Who approved it? What stops it? Can you prove it?

Name: Permission Protocol
Author: Permission Protocol

Three questions every team must answer before shipping AI agents. Permission Protocol answers all three.

Get Started See How It Works

Three questions every team has to answer.

If an AI agent can act in production, these controls need to exist before it ships.

Who approved this agent's access?

There should be a name, a timestamp, and a policy behind every action your agent can take.

Authority receipts with named approvers, timestamps, and policy references.

What happens when it goes wrong?

When an agent makes a bad call at 3 AM, something needs to stop it.

Kill switch, human escalation gates, and a policy engine that fails closed.

Can you prove it to your board?

Regulators and customers will ask how you control your AI agents.

Immutable audit trail mapped to OWASP, NIST, ISO 42001, and EU AI Act.

How it works.

Every consequential AI action flows through Permission Protocol before execution.

PR Created→↓Permission Protocol→↓Decision

BlockedApproved

receipt = pp.authorize(    action="deploy",    resource="billing-service")deploy(receipt)  # Pipeline verifies the receipt

Try the SDK

NIST AI Agent StandardsOfficial Respondent

Published onnpm & PyPI

Open SourceSDK

The Receipt.

Every authorized action produces a signed, portable, verifiable receipt.

Fail closed. Evidence, not logs.

✓ ACTION AUTHORIZED

Deploy → billing-service

Agent: deploy-bot
Approved by: Sarah Kim
Policy: production-deploy
Timestamp: 2026-03-03 10:14:22 UTC

SignatureVerified ✓

IssuerPermission Protocol

permissionprotocol.com/r/8f91c2

See a live receipt

One line. Full authority.

Add approval guards to any AI agent in seconds.

from permission_protocol import require_approval@require_approvaldef deploy_service():    deploy("billing-api")# Agent calls deploy_service()# -> Paused until authorized# -> Receipt issued# -> Execution continues

Read the Quickstart ->

Why now.

The market is building around agent visibility. Enforcement is still missing.

OpenAI acquired Promptfoo - agent security is becoming a major category

Onyx Security raised $40M for agent discovery and monitoring

OWASP published the Agentic Security Top 10

EU AI Act enforcement begins 2026

The assessment layer is getting crowded. The enforcement layer is wide open.

Designed for irreversible systems.

CI/CD Deploys

Require an authority receipt before any AI-initiated deployment reaches production.

Database Operations

Block destructive database mutations unless a signed receipt is present.

Financial Transactions

Ensure every AI-initiated payment or transfer has explicit authorization.

Data Access

Prove who authorized access to sensitive customer or internal data.

API Calls

Require receipt verification at API gateways for high-impact endpoints.

Multi-Agent Orchestration

Ensure downstream agents carry valid authority receipts from upstream approvals.

Get Started

The gate is always closed.

Open source for individual repos. Enterprise plans for organizations that need enforcement at scale.

For Developers

Install the SDK, issue authority receipts, and enforce before execution in minutes.

Get Started Free

For Enterprise

Human-in-the-loop approvals, self-hosted authority, and compliance-grade audit proof.

Talk to Us