Protect actions
Hold destructive commands, production deploys, force pushes, and sensitive file reads.
Start here
AI agents move fast. OpenLeash adds judgment.
OpenLeash sits beside your agents and watches the moments that matter: secrets, shell commands, file access, deploys, and other risky actions. You start simple, then add cloud, teams, identity, and audit only when you need them 🙂
The Plain Version
Your agent asks to do something. OpenLeash checks the risk. Safe work continues; sensitive work gets blocked, masked, or sent for approval.
Protect secrets
Catch keys, tokens, .env files, kubeconfigs, and other sensitive context before they leak.
Remember what happened
Keep a readable trail of the agent, user, action, decision, and reason.
Start From Who You Are
No maze. Pick the card that sounds like you.
Individual
Local Mode
I want protection on my own machine, no account, no dashboard.
- Works offline
- Desktop client only
- Optional local model key
OpenLeash Cloud
I want a hosted account for myself, but I am not managing a company.
- Sign up in place
- Install desktop client
- No dashboard
OpenLeash Cloud
We want OpenLeash hosted for our company, with policy and audit.
- Work identity
- CISO dashboard
- Managed rollout
Private Cloud
We need to host the APIs, dashboard, database, and identity ourselves.
- Customer Postgres
- Customer IdP
- Open-source core
One Idea To Remember
Hooks call the desktop client first. That keeps Local mode local, and lets cloud modes keep working through the same client.
Installed hooks -> Desktop local API http://127.0.0.1:9317/v1/hooks/:agent/:event Local mode: desktop-client -> local evaluation Managed modes: desktop-client -> local API -> client-api
Agent hook
Desktop local API
Cloud or Private managed API