Sandbox — no real agents or secrets

Denied actions fail closed.

Ollie has one permission: browse the web. It cannot make purchases or send messages. Click an action to see BehalfID enforce the policy before the agent proceeds.

connectedollieOllie (sandbox)

browse_web

web

allowssearch webread public pagesextract structured data

blockssubmit formsmake purchaseslogin to accounts

Browse webResearch flights to Tokyo on Googleverify({ action: "browse_web", vendor: "web" })

Purchase ticketBook a $742 Coachella ticketverify({ action: "purchase", vendor: "coachella.com", amount: 742 })

Send messageSend Slack message to #generalverify({ action: "send_message", vendor: "slack.com" })

The enforce pattern

Every action is gated. On denial, enforceAction throws — the agent never reaches the code that would have executed the action. This is fail closed: on denial, the safe default is to stop rather than proceed.

async function enforceAction(input) {
  const result = await behalf.verify({ agentId, ...input });
  if (!result.allowed) {
    throw new Error(`Action blocked by BehalfID: ${result.reason}`);
  }
  return result;
}

// browse_web is allowed — this proceeds.
await enforceAction({ action: "browse_web", vendor: "web" });
console.log("Researching flights...");

// purchase is denied — this throws. The next line never runs.
await enforceAction({ action: "purchase", vendor: "coachella.com", amount: 742 });
console.log("Booking ticket..."); // ← never reached

Add enforcement to your agent.

Start building Read the quickstart

This sandbox simulates BehalfID enforcement locally. No real agents, API keys, or permissions were used. Real enforcement requires creating an agent and calling the verification API or SDK.