Agent permission infrastructure

Permission checks
before AI agents act.

AI agents are starting to buy, email, book, edit, browse, and access data. API keys identify the agent. BehalfID verifies what the agent is allowed to do before the tool runs. Denied actions fail closed.

Your AI assistant can now take real actions — send emails, make purchases, deploy code. BehalfID lets you decide exactly which ones are okay, and blocks everything else before it runs.

Allow staging deploys, require approval for production.Allow GitHub issue reads, deny production deploys.Allow browsing, deny purchases over $25.
BuildTry It

How BehalfID works

Every agent action passes through the permission layer — before it runs.

behalf · verifyDENIED
$ behalf verify
  agent    agent_claude_code
  action   deploy
  vendor   vercel.com
  env      production
  checking passport_claude...
  3 permissions active
  DECISION   denied
  reason     requires_approval
  executed   false
  requestId  req_K9mXp2qR
verification.deniedjust now
verification.allowed4s ago
verification.denied8s ago
Denied — action never executes·Allowed — passes through to your tool·Every decision logged + signed webhook
How it works
Verify first.
Execute second.
  1. 01
    Action request
    Before your agent runs a tool, it packages the action — who is acting, what action, which vendor, and any parameters like environment or resource path.
  2. 02
    BehalfID verify
    BehalfID evaluates the request against active permissions, blocked actions, allowed actions, resource or vendor constraints, approval requirements, and expiry before the executor is called.
  3. 03
    Decision
    A decision packet is returned: allowed, denied, or approval required. The tool executes only when allowed is true.
  4. 04
    Execute and audit
    Allowed actions can continue to your tool. Denied actions stop before execution. Every verified decision is logged with a stable request ID and delivered via signed webhook.
Integration
Three lines between
request and execution.
Install the SDK, call behalf.verify() before your executor, and throw on denial. Works with any agent framework because the fail-closed check lives in your code, not in the model's memory.
No matter what tool your AI agent tries to use — browse, buy, deploy, email — it asks BehalfID first. You define the rules once. BehalfID enforces them automatically, every time.
Quickstart →SDK reference →
enforce.ts
const decision = await behalf.verify({
  agentId: "agent_claude_code",
  action:  "deploy",
  vendor:  "vercel.com",
});

if (!decision.allowed) {
  // Blocked — reason logged, webhook fired
  throw new Error(decision.reason);
}

// Deploy only runs when decision.allowed === true
Action requestAI Agentwants to take an action
BehalfID · verifyBehalfIDchecks your rules first
Decision
✓ Go ahead✗ BlockedAsk me first
Deploy approvals
From zero to enforced
in five minutes.
The first thing most teams wire up: a coding agent that can deploy to staging freely, but must pause for human approval before touching production. BehalfID enforces this at the MCP boundary — where the tool call is made, not inside the model's memory.
The most common setup: your AI coding helper can update the test environment any time, but touching the live site requires your go-ahead first. Four steps, set up in under five minutes.
  1. 01
    Set up two permissions
    Staging allowed automatically. Production requires approval.
    terminal
    behalf permissions create agent_xxx \
  --action deploy --resource vercel.com \
  --blocked "deploy to production"

behalf permissions create agent_xxx \
  --action deploy_production --resource vercel.com \
  --requires-approval
    A
    Staging — always allowed
    Your agent can push to the test environment freely, any time.
    B
    Production — ask me first
    Production deploys pause until you approve them in the dashboard.
  2. 02
    Wire up MCP enforcement
    One command writes .mcp.json and the agent context file.
    terminal
    behalf mcp init && behalf claude
    One terminal command connects BehalfID to your AI agent's tools. No code changes to your agent needed.
  3. 03
    Agent attempts production deploy — blocked
    verify_action. BehalfID BehalfID returns Approval Required. The agent pauses and reports back to you.
    what the agent sees
    APPROVAL REQUIRED — do not execute this action.

Action:      deploy_production on vercel.com
Approval ID: apr_Def456uvw

Approve at: https://behalfid.com/dashboard/approvals
  4. 04
    You approve — agent retries and deploys
    One click in the dashboard opens a 30-minute grant window. The agent calls verify_action again — now allowed: true. The deploy runs. Every step is in the audit log.
    Click Approve in your dashboard. The agent retries automatically and the deploy goes through. Every step — the block, the approval, the deploy — is recorded in the audit log.
Read the full demo guide →
Interactive demo
See the boundary decide.
Switch scenarios and run a trace. No real actions execute here.
ACTION REQUEST
agentagent_ollie
actionpurchase
vendorcoachella.com
amount$742
DECISIONdeniedBlocked ✗No active purchase permission.
executedfalse
The full sandbox has more scenarios. Open sandbox →
Ready
Add the permission check.
Enforcement is fail-closed where you integrate it — via SDK or MCP. Manual passport mode is best-effort for testing with existing agents before you build the integration.
BuildTry It
Try deploy approvals