Open Source

Give your agents least privilege so they can move fast without breaking your things

LOA launches and observes your agents — Claude, Codex, OpenClaw, and more. Based on observations it proposes restrictions. As the ruler of the Land of Agents, you approve.

It used to be your agents are in prison or running loose. Now there's a third option.

Get Started

Quick Start

Three commands to get going. Create. Run. Approve.

        # Install LOA (coming soon!)

        curl -fsSL https://landofagents.com/install | sh

        # Create a Claude agent with access to your project folder

        loa agent create hackerman --runtime claude-code --volume ~/project

        # Run the agent — LOA watches and learns what it needs

        loa run hackerman

        # See what your agents tried to do

        loa inbox

        # Interactive review and approval

        loa approve

        # See what's enforced

        loa policy effective --agent hackerman

The Problem

Unlimited access is risky.
Manual policy is tedious.

Most people skip security configuration entirely because it takes weeks. The rest give agents unlimited access and hope for the best.

Without LOA

Running Loose

Agents with full network, filesystem, and secrets access. Every API call, every file write, completely unchecked. One bad prompt away from disaster.

Without LOA

In Prison

Locked-down agents that can't do anything useful. Weeks spent configuring mounts, egress proxies, grants, and secrets injection. Productivity destroyed.

With LOA

The Third Option

Agents roam with useful access. LOA observes what they actually do and proposes restrictions based on real behavior — not guesswork. You approve what makes sense.

Security Model

Defense in depth, without the config debt

🌐

Network

LOA allows only required network access. Every outbound connection is observed and controlled.

👷

Workers

LOA allows an agent to spawn secure workers via API. Each worker inherits at most the agent's policy, typically less.

📁

Filesystem

LOA allows only required folders. Mount access is explicit, remembered, and auditable.

🔒

Secrets

LOA allows only required secrets. No blanket environment variable passthrough.

🤝

Application

The agent provides built-in application security. LOA enforces the boundaries around it.

How it Works

From zero config to enforced policy

Sane Defaults

Start observing with sane defaults. LOA runs your agents with safe defaults out of the box.

Monitor

See what your agents actually do. Every network call, file access, and command is logged.

Recommend

LOA monitors agent activity and proposes access to add or remove.

Approve

Review and approve interactively. One command to stage, activate, and enforce.

Reuse

Create single agent or multi-agent policies. Share formally verifiable policies in AWS Cedar format.

Your Land

From one agent to hundreds

Your land of agents scales with you.

●

One Agent

A single agent you rely on for all your tasks. LOA keeps it in check.

●●●

A Handful

Agents for coding, finances, project management. Each with its own policy.

●●●●●●●●●

A Kingdom

Tens of agents with hundreds of workers. Open source and commercial models. All governed.

Who It's For

Built for people who ship with agents

Anyone who doesn't want to spend weeks configuring mounts, egress proxies, grants, and secrets injection by hand.
Anyone who isn't comfortable blindly trusting commercial or open source agents to always do the right thing.
Teams that need independent controls and auditable approvals.
Builders running multiple agent runtimes behind one policy model.

Who It's Not For

LOA is not k8s for agents. No multi-region scheduling, no fleet management by infra teams. It's for people launching and tasking agents who want to do this in a controlled, safe way.