Use Cases

Where OpenScope Fits

Use OpenScope when the agent should never hold the raw primitive.

Enterprise · AI Router

Coding agents and sensitive IP

Cursor, Claude Code, opencode, and Codex are in every engineer's hands now, and a prompt is a new, unaudited egress path for your most valuable source. The OpenScope AI Router governs that path.

Proprietary IP can't ride out in a prompt

RTL/SPICE/netlists, confidentiality and export markers, and secrets are blocked at the edge, even from an allowed repo, a renamed file, or a tapeout stream detected by its bytes.

Sovereignty and crown-jewels IP

Semiconductor, defense, and regulated teams need DLP that runs in their own perimeter and never transits a third party. The router is in-VPC and source-available, validate it, don't take it on faith.

Spend and audit your security team can hold

Every coding-agent call is metered per model, signed, and streamed to a live SOC feed, without anyone reading the prompt or the code.

Enterprise · action broker

Enterprise agent workflows

In enterprise environments, the key question is not only whether the agent can be governed. It is whether the agent ever receives the dangerous primitive at all. OpenScope is strongest where privileged actions must stay tightly bounded.

Production operations

Restart services, inspect approved logs, or run narrow remediation actions without exposing broad shell paths.

Internal admin APIs

Broker access to sensitive admin endpoints through predefined actions instead of broad API credentials.

Sensitive databases

Expose approved reads or carefully constrained operations without handing over raw database connectivity.

Finance and support actions

Broker actions like refunds, account adjustments, or support lookups through explicit, reviewable operations.

Personal · local

Local and personal workflows

OpenScope also fits local workflows where the concern is broad host power. Instead of giving an agent raw Apple automation or shell-level access, OpenScope keeps those permissions in a broker on the host.

OpenClaw on macOS

Use brokered Notes and Mail actions instead of handing the agent raw automation access.

Sandboxed NemoClaw

Keep the broker on the host while a sandboxed client calls through a socket or HTTP bridge.

Protected Notes and Mail access

Constrain folders, mailboxes, and action surfaces so the agent gets a narrower, safer interface.

Cross-org · remote ops

Remote ops collaboration

When outside help has to touch a closed environment, the usual options are a leaked pastebin or a VPN credential that hands over a shell. OpenScope delegates a narrowed slice of your own actions instead — run as you, over an outbound-only tunnel, through a relay that can't read a thing.

Vendor and contractor debugging

Let an outside engineer run the diagnostics you sanctioned — tail an approved log, restart a staging service — without a VPN credential or a shell on your box.

External agents, safely

Hand a remote agent a narrowed slice of your own verbs over an outbound-only tunnel. It runs as you, through policy, and can't cat a file or reach a secret.

No leaked logs, no firewall holes

Stop pasting logs and tokens into a pastebin and stop punching inbound ports. The session is scoped, blind-relayed, and self-destructs at its TTL.

Brokered extensions

OpenScope is not limited to built-in local actions. The same broker model extends to HTTP and SSH-backed operations while preserving the same trust boundary.

Jira over broker-owned HTTP profiles

Keep the Jira token in the broker and expose narrow actions such as get issue or search issues.

Scoped SSH service operations

Name specific targets and allowed services so the agent can request service status without broad shell access.

Custom app manifests

Define new app actions in YAML while preserving action-level policy and audit behavior.

Use gateways for broad governance. Use OpenScope where bypass resistance and key containment matter.

OpenScope is not a substitute for every governance tool. It is the layer for workflows where raw privileged access should disappear from the agent path. Many teams will use both: a gateway for traffic governance and OpenScope for execution containment.

Choose the stricter boundary when the stakes are higher

If the workflow should stay tightly bounded, OpenScope gives the agent approved capabilities without handing it the broad primitive underneath.