A terminal-first guardian that mediates every call between the AI agents on your machine, scores each request for risk, and asks you before anything dangerous happens.
curl -fsSL https://raw.githubusercontent.com/tuzlu07x/foreman-agent/main/install.sh | bashLive: boot → idle → ⚠ approval → deny → logged
Every tool call your agents make passes through Foreman. Here's the loop it runs, hundreds of times a day, so you don't have to.
Every MCP call between your agents and their tools flows through Foreman first.
Heuristic rules flag secret files, outbound network, shell exec, and cross-agent calls.
Past a threshold, you decide right in the terminal: allow, deny, or remember.
Every request lands in a local SQLite store with FTS5 full-text search, on your disk.
Foreman sees the request before it leaves your machine, scores it 80/100, and stops everything to ask you. One keypress and it's dead.
Two approval treatments — pick the density you'd ship.
Tracing tools tell you what happened. Foreman decides what's allowed to happen — locally, before the call lands.
| Foreman | LangSmith / Helicone | Vanilla MCP | |
|---|---|---|---|
| Runs on your machine | ✓ local-first | cloud SaaS | ✓ local |
| Mediates agent-to-agent | ✓ | tracing only | direct, no mediator |
| Asks before risky calls | ✓ in terminal | post-hoc dashboard | no approval layer |
| Audit log under your control | ✓ SQLite + FTS5 | their cloud | no audit |
| Identity per agent | ✓ Ed25519 | n/a | n/a |
| Open source | ✓ MIT | proprietary | spec |
Foreman speaks MCP, so it sits in front of the agents, models, and services you already run.
One command. No account. Nothing leaves your machine.
curl -fsSL https://raw.githubusercontent.com/tuzlu07x/foreman-agent/main/install.sh | bash