A terminal-first guardian that mediates every call between the AI agents on your machine, scores each request for risk, and asks you before anything dangerous happens.
curl -fsSL https://raw.githubusercontent.com/tuzlu07x/foreman/main/install.sh | bashLive: boot → idle → ⚠ approval → deny → logged
Every tool call your agents make passes through Foreman. Here's the loop it runs, hundreds of times a day, so you don't have to.
Every MCP call between your agents and their tools flows through Foreman first.
Heuristic rules flag secret files, outbound network, shell exec, and cross-agent calls.
Past a threshold, you decide right in the terminal: allow, deny, or remember.
Every request lands in a local SQLite store with FTS5 full-text search, on your disk.
You message hermes, your project-manager agent on Telegram. It scopes the work, opens a GitHub issue, and hands it to codex, the coder. codex writes the code and tests; hermes reviews and approves the diff. The agents run the whole loop on their own.
A live, looping simulation of how the agents actually work.
Add rate-limiting to the login API and ship it.
On it — opening GitHub issue #142 and scoping the work for codex.
codex: add 5 req/min per IP on POST /login, with tests. Branch feat/login-ratelimit.
Done — wrote the middleware and tests, all green. Requesting deploy.
Reviewed the diff — clean and covered. Approved for release.
Foreman sees the request before it leaves your machine, scores it 80/100, and stops everything to ask you. One keypress and it's dead.
Two approval treatments — pick the density you'd ship.
Tracing tools tell you what happened. Foreman decides what's allowed to happen — locally, before the call lands.
| Foreman | LangSmith / Helicone | Vanilla MCP | |
|---|---|---|---|
| Runs on your machine | ✓ local-first | cloud SaaS | ✓ local |
| Mediates agent-to-agent | ✓ | tracing only | direct, no mediator |
| Asks before risky calls | ✓ in terminal | post-hoc dashboard | no approval layer |
| Audit log under your control | ✓ SQLite + FTS5 | their cloud | no audit |
| Identity per agent | ✓ Ed25519 | n/a | n/a |
| Open source | ✓ MIT | proprietary | spec |
Foreman speaks MCP, so it sits in front of the agents, models, and services you already run.
One command. No account. Nothing leaves your machine.
curl -fsSL https://raw.githubusercontent.com/tuzlu07x/foreman/main/install.sh | bash