Orisan

Security infrastructure for AI-assisted development

See what an AI agent can touch before you allow it in the repo.

Orisan Scout produces a local approval record of what repo-local MCP configs and agent instruction files allow AI coding agents to read, execute, or change. No source upload. No cloud upload. Repo-scoped by default.

Get ScoutRead the alpha brief
Local approval output$
$ orisan scout

Orisan Scout v0.1.0-alpha.4 · payments-service · commit a8f3b2c

AI coding agents configured in this repo can read broad repository context and execute shell commands through MCP. Review required before approving AI agent use.

HIGH   .mcp.json        filesystem server mounted to repo root
HIGH   .mcp.json        shell tool available to agent
HIGH   AGENTS.md        shell execution allowed without approval
MED    AGENTS.md        auto-commit behavior allowed

orisan-scout-review.md written · awaiting reviewer verdict

Product architecture

Scout discovers. Guard protects. Relay and Review come later.

Orisan is building security infrastructure for AI-assisted development in modules. Only Scout is publicly runnable today. Guard has a local alpha core. Relay and Review are future modules.

Available alpha

Scout

Repo-local discovery for AI coding agent exposure.

Discovers what agents can read, execute, or change before approval.

Alpha core in development

Guard

Sensitive context protection and safe rewrite for AI tools.

Protects prompts and context before sensitive material reaches AI tools.

Future module

Relay

Agent and tool execution governance.

Will control how agent actions are routed, approved, and constrained.

Future module

Review

AI-assisted code and change review.

Will validate generated changes against policy, risk, and intent.

The motive

AI agents changed repository approval faster than security review changed with it.

Orisan exists because the approval moment is becoming vague. Developers are adopting agentic tools, MCP servers, and repo instruction files, while reviewers are still asked to approve with incomplete local evidence.

Before

AI coding tools were approved as assistants, mostly evaluated by vendor trust, data handling, and developer productivity.

Now

Agents inherit repo instructions, invoke local tools, and may execute or change code through MCP and automation workflows.

Gap

Most teams cannot produce a repo-level approval record that states what an agent can read, execute, or change.

Scout

Scout turns that local agent surface into Markdown and JSON evidence a reviewer can inspect before approval.

Approval record

Orisan Scout is the current runnable alpha.

Scout turns repo-local agent exposure into a review record: what was scanned, what agents can read, execute, or change, and what decision a reviewer should make before approval.

Agent Access Review

Repository

payments-service

Commit

a8f3b2c

Scope

repo-local MCP configs and agent instruction files

Capability Summary

AI coding agents configured in this repo can read broad repository context and execute shell commands through MCP.

READ

Broad repository context

EXECUTE

Shell commands through MCP

CHANGE

Auto-commit behavior in instructions

Reviewer

Decision

Restrictions

Expires

Why different

Not another scanner category. A preflight approval instrument.

Pre-approval

Scout runs before an AI agent is allowed into a sensitive repo, not after a vulnerability lands in code.

Capability-first

Findings map to READ, EXECUTE, and CHANGE so reviewers see authority, not just file matches.

Local evidence

Reports are generated in the repo with no daemon, no cloud upload, and payload_stored=false.

Narrow scope

v0.1 stays focused on MCP configs and repo-level agent instructions so the signal can be validated.

Workflow

From repo scan to approval record.

01

Discover

MCP configs and agent instruction files.

02

Assess

Map READ / EXECUTE / CHANGE capability.

03

Decide

Recommend review, conditional approval, or no blocker.

04

Record

Generate Markdown/JSON evidence for security review.

Capability model

READ / EXECUTE / CHANGE.

READ

  • filesystem access
  • broad repo context
  • instruction-driven file access

EXECUTE

  • shell tools
  • command execution
  • package/script execution

CHANGE

  • auto-commit
  • GitHub write actions
  • infra or production modification instructions

Scope and privacy

Repo-scoped by default. Local by design.

repo-local by default
no source upload
no cloud upload
no daemon
no home/global config scanning by default
v0.1 checks only MCP configs and repo-level agent instructions

Preflight

Run the preflight check before approving AI coding agents.

Orisan Guard is separate and under development. Start with Scout when you need a repo-local approval artifact today.

Get ScoutRead validation brief