Security Infrastructure for AI Agents
Permissions, approvals, tokens, and audit trails so your AI asks before it acts.
You build the AI agent. oakallow governs what it can do. Every tool execution is checked against permission rules, approved by a human when needed, signed with a cryptographic token, and logged for complete auditability.
How oakallow Works
A hosted API that sits between your AI agent and the tools it wants to execute. Three pillars: govern, approve, audit.
Govern
Permission Resolution
A 12-level resolution chain evaluates tenant, org, resource, tool, method, and category rules to produce a definitive allow, deny, or approval-required decision at the edge.
Multi-Tenant Scoping
Define different permission rules for each of your customers. Tenant-scoped rules take precedence over org-wide rules, giving you fine-grained control.
Approve
Human-in-the-Loop Approvals
When a tool requires human review, the approval request is created with full context. Reviewers approve or deny from the dashboard. Configurable timeouts prevent stale requests.
HMAC-Signed Execution Tokens
After permission is confirmed, mint a single-use cryptographic token. The token proves the action was authorized and cannot be replayed.
Audit
Complete Audit Trail
Every permission check, approval decision, and tool execution is logged with full parameters, timestamps, and resolution details. Queryable via API and dashboard.
API Key Security
Keys are SHA-256 hashed at creation. The Cloudflare Worker authenticates at the edge and strips the raw key before it reaches the backend. Your secrets never touch the API server.
Integrated in Minutes
A REST API that works with any language, any framework, and any AI agent architecture.
Register Your Tools
Define the tools your AI agent can execute. Set the name, category, risk level, and parameter schema. Use the API Builder to generate seed scripts or call the API directly.
Define Permission Rules
Create granular rules that control which tools are allowed, which need approval, and which are disabled. Scope rules by tenant, resource, and method for precise control.
Check Permissions at Runtime
Before your agent acts, call the permission check endpoint. The decision happens at the edge in under a millisecond. Get a clear allow, deny, or approval-required result.
Execute with Cryptographic Proof
Mint a single-use HMAC-signed token, execute the tool, and log the result. Every action is auditable with complete parameters and outcomes.
Simple API, Powerful Governance
One API call to check permissions. One to mint a token. One to log the result.
Secure by Design
Every layer of oakallow is built with security as a first principle. Your data, your keys, your rules.
Edge-First Architecture
Permission resolution happens in Cloudflare Workers for sub-millisecond decisions. Your API keys are verified at the edge and never forwarded to the backend.
Approval Workflows
High-risk actions require human sign-off before execution. Notifications inform. Authorization happens in the dashboard, not in chat.
Immutable Audit Trail
Every permission check, token mint, and execution is logged. Complete visibility into what your AI agent did, when, and why it was allowed.
You Define the Boundaries
Configure what is allowed, what requires approval, and what is disabled. The boundaries your team defines are enforced at every layer.
Your AI Agents Deserve a Security Layer
Start with $5 in free credits. No credit card required. Register your tools, define your permission rules, and start checking permissions in minutes.