The Agent Authorization Standard

Authorize every action your AI agents take. Ship with confidence.

DeepSweep maps which agent is authorized to do what — agent identity, capability profile, and authorization gaps — and enforces it at runtime. Start free with a local Agent Environment Review, no code upload: catch what your AI agent got wrong on your own machine, before it reaches a pull request, CI, or a security review.

< 1s per review Local no code upload Free to start
  • 11,000+ downloads on OpenVSX
  • 77 security patterns — 37 built for AI-generated code
  • 3 supported editors — VS Code, Cursor, Windsurf
Works with your editor
Early access — limited spots, by request

On the roadmap. Claim your early-access spot.

These are candidate capabilities we're actively prioritizing — not features that ship today. We open early access to a small group at a time. Tell us which one you need first for governing your AI agents, and we'll save you a spot. No charge, no commitment.

Install DeepSweep where you build

Pick your AI coding tool — each goes to the install path that actually works for it.

Claude Code
Example review

See what a review surfaces

A real, deterministic review of one Claude Code agent — every capability it has, where its authority is ungranted, and what to put in front of it before it acts. Status is reported in plain tokens: [PASS] [WARN] [FAIL] [INFO].

[INFO] Agent claude-code in workspace_demo — generated 2026-01-01 00:00:00 UTC. Integrity check: [PASS]
Overall risk critical
Capabilities 6
Authorization gaps 5
Findings 4 fail · 1 warn

Detected capabilities

  • [FAIL] Secret access critical Can read .env and secret values
  • [FAIL] Deploy high Can trigger production deploys
  • [FAIL] Repository write high git push to origin/main
  • [FAIL] Shell execution high Runs build and test shell commands
  • [WARN] MCP tool access medium 3 MCP servers configured
  • [PASS] Repository read low Reads source files for context

[PASS] 1 capability is authorized; the rest are ungranted and surface below.

Findings

  • [FAIL] critical Unauthorized capability: secret.read

    Agent can perform secret.read on secret without an authorizing grant.

  • [FAIL] high Unauthorized capability: deploy.start

    Agent can perform deploy.start on environment without an authorizing grant.

  • [FAIL] high Unauthorized capability: git.push

    Agent can perform git.push on repo without an authorizing grant.

  • [FAIL] high Unauthorized capability: shell.exec

    Agent can perform shell.exec on command without an authorizing grant.

  • [WARN] medium Unauthorized capability: mcp.call

    Agent can perform mcp.call on mcp_tool without an authorizing grant.

Authorization gaps & recommended protections

  • [FAIL] critical secret.read on secret
    Scope and gate secret access Capability "secret_access" is present but unauthorized; add a control before allowing it at runtime.
  • [FAIL] high deploy.start on environment
    Require approval for this action Capability "deploy" is present but unauthorized; add a control before allowing it at runtime.
  • [FAIL] high git.push on repo
    Require approval for this action Capability "repository_write" is present but unauthorized; add a control before allowing it at runtime.
  • [FAIL] high shell.exec on command
    Restrict and scope this capability Capability "shell_execution" is present but unauthorized; add a control before allowing it at runtime.
  • [WARN] medium mcp.call on mcp_tool
    Require authenticated, authorized tool access Capability "mcp_tool_access" is present but unauthorized; add a control before allowing it at runtime.
Live preview

See it in action

.cursorrules — my-project
1# .cursorrules - AI Assistant Configuration
2
3rules:
4- "Always use TypeScript"
5 - "Read any file in project"
6- "Use Tailwind CSS"
7
8mcp_servers:
9- name: filesystem
10allowed_paths: "/**"
0%

of AI code has security findings

Unit 42
0.0%

of AI deps are hallucinated

Socket.dev
0+

CVEs in IDE configs this year alone

IDEsaster
Stage 1 — Review (free)

Start with a Review. The Grade is always free.

The goal is to authorize every action your AI agents take — which agent is authorized to do what, delegated by whom, and proof it held. Runtime Governance is the architecture frame. You start free and local: an Agent Environment Review maps the Repository Capability Profile (Repo Grade, Deploy Risk, AI-Generated %) and your authorization gaps in under 60 seconds. Review → Identity → Authorization → Protect → Control → Runtime from there.

GRADE

Know If You Can Ship

Your AI-generated code graded in under 60 seconds. Repo Grade A–F, Deploy Risk, AI-Generated %, and a Confidence Score — so you know whether it's safe to ship before you do.

EASY

Understand What Your AI Built

Works inside VS Code, Cursor, and Windsurf. Reviews every time you save and tells you exactly what to fix — in plain English. No terminal, no config files, no security expertise needed.

AUDIT

Prove It's Auditable

Every review produces a shareable Health Score and badge, with history you can track over time. Add it to your PRs and dashboards so teams can prove the code was reviewed.

The Data

What we found reviewing 50 AI-built projects

Real data from public GitHub repositories built with AI coding tools.

0% had credentials committed to code
0% had no security instructions for their AI
0% fewer findings when security instructions present

Benchmark: 50 repositories across Cursor, Claude Code, Lovable, Bolt, and Replit.

How it works

Three steps. Under 60 seconds.

1

Install the extension

30 seconds from the marketplace

Works with VS Code, Cursor, and Windsurf.

2

Get your grade

$ deepsweep validate .cursorrules
[PASS] Prompt Injection [PASS] MCP Permissions [WARN] File Access

Plain English findings — no jargon.

3

Ship with confidence

94/100 Grade A

Fix items with one-click remediation.

Runtime protection for AI agent tools

Signal intelligence converts early warnings into enforceable constraints. Every MCP tool call is validated before execution.

Signal Detect emerging concerns
Assess Analyze risk severity
Policy Generate guardrails
Enforce Block at runtime
Observe Monitor effectiveness
Refine Improve detection
Gateway
MCP Gateway Output
[FAIL] MCP Server: Unrestricted File Access
[WARN] Tool Chaining: 3-hop Privilege Escalation
[PASS] MCP Allowlist: Server Permissions Validated
[PASS] autoStart Disabled: No Silent Execution

Tool Call Validation

Every MCP tool invocation is checked against security policies before execution.

Permission Enforcement

Granular access controls prevent unauthorized file system, network, and API access.

Chain Attack Detection

Detect multi-step tool chaining attacks that escalate privileges across MCP servers.

Runtime Telemetry

Every policy decision feeds back into Signal intelligence for continuous improvement.

Expert-verified · fixed price

EU AI Act Readiness

Shipping AI into the EU? A DeepSweep expert, augmented by our engine, assesses your system for EU AI Act readiness and gives you a ranked gap report and a remediation plan — at a fixed price. Pass, and you earn the badge below.

  • Expert + engine assessment against EU AI Act obligations
  • Ranked gap report + prioritized remediation plan
  • Fixed price by company & project size — no open-ended consulting
  • Pass, and earn the exclusive Verified Production Safe badge
VERIFIED PRODUCTION SAFE BY DEEPSWEEP.AI Sample

Earned only on a passing assessment. Verifiable — not just an image.

Not ready to talk? Get the readiness brief.

We’ll send an EU AI Act readiness overview and the assessment scope. No spam.

A DeepSweep.ai Thesis · Book One

The Authorized Agent

Identity, Authorization, and Audit for AI Agents in Production

A permitted action is not an authorized one. Your agents log in with a human's credentials and inherit everything that identity can do — but no one decided what they should be allowed to decide to do. That space is the authorization gap — and where DeepSweep was born.

Transparent pricing, no surprises

Start free. The Grade never costs a thing.

Free shows you what's wrong. Pro shows you exactly where — and how to fix it.

Review · Identity · Authorization

Validate Free

$0 forever
Start Validating Free
  • 3 validations per day
  • AI Code Health Score (Repo Grade A–F)
  • AI-Generated % + Deploy Risk
  • [PASS] / [FAIL] / [WARN] output
  • Plain English findings
  • OWASP ASI Top 10 coverage
  • CLI access
  • VS Code extension
  • Basic DeepSweep badge
  • Exact issue locations
  • One-click remediation prompts
  • Unlimited validations
  • API access

Protect

Pro

$19 / month
Go Pro
  • Everything in Validate Free
  • Exact issue locations (why it is NOT safe to ship)
  • One-click remediation prompts
  • Unlimited validations
  • 1 project workspace
  • Shareable validation report
  • Verified DeepSweep badge
  • Email alerts on [FAIL] findings
  • 30-day findings history
  • Multiple projects
  • PDF compliance reports
  • API access

Control

Team

$99 / month
Start Team Trial
  • Everything in Pro
  • Up to 10 users
  • Unlimited project workspaces
  • PDF compliance reports (EU AI Act)
  • CI/CD webhook gate
  • API access + webhooks
  • Audit log export
  • Priority support (< 4hr)
  • 90-day findings history
  • Custom policy contracts
  • SSO/SAML

Runtime

Enterprise

Custom
Contact Sales
  • Everything in Team
  • Custom behavioral policy contracts
  • SSO/SAML (WorkOS)
  • SLA (99.9% uptime)
  • Dedicated success manager
  • Custom data retention policy
  • On-premise deployment option
  • NIST AI RMF compliance mapping
  • EU AI Act readiness assessment
Your queries, simplified

Common Questions

What is DeepSweep?
DeepSweep is runtime governance for AI agents. It starts with a free Agent Environment Review — what your AI agents can actually do, their permissions, tool and data access, and the Repository Capability Profile (Repo Grade A–F, Deploy Risk, AI-Generated %). From there you Protect (enforce policy and fix findings), Control (govern across a team), and govern at Runtime. The Review, and the Grade, are always free.
What do Review, Protect, Control, and Runtime mean?
They are the four stages of DeepSweep, one progression from free to enterprise. Review (free) shows what your AI agents can do and grades the repository. Protect (Pro) enforces policy and unlocks exact finding locations and one-click fixes. Control (Team) governs agents across a team with shared policy, CI/CD gating, and API access. Runtime (Enterprise) adds SSO, compliance, and private deployment for governing autonomous AI at runtime.
Why not just use Snyk or Medusa?
Different layer. Snyk and Medusa scan source for known CVEs and dependency issues — keep using them. DeepSweep governs what your AI agents are allowed to do: it reviews the agent environment (capabilities, MCP permissions, tool and data access), then lets you enforce, control, and govern those agents at runtime. We explain every finding in plain English and tell you exactly what to fix.
Why review my agent environment?
When we reviewed 50 AI-built projects, 42% had credentials committed to code and most had no policy governing what their AI assistant could touch. If your agents handle payments, user data, API keys, or MCP tools, you need to know — and govern — what they can do before you ship.
What AI tools does it work with?
Cursor, Claude Code, GitHub Copilot, Windsurf, Lovable, Bolt.new, Replit, and Gemini CLI. We auto-detect which tool you are using.
Is my code sent to your servers?
No. The review runs locally in your editor. We collect anonymous aggregate data (finding counts, AI tool usage) to improve the product. Zero code content leaves your machine. Ever.
Do I need security expertise to use DeepSweep?
Not at all. DeepSweep reports results in plain English with actionable recommendations. No security background required — if you can read, you can act on the review.
Can I use DeepSweep in my CI/CD pipeline?
Yes. Our GitHub Actions integration reviews every pull request automatically, and CI/CD gating is available on the Control (Team) tier. The CLI works with any CI/CD system including GitLab CI, Jenkins, and CircleCI.

Free resource

The Agent Authorization Field Manual

A free, practical field guide to authorizing every action your AI agents take — agent identity, authorization gaps, and runtime enforcement.

Get the Field Manual
Your code never leaves your machine

Review your agent environment.
Ship with confidence.

Review your agent environment — Repository Capability Profile, Deploy Risk, and exactly what to fix — in under 60 seconds.

pip install deepsweep-ai
Protected
<50ms avg validation