Name: Permission Protocol
Author: Permission Protocol

How Permission Protocol Works.

Three steps to enforce human or policy authority before your AI system acts.

Step 1

Wrap your action

Add `authorize()` or `@require_approval` around irreversible agent behavior before execution.

const receipt = await authorize({
  action: "deploy",
  resource: "billing-service"
});

Step 2

Get approval

Permission Protocol creates a review request, enforces policy, and waits for a human or policy decision.

review_url = pp.request.approval_link
status = await pp.wait_for_decision()

Step 3

Receive your receipt

Approved actions get a signed receipt proving who authorized what, when, and under which policy.

if receipt.verified:
    deploy(receipt)
    audit.log(receipt.id)

Full lifecycle.

From attempted action to verified execution, the gate stays closed until authority is proven.

PR Created→↓Permission Protocol→↓Decision

BlockedApproved

Agent acts

The model attempts a deploy, merge, payment, or other high-impact action.

SDK intercepts

The SDK fail-closes the action and turns it into an authorization request.

Request created

Permission Protocol records the action, actor, policy, and review URL.

Human reviews

An approver or policy engine blocks or approves the request.

BlockedApproved

Receipt issued

Approved requests get a signed authorization receipt for verification and audit.

Action proceeds

The system verifies the receipt and only then executes the original action.

The Receipt.

Every approved action produces portable proof that can be inspected by humans and verified by systems.

✓ ACTION AUTHORIZED

Deploy → billing-service

Agent: deploy-bot
Approved by: Sarah Kim
Policy: production-deploy
Timestamp: 2026-03-03 10:14:22 UTC

SignatureVerified ✓

IssuerPermission Protocol

permissionprotocol.com/r/8f91c2

Receipt anatomy

Action: deploy -> billing-service
Agent: deploy-bot
Approver: Sarah Kim
Policy: production-deploy
Timestamp: 2026-03-03 10:14:22 UTC
Signature: pp_sig_a8f2e91c...
Verification status: Verified

See a live receipt

Infrastructure stack.

Identity tells you who requested access. Authority tells you who approved the action.

Layer

System

What It Proves

Identity

OAuth / Okta

Who is making the request

Encryption

TLS

Communication can be trusted

Payments

Stripe

Money can move securely

Observability

Datadog

What happened in the system

Authority

Permission Protocol

Who authorized the action

Ready to add authority?

Ship with an explicit approval gate before agents can merge, deploy, or spend.

Start with the quickstart if you want code first. Talk to us if you need org-wide enforcement, approvals, and auditability.

Get Started Talk to Us