Agent permission infrastructure

Permission passports for AI agents.

Agents call BehalfID before acting. If an action exceeds scope, it fails closed — the agent stops before it can proceed.

Fail-closed enforcementSDK on npmPermission passportsSigned webhooks

Try the sandbox Start building

Connected agents

Works with agents you already use.

Start in manual test mode, then move to API enforcement when your app or provider integrates BehalfID.

Ollie

Represent a personal assistant and scope planning, data, or transaction actions.

ChatGPT agent

Attach a permission passport to a ChatGPT-powered workflow.

Claude agent

Verify sensitive data access before a Claude agent proceeds.

Zapier / Make

Wrap automations in action-level constraints and audit trails.

Custom agents

Use native BehalfID agents for LangChain, OpenAI, or internal systems.

BehalfID does not control third-party agents directly unless they or your app integrate the verification API.

Problem

AI agents are moving from suggestions to actions.

Purchases, API calls, workflow automation, data access, and delegated user actions all need the same answer: is this agent actually allowed to do this?

API keys prove an integration can call your system. OAuth proves a user consented to broad access. Neither models per-action delegation with resources, scopes, expiration, approval requirements, revocation, or transaction limits.

Fail-closed enforcement

What BehalfID stops.

Denied actions fail closed — the agent throws before reaching the code that would have executed the action. On denial, the safe default is to stop rather than proceed.

Out-of-scope purchases

An agent allowed to browse cannot spend money. The purchase call throws before the transaction runs.

Unauthorized data access

Read-only permissions block write, delete, and export actions before they reach your APIs.

Unapproved messages

Require approval before an agent sends email or posts to Slack.

Expired actions

Permissions expire. An agent that was allowed this morning can be denied this afternoon.

Revoked agents

Disable an agent instantly. All subsequent verify calls return denied.

Actions with no permission

If no active permission covers the action, the agent stops. No permission means no access.

Not just transactions

A scope for every action category.

BehalfID ships with scope templates for common categories. A permission says an agent can do an action on a resource under constraints — you define what that means for your agent.

Data access

Read email, browse web, query CRM records.

Communication

Send email, post to Slack, draft messages.

Scheduling

Suggest times, create calendar events, book meetings.

Commerce

Purchase under amount limits, create invoices, issue refunds.

Content

Write documents, generate summaries, edit records.

Admin

Update CRM contacts, manage tickets, automate workflows.

Transactions are one template, not the whole product. The same enforcement pattern applies to data access, messaging, scheduling, content creation, and admin workflows.

Developer integration mode

Enforce permissions in your app.

Use this when your app or custom agent can call BehalfID before actions happen. This is the mode that automatically enforces the permission decision.

Manual test mode

Try the model with existing agents.

Use this for Ollie, ChatGPT, Claude, Zapier, Make, or other external agents. It creates a passport and manual test link, but does not control the provider directly.

1Add agent

Create a native agent or connect an external agent your users already rely on.

2Define permissions

Define what an agent can do, what it can access, and what limits apply.

3Verify before acting

Call BehalfID before the agent spends money, calls APIs, or accesses data. Denied actions throw — the agent stops.

4Audit + webhook event

Record the decision and deliver signed events through the durable outbox.

Example

A transaction permission is just one template.

For a purchase-like action, allow only coachella.com, up to $800, expiring after two hours.

vendor: coachella.com
maxAmount: 800
action: purchase
expiresAt: 2 hours

verify response

{
  "requestId": "req_xxx",
  "allowed": true,
  "reason": "Action allowed by active permission.",
  "risk": "low"
}

SDK

One call before the agent acts.

install

npm install @behalfid/sdk

verify.ts

import { BehalfID } from "@behalfid/sdk";

const behalf = new BehalfID({
  apiKey: process.env.BEHALFID_API_KEY!,
  baseUrl: "https://behalfid.vercel.app"
});

const result = await behalf.verify({
  agentId: "agent_xxx",
  action: "access_data",
  vendor: "gmail.com"
});

Fail-closed enforcement

Denied actions throw before reaching the code that would execute them. On denial, the agent stops.

Scoped permissions

Action rules with resources, allowed actions, blocked actions, expiration, and amount limits.

Audit logs

Every verification decision is recorded with reason, risk, and request ID.

Signed webhooks

External systems receive HMAC-signed verification and lifecycle events.

Durable outbox

Webhook events are queued before delivery so failures are visible.

Dead-letter queue

Failed events move to a dead-letter state after bounded retries.

JavaScript SDK

Install from npm and verify actions with one TypeScript-friendly client.

Developer dashboard

Manage agents, permissions, webhooks, logs, and delivery status.

Start verifying agent actions.

Try the sandbox Create account Read integration guide

Concerned about how secrets and tokens are handled? Read the security and trust page.