Agent permission infrastructure
Permission checks
before AI agents act.
AI agents are starting to buy, email, book, edit, browse, and access data. API keys identify the agent. BehalfID verifies what the agent is allowed to do before the tool runs. Denied actions fail closed.
How it works
Verify first.
Execute second.
- 01
Action request
Before your executor runs, the agent packages the action — who is acting, what action, which vendor, and any parameters like amount or resource path.
- 02
BehalfID verify
BehalfID evaluates the request against active permissions, blocked actions, allowed actions, resource or vendor constraints, amount limits, approval requirements, and expiry before the executor is called.
- 03
Decision
A decision packet is returned:
allowed,denied, or approval required. The tool executes only whenallowedis true. - 04
Execute and audit
Allowed actions can continue to your tool. Denied actions stop before execution. Every verified decision is logged with a stable request ID and delivered via signed webhook.
Integration
Three lines between
request and execution.
Install the SDK, call behalf.verify()before your executor, and throw on denial. Works with any agent framework because the fail-closed check lives in your code, not in the model's memory.
const decision = await behalf.verify({
agentId: "agent_ollie",
action: "purchase",
vendor: "coachella.com",
amount: 742,
});
if (!decision.allowed) {
throw new Error(decision.reason);
}
// Executor only runs when decision.allowed === trueInteractive demo
See the boundary decide.
Switch scenarios and run a trace. No real actions execute here.
agent_olliepurchasecoachella.com$742No active purchase permission.falseThe full sandbox has more scenarios. Open sandbox →
Ready
Add the permission check.
Integrated enforcement fails closed. Manual mode is best-effort for testing with existing agents before you integrate.