← All works
In-house · Security

interposed

Hardware-rooted approval for AI agent actions. A per-host security daemon that gates every dangerous action your agents take behind a FIDO2 hardware-key touch.

Visit project
FIDO2 LSM-BPF macOS · Linux

An AI agent that can run shell commands can also delete your repo, exfiltrate your SSH keys, or wipe a database—a misconfigured prompt or an injection buried in a tool result is enough. Sandboxes break workflows, config files are plain text the agent can rewrite, and allow-lists rely on the agent's cooperation.

A small daemon hooks the kernel (LSM-BPF on Linux), a broker enforces a policy sealed with your hardware key, and approvals go through any FIDO2 key. Catch the syscall, check it against your sealed trust list, and block until you tap to approve—once, or always. Anything not on the list waits; adding a path takes a physical touch, not a file edit.

01
Intercept
Every sensitive syscall is caught at the kernel via LSM-BPF.
02
Check
It's checked against a trust list sealed with your hardware key.
03
Hold
The action waits until you tap to approve — once, or always.
LinuxAvailable
Kernel enforcement via LSM-BPF for file writes and process exec, a config sealed with your key (ChaCha20-Poly1305 + Ed25519), passkey approvals, and a signed audit log.
macOSIn progress
Kernel enforcement landing soon; config seal and passkey approvals already work via the FIDO bridge.