DocsInstallCLI ReferenceCommunityGitHub ↗
Foreman the Beaver
Local-first · Terminal-native · MIT

Your local AI agents talk to each other. You should know what they're saying.

A terminal-first guardian that mediates every call between the AI agents on your machine, scores each request for risk, and asks you before anything dangerous happens.

$curl -fsSL https://raw.githubusercontent.com/tuzlu07x/foreman/main/install.sh | bash
foreman — gateway

Live: boot → idle → ⚠ approval → deny → logged

What it does

Four jobs. One foreman.

Every tool call your agents make passes through Foreman. Here's the loop it runs, hundreds of times a day, so you don't have to.

01

Mediate

Every MCP call between your agents and their tools flows through Foreman first.

02

Score

Heuristic rules flag secret files, outbound network, shell exec, and cross-agent calls.

03

Ask

Past a threshold, you decide right in the terminal: allow, deny, or remember.

04

Log

Every request lands in a local SQLite store with FTS5 full-text search, on your disk.

See it in action

From one message to shipped — and guarded.

You message hermes, your project-manager agent on Telegram. It scopes the work, opens a GitHub issue, and hands it to codex, the coder. codex writes the code and tests; hermes reviews and approves the diff. The agents run the whole loop on their own.

  • hermes turns your Telegram instruction into a GitHub issue and tasks codex with the implementation.
  • codex writes the middleware and tests; hermes reviews the diff and approves it for release.
  • Before it ships, Foreman gates the production deploy — you approve, it goes live, and every step is logged to your local audit trail.

A live, looping simulation of how the agents actually work.

Foreman · agent channel2 agents · mediated
you · via Telegram

Add rate-limiting to the login API and ship it.

hermes · project manager

On it — opening GitHub issue #142 and scoping the work for codex.

hermes · project manager

codex: add 5 req/min per IP on POST /login, with tests. Branch feat/login-ratelimit.

codex · coder

Done — wrote the middleware and tests, all green. Requesting deploy.

hermes · project manager

Reviewed the diff — clean and covered. Approved for release.

FOREMAN · APPROVAL REQUIREDrisk 65/100
agentcodex (coder)
tooldeploy.production
args{ target: "production", branch: "feat/login-ratelimit" }
▸ writes to production environment +40
▸ uses deploy secret PROD_DEPLOY_KEY +25
[a]llow[d]eny[r]emember[i]nspect
Allowed · shipped to production · logged #5012
Every agent-to-agent call passes through Foreman first.
The moment that matters

A phishing email just told your assistant to leak your .env.

Foreman sees the request before it leaves your machine, scores it 80/100, and stops everything to ask you. One keypress and it's dead.

Two approval treatments — pick the density you'd ship.

APPROVAL REQUIREDrisk 80/100
agenthermes (telegram assistant)
toolfilesystem.read_file
args{ path: "~/.env" }
▸ secret file pattern .env  +50
▸ triggered by inbound message (possible injection)  +30
sessions_91a2 · turn 3
[a]llow[d]eny[r]emember[i]nspect⏱ 52s
How it's different

Not a dashboard. A bouncer.

Tracing tools tell you what happened. Foreman decides what's allowed to happen — locally, before the call lands.

ForemanLangSmith / HeliconeVanilla MCP
Runs on your machine local-firstcloud SaaS local
Mediates agent-to-agenttracing onlydirect, no mediator
Asks before risky calls in terminalpost-hoc dashboardno approval layer
Audit log under your control SQLite + FTS5their cloudno audit
Identity per agent Ed25519n/an/a
Open source MITproprietaryspec
Works with your stack

Wire it up in one line.

Foreman speaks MCP, so it sits in front of the agents, models, and services you already run.

Agents
Claude CodeCodexHermesOpenClawZeroClawGeneric MCP
LLM providers
AnthropicOpenAIGoogle GeminiOllamaOpenAI-compatible
Services
TelegramDiscordSlackGitHubJira / ConfluenceNotion
Foreman the Beaver

Put a foreman on the job.

One command. No account. Nothing leaves your machine.

$curl -fsSL https://raw.githubusercontent.com/tuzlu07x/foreman/main/install.sh | bash