APort vs ceLLMate
ceLLMate secures browser exfiltration paths; OAP secures the agent’s tool surface more broadly—combine them for web-heavy agents.
The OAP preprint highlights ceLLMate’s semantic mapping of browser requests to policies with strong prompt-injection experiments at the HTTP boundary.
OAP addresses the same “deterministic control outside the LLM” philosophy but at the tool-call abstraction used by coding agents, orchestrators, and MCP servers.
| Comparison point | OAP / APort | ceLLMate (LimaCharlie) |
|---|---|---|
| Surface area | Arbitrary tools: shell, files, payments, MCP, messaging. | Browser HTTP requests via extension enforcement. |
| Deployment | IDE and framework hooks plus optional hosted verification. | Chrome extension + configured policy server. |
| Strength | Semantic business rules (limits, recipients, capabilities). | Excellent containment of web data exfiltration vectors. |
| Together | Use OAP for tools; ceLLMate for anything that must stay in-browser. | Adds default-deny browsing even when the model is compromised. |
Use ceLLMate (LimaCharlie) when
- Your agents primarily automate through web UIs
- You need deterministic HTTP egress control in Chrome
- You want semantic URL/action mapping for browsing tasks
Use OAP / APort when
- Your agents call local shells, IDEs, or MCP—not only browsers
- You need signed decisions for compliance beyond network logs
- You want one passport across browser and non-browser tools
Why teams choose OAP / APort
Tool-native authorization
OAP reasons about MCP and CLI tools where ceLLMate does not operate.
Assurance tiers
Passports encode org trust levels independent of browser vendor.
Composable defense
Run both: ceLLMate on browsing, OAP on everything else.