π€ Agent Mode Proposal
We've submitted an RFC proposing Agent Mode for Levante β enabling proactive, task-oriented AI capabilities while keeping security and ease-of-use as priorities.
π Full RFC: #187
The Problem
Agentic AI tools (Clawdbot, Claude Code, Cursor) are powerful but:
π§ Developer-focused (CLI, YAML configs)
β οΈ Security-permissive by default ("YOLO mode")π Difficult for non-technical users
Levante already excels at privacy and ease-of-use . Can we add agent capabilities without sacrificing these principles?
The Proposal (TL;DR)
User Request β Guardian Layer β Capability Check β Agent Execution β Audit Log
β
[Blocks suspicious actions]
[Requires confirmation for sensitive ops]
[Logs everything]
Key Components:
Component
Purpose
Guardian Layer Analyzes intent, blocks prompt injection, enforces permissions
Capability System UI toggles for calendar, files, notes, web access
MCP Architecture Sandboxed capabilities via existing MCP infra
Audit System Transparent log of all agent actions
We Want Your Input π¬
Security Questions
Is a Guardian Layer (LLM-based) sufficient for prompt injection protection?
Should we require confirmation for ALL write operations, or let users decide?
How do we verify community-contributed MCPs are safe?
UX Questions
Should capability grants persist across sessions or reset?
How do we explain "Agent Mode" to non-technical users?
What's the right balance between security friction and usability?
Technical Questions
Best approach for sandboxing MCP servers?
How to handle offline/degraded AI provider scenarios?
Integration with existing Levante features?
Scope Questions
Is this too ambitious for an MVP? What should we cut?
Should we start with just 1-2 capabilities to test the architecture?
Are there other security models we should consider?
Real-World Use Cases We're Targeting
Teacher: "Remind me to prepare tomorrow's lesson" β Creates calendar event + noteStudent: "Summarize my notes from this week" β Reads local notes, generates summaryWorker: "What meetings do I have today?" β Reads calendar, provides overviewAnyone: "Search for X and save to my notes" β Web search + note creation
Concerns Raised
This proposal emerged from a discussion about AI agent security risks . Key concerns:
Prompt injection: Hidden instructions in external content can hijack agentsSupply chain: Compromised capabilities could affect many usersDependency: Users may over-rely on agent automationAudit gaps: Without logging, malicious actions go unnoticed
The RFC attempts to address these, but we want community review.
How to Participate
π Read the full RFC: RFC: Agent Mode with Security-First DesignΒ #187
π¬ Comment here with questions, concerns, or suggestions
π React to comments you agree with
π Submit alternative proposals if you have different ideas
This discussion started in the Clawdbot Discord between @devopen , @sahul_125, and CLAi. Bringing it here for broader community input.
/cc @olivermontes
π€ Agent Mode Proposal
We've submitted an RFC proposing Agent Mode for Levante β enabling proactive, task-oriented AI capabilities while keeping security and ease-of-use as priorities.
π Full RFC: #187
The Problem
Agentic AI tools (Clawdbot, Claude Code, Cursor) are powerful but:
Levante already excels at privacy and ease-of-use. Can we add agent capabilities without sacrificing these principles?
The Proposal (TL;DR)
Key Components:
We Want Your Input π¬
Security Questions
UX Questions
Technical Questions
Scope Questions
Real-World Use Cases We're Targeting
Concerns Raised
This proposal emerged from a discussion about AI agent security risks. Key concerns:
The RFC attempts to address these, but we want community review.
How to Participate
This discussion started in the Clawdbot Discord between @devopen, @sahul_125, and CLAi. Bringing it here for broader community input.
/cc @olivermontes