Drop in your agent stack, MCP configs, CrewAI or LangChain code, tool schemas, env files, and get a scored picture of what your agents are actually allowed to do, which of it is irreversible, and whether you could prove any of it afterwards.
Drop agent configs or a whole project folder here
Or choose what to check below. Large repos are fine, common noise like node_modules is skipped automatically.
Recognised today: MCP configs (claude_desktop_config.json, .mcp.json), CrewAI, LangChain and LangGraph, AutoGen, OpenAI tool schemas, IAM policy JSON, env files, Dockerfiles and compose files.
Every finding above can be enforced continuously: declare what your agents may do in plain English, and every action is authorised before it executes, with a signed receipt as proof.
Request a pilot How the authorisation layer worksThe same questions the Xybern authorisation layer answers at runtime, asked here of your static configuration.
Does each agent act under its own authority, or does everything share one credential that can never be narrowed or revoked individually?
When agents hand work to other agents, does the authority narrow at each hop, or does every sub agent inherit the whole keyring?
Are capabilities bounded to the job, or can a filesystem tool read your home directory and a payment tool move any amount to anyone?
Where does the authority material itself live, scoped and short lived, or plaintext keys sitting inside the configs the agents read?
Do irreversible actions wait for a named human before they execute, or does nothing consequential ever pause?
If something went wrong last Tuesday, could you prove which agent did what, under whose authority, against which rules?
Do you know what code sits behind each tool, pinned and reviewed, or does your stack run whatever the registry serves tomorrow?
The check shows where authority is unbounded. The authorisation layer bounds it, on every action, with proof.
Request a pilot Explore authorised agents