gendigitalinc/sage

180 stars · Last commit 2026-04-09

Lightweight Agent Detection & Response (ADR) layer for AI agents — guards commands, files, and web requests. Part of Gen Agent Trust Hub.

PluginTDD & Testing Documentation Design & UI DevOps & Infra AI & Prompting Data & ML Security

README preview

# Sage

**Safety for Agents** - a lightweight Agent Detection & Response (ADR) layer for AI agents that guards commands, files, and web requests.

<p align="center">
  <img src="images/sage-logo-shaded.png" alt="Sage" width="50%">
</p>

Sage intercepts tool calls (Bash commands, URL fetches, file writes) via hook systems in [Claude Code](docs/platform-guides/claude-code.md), [Cursor / VS Code](docs/platform-guides/cursor.md), [OpenClaw](docs/platform-guides/openclaw.md), and [OpenCode](docs/platform-guides/opencode.md), and checks them against:

- **URL reputation** - cloud-based malware, phishing, and scam detection
- **Local heuristics** - YAML-based threat definitions for dangerous patterns
- **Package supply-chain checks** - registry existence, file reputation, and age analysis for npm/PyPI packages
- **Plugin scanning** - scans other installed plugins for threats at session start

## Quick Start

### Claude Code

Requires [Node.js >= 18](https://nodejs.org/).

View full repository on GitHub →