JAK Shield
AI agents are powerful. JAK Shield makes them safe.
Before an agent touches your code, browser, files, email, GitHub, or business tools, JAK Shield checks permissions, scores risk, blocks unsafe actions, asks for approval where needed, and records every step in a tamper-evident evidence bundle.
Agent Firewall
Detects prompt-injection attacks and offensive-cyber requests (malware, exploits, credential theft, unauthorized scanning, phishing) BEFORE the LLM sees them. Defensive security work — audit my repo, harden auth, find CVEs — passes through.
packages/security/src/guardrails/offensive-cyber-detector.ts
Risk-Based Approvals
Every tool call is classified across 6 risk tiers — READ_ONLY through CRITICAL_MANUAL_ONLY. Risky calls pause the workflow. Approval is bound to the exact payload via a SHA-256 hash; replays with modified payloads are rejected with HTTP 409.
packages/tools/src/registry/approval-policy.ts
Secure Tool Permissions
Per-tenant tool registry + industry-pack restrictions + Standing Orders (allowed-tools whitelist + blocked-actions list + budget cap + expiry). REVIEWER+ role required to install or run anything destructive.
packages/tools/src/registry/tenant-tool-registry.ts
Sandboxed Execution
Browser sessions in per-tenant data dirs (500 MB quota), URL allowlist with cloud-metadata + RFC1918 + IPv6 link-local blocked, DNS-rebinding defense on every navigation, downloads disabled. Installer runs in a sandboxed subprocess with literal argv (never shell:true), 60s timeout, stripped env.
packages/tools/src/browser-operator/playwright-browser-operator.ts
Defensive Vulnerability Triage
JAK Shield supports defensive security work — repo audits, dependency scans, secret-leak detection, patch recommendations. Offensive work (writing exploits, generating malware, phishing kits) is blocked at the boundary.
docs/jak-shield-manifest.md
Audit Evidence Layer
Every workflow lifecycle event lands in AuditLog. AgentTrace fields are PII-redacted at write time. workflows.{goal,error,finalOutput,planJson,stateJson} are AES-256-GCM encrypted at rest. Final evidence bundles are HMAC-SHA256 signed and verify byte-for-byte.
apps/api/src/services/bundle.service.ts
Safety boundary
JAK Shield is built for defensive security, safe automation, permissioned workflows, and audit-ready agent execution. It does not support offensive hacking, malware generation, credential theft, phishing, unauthorized scanning, or exploit generation. Defensive work is allowed. Offensive work is refused.