Docs

OpenScope Docs

Architecture, setup, integrations, packaging, and deployment guidance.

Architecture

The full picture: coding agents reach models through the in-VPC AI Router, DLP, metering, receipts, and agents reach privileged resources through the broker and executor, scoped actions, human approval. Both halves are customer-owned.

Approve/Deny
Approve/Deny
Developer tools /AI Agents
Codex
Claude Code
OpenCode
Developer tools /AI Agent...
OpenScope Secure AI Router
Customer-owned
DLP + policy + audit
OpenScope Secure AI Router...
OpenScope Action Broker
Scoped capabilities · circuit breaker
Customer-owned
OpenScope Action Broker
OpenScope AI Router/Executor control plane
updates, policies, usage, billing
OpenScope AI Router/Executor co...
Human Approval
Change Owner/ SRE/ Manager
Human Approval...
Physical
Out of Band Control
Circuit Breaker/Kill Switch
HSM YubiKey
PAM
Physical...
Claude
AWS Bedrock
Claude...
OpenAI
Azure OpenAI
OpenAI...
Other approved models
Other approved models
Privileged Resources
Production Server
Databases
Cloud
CI/CD
Privileged Resources...
Data Path
Data Path
Control Path
Control Path
Customer Owned
Customer Owned
Model Provider Owned
Model Provider Owned
OpenScope Owned
OpenScope Owned
Approved Prompt/Response
Approved Prompt/Response
Usage metadata only
NO prompts or responses
Usage metadata only...
Approved Action/Response
Approved Action/Response
Approve/Deny
Approve/Deny
Armed/Paused
Armed/Paused
Privileged Action/Response
Privileged Action/Respo...
Prompt/Response
Prompt/Response

Suggested reading order

A simple sequence for new visitors.

  1. Start with the README.
  2. Read the architecture overview.
  3. Understand why OpenScope differs from a gateway.
  4. Wire up your coding agent, Claude Code, Codex CLI, OpenCode, or Gemini CLI.
  5. Use the validation runbook to test the setup.

Want the full source and current docs tree?

Browse the repository on GitHub to inspect the broker model, docs sources, and implementation.