Let your agents run. Keep yourself in the loop. Approvals, constraint enforcement, database governance, earned trust scoring, and a full audit trail — in one open-source control plane.
Execution modes
Assign each agent an execution mode. As it builds a track record — high approval rate, zero constraint violations — OperatorBoard suggests a promotion. You click the button.
observeAgent analyzes and reports. No actions taken.Read-onlyproposeEvery proposed action goes to the approval queue before anything runs.Review allapproval_requiredTask-level approval gate. Default for every new agent.Defaultscoped_autonomyAgent acts within an explicit constraint envelope. Violations are blocked.EarnedThe problem
OperatorBoard adds the layer that's been missing.
| Without OperatorBoard | With OperatorBoard |
|---|---|
| Agent acts immediately, no review | Agent proposes; you approve before anything runs |
| No record of what ran or why | Full audit trail on every action, decision, and violation |
| "The agent said a backup exists" | Independent backup attestation required before destructive DB ops |
| Shell commands bypass DB policy | Shell DB access auto-classified as write_destructive and blocked |
| Network and file access on by default | Off by default; explicitly granted per task per agent |
| High-performing agents stay restricted forever | Trust score promotes agents automatically when criteria are met |
Features
Not bolt-on safety features. The approval model, constraint enforcement, and trust system are what OperatorBoard is.
Multi-action review. Tasks stay blocked until every proposed action is decided. Webhook alerts when approval is needed — no polling.
Approval rate and violation tracking per agent. At ≥90% approval rate, ≥5 tasks, zero violations, OperatorBoard suggests promotion.
Per-task locks on network access, file read/write, shell, and database tier. Case-variant and substring bypass paths are closed.
Four-tier DB access. Destructive actions require independent backup attestation with HMAC-signed integration ingest and replay protection.
Every action, approval, constraint violation, heartbeat, and integration attempt logged. Honeypot routes log scanner probes.
Queue tasks for future execution with ISO 8601 scheduling. Review results when you come back. Chain tasks with pipeline triggers.
Spend by day, task outcomes, and approval rates across your fleet. Per-agent budget hard stops included.
Model reporting relationships between agents. Visualized as a collapsible tree. Kill switch suspends any agent immediately.
SSRF prevention, timing-safe auth, integration replay protection, Caddy config with rate limiting and CSP — all included.
An agent with write access can silently wipe your database in seconds. OperatorBoard requires an independently-held backup attestation — not an agent claim — before any destructive database action can even be approved. Backup attestations are posted via HMAC-signed integration endpoints with provider binding, timestamp freshness enforcement, and replay protection. Shell-based DB access is auto-classified as write_destructive and blocked regardless of shell permission settings.
Earned trust
Agents don't start trusted. They earn it. You always make the final call.
01 — REGISTER
New agents default to approval_required. Every task needs operator sign-off before any action runs.
02 — OPERATE
OperatorBoard tracks approval rate, constraint violations, and tasks completed per agent across every run.
03 — EARN
At ≥90% approval rate, ≥5 tasks, zero violations — OperatorBoard surfaces a promotion suggestion. You click the button.
Quick start
One-click cloud deploy, Docker full stack, or local dev — pick your path.
npx operatorboard initOne-command setup — generates your API key, writes docker-compose config, starts the stack, opens the dashboard.
# Zero-install quickstart — Docker required
npx operatorboard init
# Generates API key, writes docker-compose config,
# starts the stack, and opens the dashboard.
# Run with demo seed data:
npx operatorboard init --demo
# Dashboard → http://localhost:3000
# API → http://localhost:4100OperatorBoard is provided "as is" under the MIT License. Project Black Box LLC is not responsible for any actions taken by AI agents connected to OperatorBoard — including data loss, unauthorized access, financial charges, database changes, or any other harm — whether or not those actions were approved through the platform.
OperatorBoard reduces risk. It does not eliminate it. You are responsible for securing your deployment, understanding what each registered agent can do, and applying appropriate human oversight for your context and risk tolerance. Do not connect agents with access to production databases or sensitive systems without independent security review of your complete stack.
Your agents are only as trustworthy as the controls around them.