SCOPE is a production-ready, multi-layered AI agent governance framework for high-stakes enterprise applications. It addresses safety, compliance, observability, permissions, and escalation, enabling robust AI agent deployment in sectors like banking. Built on Google's ADK, SCOPE provides a "Defense in Depth" architecture for reliable and secure AI systems.

How It Works

SCOPE employs a layered defense strategy integrated with Google's ADK. It features pre-LLM safety checks (ML/LLM contextual) to filter inputs before processing. A decision engine evaluates intent against compliance rules and permissions, outputting ALLOW, REJECT, REWRITE, or ESCALATE actions. For escalations, a human-in-the-loop review queue handles edge cases. This modular, multi-pillar approach (Safety, Compliance, Observability, Permissions, Escalation) ensures comprehensive governance.

Quick Start & Requirements

• Installation: Requires Python 3.10-3.12 and uv. Google Cloud authentication and Vertex AI enablement are necessary.
• Setup: Install dependencies with uv sync. Configure Google Cloud and pillar settings via .env.
• Running: Launch Web UI with uv run adk web or CLI with uv run adk run scope.
• Prerequisites: Google Cloud account with Vertex AI.

Highlighted Details

• Pre-LLM Safety: Fast, multi-modal safety checks (~50ms) using ML models (text toxicity, image NSFW) and LLM analysis block unsafe inputs early.
• Compliance & Policy-as-Code: Enforces custom business rules and regulatory requirements (e.g., PCI-DSS, SOC2) via LLM interpretation of defined policies, with industry templates.
• IAM & Permissions: Role-based access control (USER, STAFF, ADMIN, SYSTEM) governs system access and tool usage.
• Audit Logging: Comprehensive, structured JSON logging captures every action, decision, tool call, and safety event for auditing and compliance.
• Escalation Protocols: A persistent SQLite queue routes low-confidence decisions or sensitive operations to human reviewers.

Maintenance & Community

The project is presented as a reference implementation inviting contributions, but specific details on active maintenance, community channels, or a public roadmap are not provided.

Licensing & Compatibility

• License: Apache-2.0.
• Compatibility: Permissive license allows for commercial use and integration into closed-source applications.

Limitations & Caveats

ML-based safety checks may be "disabled for now" in certain contexts, indicating potential configuration dependencies or ongoing development. Production deployments should migrate the default SQLite database to PostgreSQL/MySQL for scalability. Full functionality relies on integration with the Google Cloud ecosystem, particularly Vertex AI.