Normal evals miss tool risk
A polished final answer can hide a forbidden tool call, leaked secret, or false success claim.
Open source agent safety for release pipelines
Test AI agents before they mutate production. Scan existing agents, run scenario YAML, simulate risky tools, capture traces, and fail CI when behavior is unsafe to ship.
Why this exists
Once an agent can post messages, issue refunds, open tickets, page people, or email customers, the final answer is not enough. The release gate has to inspect what the agent tried to do.
A polished final answer can hide a forbidden tool call, leaked secret, or false success claim.
CI should know whether a tool is read-only, simulated, sandboxed, approval-gated, or blocked.
Scenario YAML, traces, reports, and baselines make unsafe behavior visible before merge.
Dogfooded in GitHub Actions
The release was validated with real pull requests. Two safe agent changes pass the gate. Two unsafe changes fail because they skip approval and attempt destructive behavior.
How the gate thinks
CI does not need to touch production to test realistic behavior. Open AgentOps routes each tool through the mode that matches its risk.
Read-only calls that are safe to run in CI.
Stateful fake resources for write-like behavior.
Non-production environments for integration checks.
Human approval before destructive or visible actions.
Immediate failure when a forbidden tool is attempted.
Reviewable scenario contracts
Teams can generate draft scenarios from agents and traces, review them like code, and commit them as release gates. The result is exported as JSON, Markdown, HTML, JUnit, and trace artifacts.
Use it in an existing agent repo
pip install git+https://github.com/reddywritescode/open-agentops.git
open-agentops scan examples/refund_agent
open-agentops generate simulators --from examples/refund_agent/tool_manifest.json
open-agentops test run --config examples/refund_agent/agentops.safe.yml
open-agentops gate --config examples/refund_agent/agentops.safe.yml
First public release
Open AgentOps keeps code, traces, tool policies, and secrets inside the user's environment by default. Hosted dashboards can come later; the release gate works today from the repo.