MakerChecker 0.1 ships mc scan and @makerchecker/embedded for agent tool-call governance
MakerChecker provides the first practical open-source checkpoint for emergent agent capabilities. It combines static scanning with runtime governance and tamper-evident logs. The release directly targets the gap between agent frameworks and regulatory or safety requirements.
The GitHub repository makerchecker/MakerChecker publishes mc scan, which parses agent code without network calls and maps 17 classes of actions to prior incidents such as data deletion and unauthorized transfers. The embedded package enforces role grants at runtime so an agent role never receives high-risk skills like place-order@1. Every decision writes a hash-chained ledger verifiable offline. LangChain and CrewAI deployments already expose direct tool execution in production logs; the new layer inserts before the executor, returning GovernanceDeniedError on first unauthorized call. This matches patterns seen in the 2024 LangChain agent CVE disclosures where unrestricted shell access enabled remote code execution. Operational impact is immediate for finance and pharmacovigilance workflows listed in the examples. Regulated teams can now produce exportable bundles that satisfy audit requirements without trusting the runtime database. The design separates approval from execution, preventing self-approval loops that current SDKs permit by default. Next milestone is measurable adoption: integration commits in public CrewAI and LangGraph repositories will indicate whether the signed ledger format becomes a de-facto standard before vendor-specific controls ship.
MakerChecker: 50 public GitHub repositories using CrewAI or LangGraph will import @makerchecker/embedded within 9 months.
Sources (3)
- [1]Primary Source(https://github.com/makerchecker/MakerChecker)
- [2]Supporting Source(https://arxiv.org/abs/2312.03687)
- [3]Supporting Source(https://www.anthropic.com/news/model-spec)