OpenEdison provides a deterministic agentic data firewall designed to prevent AI agent data exfiltration and secure interactions with sensitive data and systems. It offers crucial visibility and control over AI agents' data access, targeting engineers and power users who need to mitigate risks associated with AI-driven data leakage and potential agent hijacking. The primary benefit is enhanced data security and governance for AI applications.

How It Works

OpenEdison acts as a gateway, unifying and securing agent data access. Its core mechanism involves integrating with agent frameworks like LangGraph and LangChain via a simple @edison.track() decorator applied to tools or functions. This enables immediate observability and policy enforcement without invasive code changes. The system is designed to address the "lethal trifecta" of AI agent risks: private data access, untrusted content exposure, and external communication, by providing structured execution controls and classifying risks across tools, resources, and prompts.

Quick Start & Requirements

• Primary Install:
  • Using uvx (recommended): uvx open-edison
  • Using pipx: pipx install open-edison
  • Docker: git clone https://github.com/Edison-Watch/open-edison.git && cd open-edison && make docker_run
  • From Source: git clone https://github.com/Edison-Watch/open-edison.git && cd open-edison && make setup && make run
• Prerequisites:
  • Pipx or uvx (uvx installer: curl -fsSL https://astral.sh/uv/install.sh | sh)
  • Node.js/npm (optional, required for npx-based MCP tools like mcp-remote)
• Links:
  • Docs: docs/
  • LangGraph Quickstart: docs/langgraph_quickstart.md
  • API Reference: docs/quick-reference/api_reference.md
  • Discord: https://discord.gg/tXjATaKgTV

Highlighted Details

• Detects and blocks potential data leaks through configurable security controls.
• Provides structured execution controls to reduce data exfiltration risks.
• Offers visibility into agent interactions with connected software and data via MCP calls.
• Features a simple REST API for managing MCP servers and proxying requests.
• Supports Docker for easy deployment.
• Integrates with agent frameworks via a one-line @edison.track() decorator.
• Monitors and mitigates the "lethal trifecta" of AI agent risks.

Maintenance & Community

The project maintains an active community presence via Discord at https://discord.gg/tXjATaKgTV. The existence of a commercial counterpart, EdisonWatch, suggests ongoing development and support.

Licensing & Compatibility

OpenEdison is released under the GPL-3.0 License. This strong copyleft license may impose obligations on derivative works and linked software, requiring careful consideration for commercial use or integration into closed-source projects.

Limitations & Caveats

As an open-source offering, OpenEdison lacks features present in the commercial EdisonWatch product, including Multi-Tenancy, SIEM integration, SSO (Single Sign-On), and client software for auto-enforcement. During development, the server requires manual restarts as it does not feature auto-reloading.