Docs Blog Pricing Sign In Sign Up

Loading…

Issue, scope, and audit action passports so your AI agents act with verifiable, policy-bound authority.

Deterministic · Fail-closed · Tamper-evident evidence

Product

Action Passports
Policy Builder
Approvals
Evidence Ledger
AI Policy Copilot
Pricing

Developers

Documentation
API Reference
SDK
CLI
Status

Company

About
Blog
Contact

Legal

Privacy
Terms
Security
DPA

© 2026 ActPass, Inc. All rights reserved.

Getting Started

Overview
Quickstart
Core Concepts

Guides

Agents & Exposure

Reference

API Reference
SDKs
CLI & CI
Integrations

Help

FAQ

ActPass Documentation

ActPass sits between your AI agents and the tools they call. Every risky action — a refund, a deploy, an email — gets a deterministic allow / deny / needs-approval decision before it executes, and a tamper-evident audit record after.

How it works

Your agent (or our proxy in front of it) calls POST /api/v1/actions/preflightbefore executing a tool. ActPass verifies the agent's Action Passport, checks whether the tool's definition has drifted since it was approved, evaluates your policy, and returns one decision with a typed reason code. Allowed actions proceed; denied ones don't; ambiguous ones wait for a human. Everything is recorded in a hash-chained evidence ledger.

The decision is made by a deterministic rules engine — never by a model— and the system fails closed: if ActPass is unreachable or a signature doesn't verify, the action is blocked, not waved through.

The product suite

Action Passports

Short-lived, signed credentials that scope what an agent may do — tools, resources, spend ceilings — for one goal.

Deterministic JSON rules evaluated outside the LLM. Same input, same decision — every time, explainably.

Approvals (HITL)

Risky actions pause for human review in the dashboard or Slack. Approval unlocks exactly one tenant + tool.

Drift Monitoring

Tool definitions are hashed and semantically diffed. A tool that changes meaning is re-approved before it runs again.

Every decision is sealed into an append-only hash chain. Export signed, tamper-evident bundles for auditors.

Gateways & Integrations

MCP proxy, REST proxy, SDKs, CLI scanner, GitHub Action, Slack, SIEM — meet your agents where they run.

Choose your path

I want my first decision in 5 minutes →

Sign up, create a key, call preflight, wrap an action with the SDK.

I want to scan my agent before launch →

Run the CLI scanner over your MCP/OpenAPI configs locally or in CI.

I run agents over MCP →

Put the ActPass MCP proxy in front of any MCP server — no agent changes.

I have questions first →

Latency, failure modes, data handling, compliance, self-hosting.