Documentation

What is Agent Access Control?

Agent Access Control is a deterministic security layer for AI agents. Unlike prompt-based restrictions, AAC uses mathematical policy evaluation to guarantee what agents can and cannot access.

• • No LLM calls — Pure logic, no hallucinations
• • Append-only audit trail — Every decision is logged
• • Default deny — Secure by default
• • Priority-based policies — First match wins

Gateway API

The single endpoint for all agent requests. Validates credentials, evaluates policies, and logs decisions.

Authorization: Bearer aac_your_api_key_here
Content-Type: application/json

{
  "tool": "customer_database",
  "action": "read_customer",
  "input": {
    "customer_id": "123"
  }
}

{
  "request_id": "550e8400-e29b-41d4-a716-446655440000",
  "decision": "allow",
  "policy_id": "abc123",
  "output": {
    "status": "simulated",
    "echo": { "customer_id": "123" }
  }
}

{
  "request_id": "550e8400-e29b-41d4-a716-446655440000",
  "decision": "deny",
  "policy_id": "xyz789",
  "error": {
    "code": "DENIED",
    "message": "Denied by policy: Deny Write Access"
  }
}

5-Minute Quickstart

1. 1.Sign up and create your organization
2. 2.Define your first agent (e.g., "Support Bot")
3. 3.Add a tool with actions (e.g., "Customer DB" with read/write actions)
4. 4.Create policies (allow read, deny write)
5. 5.Generate API key and test with cURL

Security Model

• ✓API keys are SHA-256 hashed and never stored in plaintext
• ✓Row Level Security (RLS) enforces org-based isolation in Postgres
• ✓Audit logs are append-only and written before responses
• ✓Default deny policy — explicit allow required
• ✓No LLM calls means no prompt injection vectors