Documentation

Authorize every action your AI agents take

Start with a free, local Agent Environment Review. Map what every agent can do, find where its authority is ungranted, and close the gap.

The model

Runtime governance is delivered in order. You cannot enforce a boundary you have not authorized, or authorize an agent you have not identified — so the sequence is the product.

01

Review

Map what every agent in your workspace can actually reach — repo, shell, MCP tools, secrets, deploy.

02

Identity

Name each agent that acts: type, owner, session, capability profile, trust score.

03

Authorization

Compare what an agent can do against what it was granted. The difference is a gap.

04

Protect

Enforce the boundary at the action — allow, deny, escalate, rewrite, quarantine, terminate.

05

Control

Policy, approvals, and audit across every agent and workspace from one place.

06

Runtime

Governance that lives where actions happen — before execution, not after the fact.

Go deeper

The contracts and reasoning behind each tier.

Install

Install the DeepSweep CLI via pip (recommended) — the deepsweep-ai package installs the deepsweep command:

Terminal
pip install deepsweep-ai

Verify the install:

Terminal
deepsweep --version
Editor extension: install DeepSweep in VS Code or get it from Open VSX (Cursor / Windsurf) to run an Agent Environment Review as you work — local, with nothing but metadata leaving your machine.

Run a review

Review the agents operating in your current workspace:

Terminal
deepsweep validate .

Example output

DeepSweep v1.0.2

Checking ....
  [INFO] Loaded 16 security rules
  [INFO] Reviewing AI assistant configurations

[CRITICAL] .cursorrules:1
  Your AI assistant can be tricked into ignoring safety rules.
  Fix: remove instructions that tell the AI to ignore previous
  instructions or override safety settings.

Grade: C (75/100)
1 files checked • 1 issue found

Output formats

# Human-readable (default)
deepsweep validate .

# JSON for tooling
deepsweep validate . --format json

# SARIF for GitHub code scanning
deepsweep validate . --format sarif

CI/CD

Gate pull requests on the review in your pipeline:

.github/workflows/deepsweep.yml
name: DeepSweep
on: [push, pull_request]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Agent Environment Review
        uses: deepsweep-ai/deepsweep-platform/action@main
        with:
          path: .
          fail-on-grade: C

Detection patterns

The editor extension ships 77 patterns (37 AI-specific + 40 traditional), aligned with the OWASP LLM Top 10. The AI-specific set breaks down as:

Credential Exposure
16 patterns
Prompt Injection
7 patterns
MCP Security
7 patterns
Misconfiguration
4 patterns
Data Exfiltration
2 patterns
Supply Chain
1 pattern

The open-source CLI focuses on AI assistant config files and currently ships 16 rules — run deepsweep patterns to list them.

Supported AI assistants

AssistantConfig files
Cursor.cursorrules, .cursor/rules, .cursor/mcp.json
GitHub Copilotcopilot-instructions.md, .github/copilot-instructions.md
Claudeclaude_desktop_config.json, .claude/config.json
Windsurf.windsurfrules, .windsurf/rules
MCP (any client)mcp.json, .mcp/config.json

Configuration

Telemetry

DeepSweep collects anonymous usage data. No source code is ever collected.

# Opt out of optional analytics
deepsweep telemetry disable

# Check what is enabled
deepsweep telemetry status

# Fully offline mode (air-gapped environments)
export DEEPSWEEP_OFFLINE=1

Validation strictness

Tune output format and failure threshold per run:

# Exit non-zero when findings reach a severity threshold
deepsweep validate . --fail-on critical

# SARIF for GitHub code scanning
deepsweep validate . --format sarif --output report.sarif

# Include MCP configuration checking
deepsweep validate . --include-mcp

Run your first review

It is free, local, and takes about a minute.