2026-06-29 18:20 UTCIn-site rewrite2 min readUpdated: 2026-06-29 18:24 UTC

KitForge – generate an AI agent manifest; scaffold with enforced approval gates

KitForge is an open-source framework that enforces AI agent safety controls through deterministic gates, including authority budgets, tamper-proof audit trails, human-in-the-loop approval, and circuit breakers. It offers a browser-based design tool and Python CLI to generate agent code with enforced safety measures.

SourceHacker News AIAuthor: stoicstoic

Article intelligence

EngineersIntermediate

Key points

KitForge enforces safety controls via deterministic gates (authority budgets, tamper-proof audit logs, human approval, circuit breaker) rather than just logging warnings.
Provides a browser-based agent designer and Python CLI to generate agent code with enforced approvals and tests.
Targets Python and LangGraph patterns; generated tools are mock stubs, requiring user integration with real systems.

Why it matters

This matters because kitForge enforces safety controls via deterministic gates (authority budgets, tamper-proof audit logs, human approval, circuit breaker) rather than just logging warnings.

Technical impact

May affect model selection, inference cost, product capability, and evaluation benchmarks.

This panel is AI-generated and reviewed for accuracy.

Why this exists. Most “agent safety” frameworks describe guardrails the code never enforces — an audit verify that returns true, budget counters that never block. KitForge is built the opposite way: the controls are deterministic gates around the model, and the repo ships the tests that prove they stop a real violation. Run python -m pytest tests/ and watch a tampered audit log fail verification and a rejected approval halt the action.

What enforces

Authority budgets that block

Tool-call, token, and wall-clock counters decrement and raise when exhausted. The agent loop stops — it does not log a warning and continue.

Audit trail that fails on tamper

An append-only, HMAC-chained log. verify() recomputes the chain and returns false if any entry was altered, reordered, or deleted. Not a no-op.

Human-in-the-loop that halts

A rejected or timed-out approval raises and the guarded action never runs. Approval is required structurally, not requested politely.

Circuit breaker + output validation

A breaker opens after repeated tool failures and refuses further calls; tool output is validated against its declared schema before it touches agent state.

Download KitForge (.zip)Python 3.10+ · MIT · ~30 KB

Design one in your browser

Sketch an agent here. You get a valid blueprint.json to save and feed to KitForge locally — and a one-click check of the design in the Compliance Scanner. The code itself is generated on your machine by the Python CLI; this builds the blueprint it runs on.

Agent name

What it does

Tools tick the ones that should need human approval

approval

Tool-call budget

Audit level

Add a name and at least one tool to build.

Quick start

unzip kitforge.zip && cd kitforge pip install pydantic # the only runtime dep python -m pytest tests/ -q # 13 enforcement tests pass

generate the demo agent (Quarterly Earnings Analyzer)

python -m kitforge demo -o ./my-agent cd my-agent && export KITFORGE_AUDIT_KEY=$(openssl rand -hex 32) python main.py # runs the loop; HITL gate stops 'publish' until you approve

Honest scope

Python + LangGraph patterns only. The generated graph runner is intentionally minimal; swap in langgraph.StateGraph for production — the safety wiring is identical.

Generated tools are [MOCK] stubs. Wiring them to your real systems (and your real approver — Slack, email, web) is the last mile, and it's yours.

The framework enforces the controls it ships; it is not a substitute for a security review of your specific deployment.

Part of the AgentKits governance tools. See also the Compliance Scanner and Risk Assessment.