Hey everyone. First post here, figured I'd start with an introduction.
I'm Mohammad. I spent 15 years building the boring-but-critical systems that keep institutions from imploding — approval chains, spending limits, delegation of authority, separation of duty. The stuff that means a junior accountant can't wire $50K to a random vendor at 2 AM.
Then AI agents showed up with API keys and credit cards. And none of those controls exist for them.
An agent running on a service account has no spending limit. No scope restriction. No audit trail that says who authorized it to act. If a human employee operated that way, they'd be escorted out by security.
So I built the thing I couldn't find: AgentCTRL — an open-source Python library that puts real institutional controls on agent actions. Not prompt-level "please don't do bad things." Structural enforcement. The tool call doesn't happen unless the pipeline says yes.
pip install agentctrl — zero deps, Apache 2.0, 74 tests, works with LangChain/OpenAI/CrewAI or anything else.
Writing my first real article here soon about why AI agents are economic actors and why we keep governing them like chatbots.
Top comments (0)