Your AI agent has access to your Stripe keyGitHub

Default-secure AI agents. Block six catastrophes.

Inherence is the safety layer for AI agents on your machine.

Install for free See the demo
$uv tool install inherence-proxy

five minutes. free.

Don't let your agent drain your account.

Six categories of catastrophic action. Each one is blocked at the proxy, signed in your dashboard, and tunable from a YAML file. Defaults are tight; you decide what to loosen.

01 / Money

Financial drain

Block transfers above thresholds you set.

02 / Secrets

Credential access

Block reads of .env, AWS, SSH, keychains.

03 / Identity

Identity escalation

Block password resets, MFA changes.

04 / Destruction

Mass destruction

Block bulk deletes, destructive commands.

05 / Pivot

Lateral pivot

Block calls to cloud metadata, infra.

06 / Exfil

Exfiltration

Block file reads combined with external sends.

See how each rule catches real attacks →

How it works.

The proxy sits in front of every tool call. Each call is classified, evaluated against the six catastrophe rules, and either forwarded to your upstream MCP server or blocked before it ever reaches the wire. Every decision is signed.

Agent lists unread emails

gmail.list_messages(query="is:unread")
ClientClaude Desktopyour agent runs
LocalInherence Proxyinstalled on your laptop
Gate
POLICY GATE
Upstreamgmail MCP server

Decision trace
tool
gmail.list_messages
arguments
query = "is:unread"
category
messaging.read
checking
six rules in parallel
result
no rule fired
decision
allow
outcome
forwarded → gmail MCP server
response
200 OK · messages returned
$uv tool install inherence-proxy

The proxy is open source · the policy gate runs on our servers · receipts you can verify yourself

Monitor every tool call from your dashboard.

Inherence · Activity · app.inherencelabs.com
ActivityRulesReceiptsConnectors Live
    0:17

    An agent tries to issue a $4,500 refund after reading a prompt-injected support email. Inherence blocks it. The user reviews and approves a legitimate refund instead.

    01 — Code

    Open source proxy.

    Apache 2.0. Audit every line. The proxy that runs on your machine is the same code on GitHub — reproducible builds, signed releases.

    Read on GitHub     02 — Receipts

    Cryptographic receipts.

    Every decision is signed. Verifiable offline against our public key. You don't have to trust our dashboard — you can re-check the math.

    Verification docs     03 — Free tier

    Free for personal projects.

    No credit card. No trial period. The proxy and the dashboard are free for solo developers — forever. Paid tiers are for teams and orgs.

    Sign up

    Today, your machine and inbox. Soon, your code, files, docs, and team.

    The proxy gates every MCP server that runs locally. Gmail — the first hosted SaaS connector — is live in beta. GitHub, Drive, Slack, and Notion are next: OAuth through Inherence, every tool call through your policy gate before it reaches the SaaS API.

    Shipping today

    Local MCP + Gmail

    The Apache 2.0 proxy at pip install inherence-proxy sits in front of every MCP server your agent uses — filesystem, GitHub, Stripe, shell. Gmail joins as the first hosted connector: five read-only tools, all gated through the six rules.

    Local MCPGmail
    Coming next

    Four more hosted connectors

    Same six rules. Same dashboard. Same signed receipts. Built; awaiting OAuth verification with each provider.

    GitHubDriveSlackNotion
    [email protected]

    Probabilistic agents. Deterministic safety.