Open Source · Model-Agnostic · Rust CLI

Accountability for
AI coding agents.

Engineering leads are nervous about giving agents write access. AgentScope holds Claude, Codex, OpenCode, and any shell-wrapped agent accountable — every file changed is checked against the goal you declared, automatically, on every turn.

Install with one command Star on GitHub
agentscope check
$ agentscope check   ── Scanning diff against goal: "Fix checkout button loading state" ── Base commit: a3f9c12 → Working tree   src/components/CheckoutButton.tsx EXPECTED src/styles/checkout.css EXPECTED tests/checkout.test.ts EXPECTED auth/session.ts BLOCKED blocked path package.json SUSPICIOUS no matching mission rule  
JUDGE claude-sonnet-4-5 · score: 72/100 · uncertain   → auth/session.ts is unrelated to the checkout loading state. Likely scope drift. The agent may have refactored session handling opportunistically while working on the button.   Risky files: auth/session.ts, package.json
 
BLOCKED auth/session.ts — hard rule: blocked_paths Deterministic rules override judge. Revert this file to continue.
  Allow package.json change? [y/N]

Why this exists

Three failure modes every team
giving agents write access hits immediately

01

Scope drift

Agent finishes the task, then silently "fixes" adjacent files. The diff is hard to review and trust collapses at code review.

universal

02

No accountability

You gave the agent a goal but there's no record, no audit, no check that it actually stayed inside it. You find out at review — or in production.

engineering leads

03

No write-access boundary

Agents touch .env, migrations, auth. One wrong run wipes data. No native guardrail exists across any agent tool today.

security · production

AgentScope adds accountability at the diff boundary.

No editor integration required. If your agent runs in a shell, AgentScope can hold it accountable.

Integration

Already using Claude
or Codex? Pick your style.

Your agent doesn't change. AgentScope works at the Git boundary — checking every diff against your declared goal. Three ways to integrate.

Mode 1 · Recommended to start

Two terminals — your agent is completely untouched

Keep running Claude or Codex exactly as you do today. Open a second terminal for AgentScope. Set your mission, run your agent, then check.

Terminal 1 — agentscope
# 1. Record your mission + git baseline agentscope start "Fix checkout bug" --agent claude   # 3. After agent finishes — check scope agentscope check   # Or watch the diff live as agent edits agentscope watch
Terminal 2 — your agent (nothing changes)
# 2. Run your agent exactly as normal claude # or: codex, cursor, gemini, ...   # AgentScope reads the git diff. # It does NOT wrap or change your # agent's launch or behavior.
Mode 2 · Zero friction after install

Git hook — auto-check on every commit

Install once per repo. Every git commit automatically runs agentscope check. Your agent workflow is completely unchanged.

# Install once in your repo agentscope init agentscope hook install   # Then commit as normal: git commit -m "fix checkout" scope check ran — 3 files EXPECTED commit blocked — auth/session.ts BLOCKED
Mode 3 · Agent reads your rules on every session

Plugin install — write guidance into the agent's native file

Run once per project. AgentScope writes your policy rules and scope commands into the agent's native instructions file — CLAUDE.md for Claude, AGENTS.md for Codex. The agent reads these automatically, no flags needed.

# Write AgentScope guidance into the agent's native file agentscope plugins install --agent claude # → writes CLAUDE.md agentscope plugins install --agent all # → writes for all agents   # Agent reads the file automatically — run it normally claude → agent knows the rules for this project

How it works

Four engines.
One config file.

AgentScope is a layered Rust CLI that holds agents accountable. Deterministic rules run first — fast, always. The LLM judge is opt-in and can only make the result more cautious, never less safe.

01 / ALWAYS RUNS

Git Engine

Captures the baseline commit on agentscope start. After the agent runs, it diffs the working tree against that baseline: changed files, line counts, deleted files, binary changes, and untracked files.

02 / ALWAYS RUNS

Policy Engine

Pure deterministic rules. No LLM. Checks allowed paths, blocked paths, max files, max lines, protected files, package manifests, migrations, lock files, and deleted files. Hard blocks cannot be overridden by the judge.

03 / OPTIONAL

Judge Engine

Asks an LLM: "Does this diff match the stated goal?" Supports the shared judge interface and real local Ollama CLI execution. Returns a 0-100 drift score, verdict, reasons, risky files, and a recommended action.

04 / ALWAYS RUNS

Decision Engine

Combines policy result + judge result using a strict hierarchy: hard block > judge recommendation > soft warn. Outputs: continue, warn, ask, or block — configured per-rule in YAML.

05 / ALWAYS RUNS

Reporter

Three output formats: action-first terminal guidance for humans, JSON for automation, and Markdown for PR comments or session logs. Reports are saved under .agentscope/.

06 / AGENT CONTEXT

Agent Detection

agentscope agents detect inspects your project for local agent context files and infers the active session. agentscope attach --agent auto --apply writes a session from the detected context. agentscope monitor --agent auto watches continuously.

07 / TUI

Live Dashboard

agentscope watch opens a live terminal dashboard: changed files, policy meters, run history, and scope status updating in real time as your agent edits the codebase.

10 supported agents.
One command.

Declare your mission and pick your agent. AgentScope records the git baseline, then checks every changed file against your goal when you're done.

--agent claude

Claude

agentscope start "Fix bug" --agent claude

--agent codex

OpenAI Codex CLI

agentscope start "Add tests" --agent codex

--agent codex-app

Codex App (GUI)

agentscope start "Update deps" --agent codex-app

--agent cursor

Cursor AI

agentscope start "Refactor auth" --agent cursor

--agent gemini

Google Gemini CLI

agentscope start "Fix handler" --agent gemini

--agent opencode

OpenCode

agentscope start "Clean imports" --agent opencode

--agent openclaw

OpenClaw

agentscope start "Fix middleware" --agent openclaw

--agent hermes

Hermes Agent

agentscope start "Add logging" --agent hermes

--agent copilot

GitHub Copilot CLI

agentscope start "Fix bug" --agent copilot

--agent antigravity

Antigravity IDE

agentscope start "Fix bug" --agent antigravity

Applications

Launch native or with Ollama

Run the app directly if it is installed, or launch the same app through Ollama with qwen3.5.

Claude Code

Native

claude

Ollama

ollama launch claude --model qwen3.5

Codex App

Native

open -a Codex

Ollama

Use Codex CLI: ollama launch codex --model qwen3.5

OpenClaw

Native

openclaw

Ollama

ollama launch openclaw --model qwen3.5

Hermes Agent

Native

hermes

Ollama

ollama launch hermes --model qwen3.5

Codex

Native

codex

Ollama

ollama launch codex --model qwen3.5

OpenCode

Native

opencode

Ollama

ollama launch opencode --model qwen3.5
full workflow
# 1. Initialize config in your repo (once) agentscope init   # 2. Declare your mission — records the git baseline agentscope start "Fix the rate-limit bug in api/middleware.ts" --agent codex   # 3. Run your agent as normal in another terminal or window # agentscope does NOT wrap or launch it   # 4. Check scope when done (or use agentscope watch for live view) agentscope check # deterministic rules agentscope judge -m qwen3.5:2b # optional LLM judge agentscope check --json # machine-readable for CI

Live TUI Dashboard

Watch your agent.
In real time.

Run agentscope watch alongside your agent. The live dashboard shows scope status, file change activity, and an LLM judge verdict — all without wrapping or interrupting your agent.

agentscope watch — session a1b2c3 — "Fix rate-limit bug in api/middleware.ts"
agentscope watch session: a1b2c3 "Fix rate-limit bug in api/middleware.ts"
Files Changed (6)
api/middleware.ts +47 -12
api/middleware.test.ts +33 -0
config/app.yaml ALLOWED
src/database/schema.rs +89 -5
· README.md +3 -0
package-lock.json +120 -80
Activity by Directory
api/
▓▓▓▓▓▓▓▒░
+80
src/
▓▓▓▓▓▓▓▓▓▒
+94
cfg/
▓▒
+3
docs/
+3
LLM Judge model: claude (press j to run)
⚠ DRIFT DETECTED
confidence:
0.71
"schema.rs changes appear unrelated to the rate-limit fix. Recommend review before merging."
/ Activity theme: codex
policy: allowed config/app.yaml
diff: opened api/middleware.ts
theme: switched to openclaw
Diff Overlay — api/middleware.ts
+ if retry_after > now { return TooManyRequests; }
- allow_request_without_window();
// context lines stay dim for scanning
Slash Commands Tab=complete Enter=run Esc=cancel
/diff [file]   /status   /check   /judge   /problems   /allow [path]   /block [path]   /theme [name]   /clear   /quit
> /allow config/app.yaml▌ 3 expected · 1 suspicious · 1 blocked /=cmd enter=diff /theme
⚖️
The judge is LLM-powered. Press j in the watch TUI to send all changed files and your mission statement to Claude, OpenAI, Gemini, OpenRouter, or a local Ollama model. It responds with a semantic verdict, a confidence score, and a natural-language reasoning string — not just pattern matching.

judge.provider = "claude" | "openai" | "gemini" | "openrouter" | "ollama" — configure once in agentscope.yaml.
/diff
Open Diff
Show a full-screen colored diff for the selected or named file
/status
Status
Print a one-line summary: total files, allowed, in-scope, unasked, blocked
/check
Check
Evaluate all changed files and report any blocked or unasked violations
/judge
Judge
Run the configured LLM against the mission and current changes
/problems
Problems
Toggle filter to show only blocked and unasked files in the list
/allow
Allow
Persist an allow override in agentscope.yaml and log the change to activity
/theme
Theme
Switch palette: agentscope, codex, openclaw, mono
/block
Block
Persist a new blocked glob in agentscope.yaml and refresh verdicts
/clear
Clear
Clear the activity log panel to reduce noise
/quit
Quit
Exit the watch TUI (also /exit). The agent session continues running.

Plugin Integration Workflow

No manual exit.
Agent holds itself accountable.

Use AgentScope in two ways: local instruction files for any agent, or Claude Code's plugin marketplace flow. The pre-commit hook still enforces scope at every commit — no wrapper command, no manual review step.

agent

Claude / Codex
makes changes

pre-commit hook

agentscope check
runs automatically

agentscope

check --json
runs in < 100ms

continue

✓ commit allowed
agent continues

|

block

✗ commit halted
violations shown

Claude Code marketplace

install + activate
# Install plugin files + register with Claude Code (once per project) agentscope plugins install --agent claude   # Restart Claude Code, then verify in /plugins → Installed tab # Plugin ID: agentscope@agentscopev2   # Or add marketplace manually from inside Claude Code: /plugin marketplace add abdouloued/abdouloued.github.io /plugin install agentscope@agentscope

Local instruction files

install + activate
# Write AgentScope guidance into native files agentscope plugins install --agent claude # CLAUDE.md agentscope plugins install --agent codex # AGENTS.md   # Then run your agent normally agentscope attach --agent auto --apply codex   # Install for all agents at once: agentscope plugins install --agent all

OpenCode

install + activate
# Write AgentScope guidance into .agentscope/plugin/opencode/ agentscope plugins install --agent opencode   # Attach mission from current agent context agentscope attach --agent auto --apply opencode   # Watch and check agentscope watch

MCP tools exposed to the agent

ToolWhen to useReturns
scope_check Verify current scope — shows a hint to run agentscope check { "hint": "run agentscope check for terminal policy output" }
scope_status At session start — confirm active goal and base commit Session JSON: goal, agent, base SHA, started_at
scope_start Register a goal if one wasn't set at launch { "hint": "run agentscope start \"mission\"" }
agent_attach Attach inferred session from agent context { "hint": "run agentscope attach --agent auto --apply" }

CLAUDE.md / AGENTS.md

Agent-specific instruction file. Written to the location each agent reads automatically.

.cursor/rules/

Cursor rules file. Automatically picked up by Cursor's agent context.

.github/copilot-instructions.md

Copilot custom instructions file. Read by GitHub Copilot Chat.

.agentscope/plugin/

Local record of installed plugins. Used by agentscope plugins list.

Decision modes

You decide what happens
when the agent breaks scope.

Configure globally or per-rule. Mix and match. Solo devs use warn. Teams use block. Interactive sessions use ask.

continue

Log it, allow it. Full audit trail with no interruption.

warn

Print warning, allow the change. Developer decides manually.

?

ask

Pause and prompt. Interactive y/N with context shown.

block

Exit non-zero. CI fails. The change cannot proceed.

# Safety hierarchy — cannot be overridden

Hard deterministic block # .env touched, blocked_path hit → always blocks LLM judge recommendation # can escalate warn→ask or ask→block Soft rule action # per-rule warn/ask as configured continue # all clear

Judge engine

Three providers.
One interface.

The judge answers one question: does this diff match the stated goal? It's opt-in, privacy-conscious by default, and uses a strict prompt that prevents code quality opinions from bleeding in.

input

goal + diff stat

openai

openai models

|

anthropic

claude models

|

local / free

ollama (llama 3)

output

score + verdict

JudgeResult interface
type JudgeResult = { score: number; // 0-100 drift signal verdict: "in_scope" | "uncertain" | "scope_drift"; reasons: string[]; // human-readable explanation risky_files: string[]; // files the judge flags recommended_action: "continue" | "warn" | "ask" | "block"; };   // Judge only fires when at least one trigger is true: only_when: blocked_paths_touched max_files_exceeded package_changed migration_changed large_diff
Privacy by default. The local Ollama path runs through the installed ollama CLI, so judging can stay on your machine. Remote judge providers are optional.

Configuration

Everything in
one YAML.

agentscope.yaml
# agentscope.yaml — generated by `agentscope init`
version: 1

policy:
  # Hard block — agent writes here halt the session
  blocked:
    - ".env"
    - ".env.*"
    - "**/.env.*"
    - "**/secrets/**"
    - "**/*.pem"
    - "**/*.key"
    - "**/migrations/**"
  # Warn — triggers warning but doesn't block
  warn:
    - "package-lock.json"
    - "yarn.lock"
    - "Cargo.lock"
    - "**/config/**"
  max_files_changed: 20 # 0 = disabled

judge:
  enabled: true
  provider: ollama # ollama | claude | openai | none
  model: "qwen3.5:2b"
  endpoint: "http://localhost:11434"

team:
  enabled: false
  share_logs: false
edit your config
# Create agentscope.yaml in your repo (picks up sensible defaults) agentscope init # default preset agentscope init --preset team # team preset (stricter limits) agentscope init --preset ci # CI preset (json output, no judge)   # Open the file in your $EDITOR directly agentscope config edit # opens agentscope.yaml in $EDITOR   # Quick single-value changes without opening the editor agentscope config set model qwen3.5:2b # change judge model agentscope config set judge.provider ollama # switch provider   # Inspect & reset agentscope config show # print resolved config agentscope config path # print path to the config file agentscope config reset # reset to defaults

# Install

install agentscope
# Install from source via cargo cargo install --git https://github.com/abdouloued/agentscopev2 --force   # Or clone and build locally git clone https://github.com/abdouloued/agentscopev2.git && cd agentscopev2 cargo build --release && cargo install --path .   # Verify install agentscope --version

# CLI reference

all commands
## Quick Start agentscope init # create agentscope.yaml in your repo agentscope start "Fix login bug" --agent claude # record mission + git baseline agentscope check # check diff against goal + policy agentscope check --json # machine-readable output (CI) agentscope check --share # copy markdown summary to clipboard agentscope status # show active session one-liner   ## Agent Workflow agentscope agents detect # detect local agent context files agentscope agents doctor # explain found/missing sources + repair agentscope attach --agent auto # infer mission from agent context (dry run) agentscope attach --agent auto --apply # write inferred session to disk agentscope monitor --agent auto # watch live + auto-attach on high confidence agentscope watch # live TUI dashboard (scope + diff + history)   ## Launcher Lab agentscope launchers list # list supported launcher apps agentscope launchers test # safe startup test for all launchers agentscope launchers test codex # safe startup test for one launcher agentscope launchers summary # compact launcher status summary   ## LLM Judge agentscope judge # judge with default provider + model agentscope judge -m qwen3.5:2b # specify model (ollama) agentscope judge -p claude # anthropic claude agentscope judge -p openai -m gpt-4o # openai agentscope judge -p gemini # google gemini agentscope model list # list available ollama models + cloud providers agentscope model set qwen3.5:2b # set default judge model agentscope model test # test current model with a simple prompt agentscope model pull llama3 # pull model from ollama   ## Reports & Audit agentscope report # print last run in terminal agentscope report --markdown # output as markdown (for PR comments) agentscope diff # git diff with scope annotations agentscope diff --problems # show only blocked/unasked files agentscope audit last-5 # last 5 sessions agentscope audit today # sessions from today agentscope audit HEAD~5..HEAD # audit a git range   ## Integrations agentscope hook install # install pre-commit hook agentscope hook uninstall # remove hook agentscope hook status # show current hook status agentscope plugins install --agent all # write guidance files for all agents agentscope plugins install --agent claude # writes to CLAUDE.md only agentscope skills install --agent all # write skill instructions for all agents agentscope use codex-app # write helper integration files for one agent agentscope mcp # start persistent JSON-RPC MCP server   ## Chats & Sessions agentscope chat new "Fix checkout" # create an AgentScope-owned chat agentscope chat list # list AgentScope chats agentscope chat show <id> # show chat metadata + transcript agentscope chat delete <id> # soft-delete a chat agentscope chat restore <id> # restore an archived chat agentscope chat purge <id> # permanently delete archived chat agentscope sessions list # list indexed local assistant sessions agentscope sessions latest # show newest local assistant session agentscope sessions show <id> # show one indexed session   ## Config agentscope config show # print current config agentscope config set model qwen3.5:2b # set a config value agentscope config edit # open agentscope.yaml in $EDITOR agentscope config reset team # reset to a preset (solo|team|ci)

Local Development

Clone and run
in your own repo.

Want to contribute, inspect the source, or use a local build? AgentScope is a single Rust binary — clone, build, point at your repo.

1. Clone & build agentscope
# Clone the repo git clone https://github.com/abdouloued/agentscopev2.git cd agentscopev2   # Build and install the binary to ~/.cargo/bin cargo install --path . --force   # Or just build without installing cargo build --release ./target/release/agentscope --version
2. Use in your project repo
# Navigate to YOUR project (not agentscope's dir) cd ~/my-project   # Initialize agentscope config here agentscope init   # Start a session and run your agent agentscope start "Fix the login bug" --agent claude # ... run claude, codex, or your agent ... agentscope check
Requires: Rust toolchain (rustup), Git. Run cargo test to verify your build. Contributions welcome — see CONTRIBUTING.md.

Developer workflow

Designed for the way
agents are used today.

AgentScope does not require editor hooks, cloud dashboards, or a new agent runtime. It works at the shell and Git boundary.

Terminal report

Every run prints a compact card showing the goal, base commit, changed files, reasons, judge result, and final action.

JSON for automation

.agentscope/last-run.json gives CI, scripts, and dashboards a stable machine-readable contract.

Markdown for reviews

.agentscope/last-run.md is ready for PR comments, session logs, and handoffs between developers.

Shell wrapper

Works alongside Claude, Codex, Cursor, Gemini CLI, OpenCode, and any custom agent. Your agent runs untouched; agentscope tracks the boundary.

Activity log

Every check appends a record to .agentscope/runs.jsonl (personal) and agentscope-activity.jsonl (team audit trail). agentscope audit last-5 shows a table of all past checks.

Drift forensics

agentscope audit main..HEAD walks every commit in a range and marks the first one that violated scope — so you know exactly which commit to revert.

drift report · shareable
goal "Fix checkout button loading state" agent claude-code run 2026-05-22 14:32 UTC   files expected 3 files suspicious 1 files blocked 1 drift score 72 / 100 verdict uncertain action BLOCKED  
auth/session.ts was modified without permission. The agent drifted into authentication code while fixing a UI bug.
  github.com/abdouloued/agentscopev2 · open source · model-agnostic

Public launch

Ready for a clean
GitHub release.

v0.1 · ready

Core engine

  • agentscope.yaml
  • Git diff engine with line numbers
  • Policy engine (all rules)
  • EXPECTED / SUSPICIOUS / BLOCKED / IGNORED labels
  • Ollama, Claude, OpenAI, Gemini, OpenRouter judge
  • 5-mode TUI cockpit (Review/Chat/Dashboard/Sessions/Live)
  • JSON + Markdown reports
  • Pre-commit hook (agentscope hook install)
  • Plugin install → CLAUDE.md / AGENTS.md / .cursor/rules/
  • Agent auto-detection (Claude, Codex, Cursor, Gemini, Copilot…)
  • MCP stdio server
  • 5 TUI themes

next

Provider polish

  • Document OpenAI setup
  • Document Claude setup
  • Provider-specific fixtures
  • More judge failure modes
  • Token/cost notes

later

Team workflow

  • GitHub Actions integration
  • PR comment reporter
  • Shared team config (git-tracked)
  • Approved exception store
  • Org policy templates

later

Ecosystem

  • Cursor and Gemini CLI fallback docs
  • Policy plugin API for custom rules
  • Optional drift analytics
  • VS Code extension

# Publish to GitHub

push repository
# Create a new repository from the command line echo "# agentscope" >> README.md git init git add README.md git commit -m "first commit" git branch -M main git remote add origin git@github.com:abdouloued/agentscopev2.git git push -u origin main   # Or push this existing repository git remote add origin git@github.com:abdouloued/agentscopev2.git git branch -M main git push -u origin main

Current stack

language Rust 2021 cli clap config serde_yaml reports serde_json + Markdown git diff git CLI judge Ollama CLI + provider interface testing cargo test

Launch gate

OK agentscope.yaml with init
OK start, check, run, report
OK blocked paths and env files hard-block
OK product-level CLI tests (31 pass)
OK README for install and judge usage
OK GitHub Pages landing page
OK fmt, test, clippy, install
OK native plugin install (claude + codex)
OK persistent MCP stdio server
OK skills injection for all agents

open source · mit license

Give agents write access.
Hold them accountable.

AgentScope records the goal, checks every changed file against it, and stops drift automatically — as a pre-commit hook, MCP tool, or standalone CLI. Before review, merge, or handoff.

Star on GitHub See native plugins
Choose theme
/ ESC