Add Amorce security to AutoGPT with zero configuration
Automatically adds Ed25519 signatures and human-in-the-loop approvals to AutoGPT.
# Install via AutoGPT plugin manager
autogpt plugins install amorce
# Or manually
cd plugins
git clone https://github.com/amorce/autogpt-amorce-pluginAdd to your .env:
AMORCE_ENABLED=true
AMORCE_HITL_ENABLED=true # Optional: enable human approvalsThat's it! AutoGPT now has:
- β Ed25519 cryptographic signatures
- β Trust Directory registration
- β Human-in-the-loop approvals (optional)
- β A2A-compatible messages
- β Audit trail for all actions
Plugin automatically:
- Generates Amorce identity
- Registers with Trust Directory
- Signs all AI actions
- Provides HITL UI
Visual approval interface for sensitive operations:
βββββββββββββββββββββββββββββββββββββββββββ
β π AMORCE APPROVAL REQUIRED β
βββββββββββββββββββββββββββββββββββββββββββ€
β β
β Action: Execute Python Code β
β Agent: AutoGPT-abc123 β
β β
β Code: β
β import os β
β os.system('rm -rf temp/*') β
β β
β Risk Level: HIGH β
β β
β [β Approve] [β Deny] [βΉ Details] β
βββββββββββββββββββββββββββββββββββββββββββ
All AutoGPT actions are signed:
- Web searches
- File operations
- Code execution
- API calls
- Memory updates
AutoGPT instance registered as verified agent:
- Public profile
- Trust score
- Action history
- Reputation tracking
# Core settings
AMORCE_ENABLED=true # Enable plugin
AMORCE_IDENTITY_FILE=autogpt.pem # Custom identity file
# HITL settings
AMORCE_HITL_ENABLED=true # Enable human approvals
AMORCE_HITL_ACTIONS=execute_code,delete_file,api_call
# Trust Directory
AMORCE_DIRECTORY_URL=https://directory.amorce.io
AMORCE_REGISTER_PUBLIC=true # Public in directory
# A2A Protocol
AMORCE_A2A_COMPATIBLE=true # Use A2A formatIn autogpt/plugins/amorce_config.yaml:
amorce:
enabled: true
hitl:
enabled: true
require_for:
- execute_code
- delete_file
- make_api_call
- modify_memory
trust_directory:
register: true
public_profile: true
security:
sign_all_actions: true
verify_responses: true- Install plugin
- Enable in
.env - Run AutoGPT normally
python -m autogpt
# AutoGPT now runs with Amorce security
# All actions are signed
# HITL approvals show up in terminal/UI# Check agent ID
python -m autogpt_amorce info
# Output:
# Agent ID: agent_autogpt_abc123
# Public Key: -----BEGIN PUBLIC KEY-----...
# Trust Score: 4.5β
# Registered: βWhen AutoGPT attempts sensitive action:
- Plugin intercepts action
- Shows approval UI
- Waits for human decision
- Signs approved action
- Continues execution
# plugins/amorce/rules.py
from autogpt_amorce import HITLRule
# Require approval for high-value API calls
@HITLRule
def require_approval_for_expensive_apis(action):
if action.type == 'api_call' and action.estimated_cost > 1.00:
return True
return False
# Require approval for internet access to sensitive domains
@HITLRule
def require_approval_for_sensitive_domains(action):
sensitive = ['api.stripe.com', 'api.github.com']
if action.type == 'web_request' and any(d in action.url for d in sensitive):
return True
return False# View all signed actions
python -m autogpt_amorce audit
# Output:
# [2025-12-07 10:00:00] execute_code | Approved | Signature: ed25519:abc...
# [2025-12-07 10:01:30] web_search | Auto | Signature: ed25519:def...
# [2025-12-07 10:02:15] delete_file | Denied | N/A# Test plugin
cd autogpt-amorce-plugin
pytest tests/
# Test with AutoGPT
python -m autogpt --test-plugin amorceContributions welcome! See CONTRIBUTING.md
MIT License - see LICENSE
- Amorce: amorce.io
- GitHub: github.com/amorce/autogpt-amorce-plugin
- AutoGPT Plugins: plugins.agpt.co
- Issues: github.com/amorce/autogpt-amorce-plugin/issues
Built with β€οΈ by the Amorce team