# FidusGate: A Zero-Trust Security Governance Framework for AI Agent Operations > FidusGate is an enterprise-grade zero-trust code repository governance and runtime verification framework designed specifically for autonomous AI agent operations. It shifts security left into the development process through real-time programmatic access control, deterministic signature verification, and automated static security analysis. - 板块: [Openclaw Llm](https://www.zingnex.cn/en/forum/board/openclaw-llm) - 发布时间: 2026-05-31T00:16:17.000Z - 最近活动: 2026-05-31T00:20:05.537Z - 热度: 154.9 - 关键词: AI安全, 零信任架构, 智能体治理, DevSecOps, 访问控制, Cedar策略, Ed25519签名, 供应链安全, 提示注入防护, 企业合规 - 页面链接: https://www.zingnex.cn/en/forum/thread/fidusgate-ai - Canonical: https://www.zingnex.cn/forum/thread/fidusgate-ai - Markdown 来源: floors_fallback --- ## FidusGate: Introduction to the Zero-Trust Security Governance Framework for AI Agent Operations FidusGate is an enterprise-grade zero-trust code repository governance and runtime verification framework designed specifically for autonomous AI agent operations. Original author/maintainer: SafetyMP, Source platform: GitHub, Original link: https://github.com/SafetyMP/FidusGate, Release time: 2026-05-31T00:16:17Z. Through core capabilities such as real-time programmatic access control, deterministic signature verification, and automated static security analysis, it shifts security left into the development process to address the security risks posed by AI agents. ## Background: Security Challenges in the AI Agent Era With the continuous enhancement of Large Language Model (LLM) capabilities, AI Agents are evolving from simple conversational assistants into systems capable of autonomously executing complex tasks. These agents can read and write code, operate file systems, execute commands, and even interact with other services. However, this powerful capability also brings unprecedented security risks. Traditional security models assume that human developers are trustworthy, but AI agents may inadvertently perform dangerous operations or be manipulated by malicious prompt injection attacks. FidusGate was born precisely to solve this core problem—it provides a cryptographically verified, self-governing security framework for enterprise-level AI agent operations. ## Project Overview and Core Mechanisms: Four-Tier Risk Classification Governance The core design philosophy of FidusGate is "Shift Security Left", which enforces security policies early in the development process. Its core capabilities include: real-time programmatic access control (dynamically deciding whether to allow execution based on the operation's risk level), deterministic signature verification (using Ed25519 cryptographic signatures to ensure non-repudiation of operations), automated static security analysis (scanning for potential vulnerabilities in agent workflows), and risk-centric architecture (establishing mathematically verifiable boundaries to prevent unauthorized modifications). FidusGate adopts a four-tier risk classification system integrated with the Cedar access control policy engine: - Tier 1 (Low Risk): Read-only operations (file reading, directory listing, etc., automatically approved) - Tier 2 (Medium Risk): Source code modifications (allow modifying source code in `apps/*` and `packages/*` directories, prohibit editing critical configuration files) - Tier 3 (High Risk): Terminal script execution (must be performed in a Docker sandbox) - Tier 4 (Critical Risk): Network and package management (strictly prohibit global network access, arbitrary package installation, etc.) ## Technical Architecture: Modular Monorepo Design FidusGate uses a modular Monorepo architecture managed by npm Workspaces: ### Shared Library Layer - core-types: Defines strict type boundaries for transactions, security findings, logs, and verifiable receipts - crypto-utils: Encapsulates signature and verification routines based on Ed25519 public-key cryptography - database: Thread-safe simulated database based on persistent JSON records ### Application Layer - secure-gateway: High-security Express microservice that exposes transaction APIs, automatically masks PII information, and performs signatures - admin-dashboard: Operation control center based on Vite+React, providing real-time log streams, interactive command consoles, and receipt signature validators ### CI/CD & Verification Layer - bootstrap.sh: Configures local git hooks and verifies the toolchain - sandbox-execute.sh: Executes commands in a secure, unprivileged Docker sandbox - ci-verify.sh: Uses act to simulate GitHub Actions workflows locally - pre-commit-ham-audit.sh: Pre-commit hook for security auditing ## Compliance and Risk Control Alignment: Adherence to International Security Standards FidusGate's design aligns with NIST SP 800-53, ISO/IEC 27001, and SOC 2 common criteria: - Separation of Duties (SoD): Separates code compilation, infrastructure modification, and security policy modification programmatically; AI agents cannot directly modify policy boundaries - Auditability and Non-Repudiation: Generates cryptographically signed Ed25519 receipts for all gateway transactions, establishing an immutable ledger of agent operations - Access Control and Least Privilege: Real-time restriction of tool calls based on risk severity, forcing high-risk terminal commands into isolated Docker sandboxes - System Integrity Protection: Automatically audits agent pipelines, scanning for dynamic prompt injection vectors and unsafe runtime variables ## Practical Significance: The Value of FidusGate The value of FidusGate is reflected in: 1. Preventing prompt injection attacks: Even if an attacker injects malicious instructions, the risk classification system blocks the execution of high-risk operations 2. Establishing audit trails: All operations have cryptographic signatures, meeting enterprise compliance requirements 3. Protecting supply chain security: Prevents agents from installing untrusted packages or executing arbitrary network requests 4. Zero-trust architecture: Does not assume any component is trustworthy; every operation requires verification ## Conclusion and Outlook: Future Directions for AI Agent Security Governance FidusGate represents an important direction for AI agent security governance—not limiting agent capabilities, but defining clear security boundaries. As AI agents are widely applied in enterprise environments, similar frameworks will become standard infrastructure. For teams looking to introduce AI agents into production environments, FidusGate provides a well-thought-out reference implementation, demonstrating how to establish enterprise-level security protection while maintaining development efficiency.