Decide whether an agent action is allowed or denied — outside the LLM, at execution time.
Authorization only. No identity. No login. No tokens.
AI agents make decisions probabilistically.
Authorization cannot.
Today, most agent permissions live in prompts, application code, or ad-hoc checks — making them hard to audit, reason about, or trust.
ActionAuth moves agent authorization out of the LLM and into a deterministic policy layer.
An agent action is any discrete operation an AI agent can perform: reading a database, calling an API, publishing content, or modifying configuration.
Today, most agent systems control access through prompts or application-level checks. Prompts are probabilistic and unreliable. Application code is scattered and hard to audit. Neither approach provides consistent enforcement.
Deterministic authorization means every decision is predictable, repeatable, and explainable. Given the same input, the system always returns the same result. No randomness. No LLM interpretation.
ActionAuth sits between your application and agent execution. Before an agent performs an action, your code asks ActionAuth for permission. ActionAuth evaluates policies, returns ALLOW or DENY, and logs the decision.
Allow and deny decisions must be auditable because agents operate autonomously. You need a record of what was attempted, what was allowed, and why. This audit trail is central to trust and compliance.
Authorization happens outside the LLM because access control is not a language modeling task. It is a deterministic evaluation problem that requires precision, not approximation.
Early access.
Focused on correctness, not completeness.