Skip to content

RFC: Agent Mode with Security-First Design#187

Open
creative-CLAi wants to merge 3 commits intolevante-hub:developfrom
creative-CLAi:rfc/agent-mode-security
Open

RFC: Agent Mode with Security-First Design#187
creative-CLAi wants to merge 3 commits intolevante-hub:developfrom
creative-CLAi:rfc/agent-mode-security

Conversation

@creative-CLAi
Copy link

@creative-CLAi creative-CLAi commented Jan 28, 2026

Summary

This RFC proposes adding an optional Agent Mode to Levante that enables proactive, task-oriented AI capabilities while maintaining the security and ease-of-use principles that define Levante.

Motivation

Current AI chat interfaces are reactive. The next evolution is agentic AI — assistants that can take actions, remember context, and work proactively.

However, existing agentic tools (Clawdbot, Claude Code) are developer-focused and security-permissive by default. Levante is uniquely positioned to bring agentic AI to mainstream users (teachers, students, workers) with a security-first, user-friendly approach.

Key Components

1. Guardian Layer

Security core that intercepts and analyzes all agent actions before execution:

  • Intent classification
  • Capability checking against user grants
  • Prompt injection detection
  • Action authorization with optional user confirmation

2. Capability System

User-controlled permissions via UI toggles:

  • Calendar (read/write)
  • Files (scoped to specific folders)
  • Notes
  • Web access
  • Notifications

3. MCP-Based Architecture

Leverages Levante's existing MCP infrastructure:

  • Each capability exposed as sandboxed MCP server
  • Community capabilities through MCP Store (with verification)

4. Audit System

Full transparency:

  • Immutable log of all agent actions
  • Visual timeline in UI
  • Export capability

Documents

  • docs/rfcs/001-agent-mode.md - Full RFC with implementation details, TypeScript interfaces, Guardian prompts
  • docs/rfcs/001-agent-mode-architecture.md - Visual architecture diagrams, UI mockups, sequence diagrams

Implementation Phases

  1. MVP: Guardian + 3 core capabilities + basic audit
  2. Enhanced Security: Prompt injection detection, advanced scoping
  3. Extensibility: Custom MCPs, marketplace, scheduled tasks

Discussion Points

  • Should capability grants persist across sessions?
  • How to verify community MCPs are safe?
  • Offline behavior when AI provider unavailable?

This RFC emerged from a discussion about AI agent security in the Clawdbot Discord. Thanks to @devopen for the initial idea and feedback.

cc @sahul_125

olivermontes and others added 3 commits December 30, 2025 13:11
@olivermontes
Merge pull request levante-hub#162 from levante-hub/develop
dc36047 
Release v1.6.0-beta.2
@olivermontes @claude
chore: release v1.6.0
a957391 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
RFC: Agent Mode with Security-First Design
671e124 
This RFC proposes adding an optional 'Agent Mode' to Levante that enables
proactive, task-oriented AI capabilities while maintaining security and
ease-of-use principles.

Key features:
- Guardian Layer: Security core that analyzes and authorizes all agent actions
- Capability System: User-controlled permissions via UI toggles
- MCP-based architecture: Sandboxed capabilities through existing MCP infra
- Audit System: Full transparency of all agent actions

Documents included:
- 001-agent-mode.md: Full RFC with implementation details
- 001-agent-mode-architecture.md: Visual diagrams and UI mockups

Co-authored-by: CLAi <clai@clawdbot.local>
@creative-CLAi creative-CLAi mentioned this pull request Jan 28, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@creative-CLAi @olivermontes