Quickstart
From zero to your first enforced decision in five minutes. No agent rewrite required — start in monitor mode and tighten from there.
1. Create an API key
Sign up, then create a gateway key from the dashboard (or via POST /api/v1/keys). The key is shown once and stored hashed — treat it like a password.
shell
export ACTPASS_API_KEY="sk_live_..." # shown once at creation2. Make your first preflight call
Ask ActPass whether an action should proceed. Nothing executes here — preflight is a pure decision.
curl
curl -X POST https://actpass.org/api/v1/actions/preflight \
-H "Authorization: Bearer $ACTPASS_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"tool": "stripe.refund.create",
"resource": "stripe:charge:ch_123",
"args": { "amount": 4900, "currency": "usd" },
"agent_id": "support_agent",
"user_id": "user_456",
"goal": "resolve_refund_request",
"mode": "monitor"
}'response
{
"decision": "allow",
"reason_code": "refund.small_in_scope",
"risk_tier": "high",
"explain": {
"summary": "Policy refund_policy v3: allow.",
"matched_rules": ["small_refund_auto_approve"],
"next_steps": []
},
"evidence_event_id": "ev_..."
}3. Wrap a real action with the SDK
guard() combines the decision and the execution: your function only runs when the decision is allow.
npm
npm install @actpass/sdkTypeScript
import { ActPass } from '@actpass/sdk';
const actpass = new ActPass({
apiKey: process.env.ACTPASS_API_KEY!,
tenantId: 'your-team-id',
agentId: 'support_agent',
});
const { decision, result } = await actpass.guard({
goal: 'resolve_refund_request',
tool: 'stripe.refund.create',
resource: 'stripe:charge:ch_123',
args: { amount: 4900, currency: 'usd' },
mode: 'enforce',
execute: async () => stripe.refunds.create({ charge: 'ch_123', amount: 4900 }),
});
if (decision.decision !== 'allow') {
console.log('Blocked:', decision.reason_code, decision.explain.summary);
}4. Roll out with modes
Adoption is gradual by design. Start in monitor, watch the dashboard, then enforce.
| Mode | Behavior | Use it when |
|---|---|---|
monitor | Decisions are recorded but nothing is blocked. | First week — learn what your agents actually do. |
warn | Violations surface as warnings; actions still proceed. | Tuning policies with your team watching. |
enforce | Denies block. require_approval pauses for a human. | Production default. |
strict | Enforce, plus high/critical-risk tools require a passport. | Payments, deploys, data exports. |
Tip:Most teams run
monitor for a few days, review what would have been blocked under enforce in the dashboard, fix the false positives in their policy, and flip the switch with confidence.