol . Thank you.