Execution Gates
Human-in-the-loop verification for AI agents, CI/CD pipelines, and autonomous systems. Cryptographic proof that a human approved the action.
Control Autonomous Actions
As AI agents become more capable, they need guardrails. Execution Gates provide cryptographically verified human approval.
AI Agent Authorization
Autonomous agents declare intents before executing. High-risk actions like payments, data modifications, or external API calls require human permits.
Pipeline Execution Gates
Terraform applies, production deployments, and infrastructure changes gate on verified human approval. Integrates with GitHub Actions, GitLab CI, and more.
Cryptographic Permits
RSA-signed, short-lived, action-scoped tokens. Verify offline without network calls. Full audit trail of who approved what and when.
How Execution Gates Work
A complete step-by-step guide to adding human oversight to your AI agents and automation pipelines.
Agent Declares Intent
Your AI agent or CI/CD pipeline calls the SilentAuth API to declare what action it wants to perform. This creates an intent record with full context.
// AI agent declares intent before executing
const intent = await silentauth.createIntent({
action: 'deploy_production',
params: {
service: 'api-server',
version: '2.1.0',
environment: 'production'
},
context: {
triggered_by: 'scheduled_release',
commit_sha: 'a1b2c3d4'
},
approvers: ['ops-team', 'jane@company.com']
});
console.log(intent.id); // "int_abc123..."
console.log(intent.status); // "pending_approval"
console.log(intent.approval_url); // URL for human to approvePolicy Evaluation
SilentAuth evaluates the intent against your project's policies. Low-risk actions may auto-approve; high-risk actions trigger human verification.
// Policy configuration (set in dashboard)
{
"rules": [
{
"action": "deploy_production",
"require_approval": true,
"approvers_required": 1,
"allowed_approvers": ["ops-team"],
"time_restrictions": {
"block_weekends": true,
"block_hours": [0, 6] // Block 12am-6am
}
},
{
"action": "read_logs",
"require_approval": false // Auto-approve
}
]
}Human Receives Notification
Designated approvers receive notifications via their configured channels. They can review full context before approving or denying.
Human Reviews and Approves
The approver reviews the intent details, sees full context, and makes an informed decision. They can approve, deny, or request changes.
// What the approver sees:
{
"intent_id": "int_abc123",
"action": "deploy_production",
"requested_at": "2024-03-15T14:30:00Z",
"requested_by": "AI Release Agent",
"params": {
"service": "api-server",
"version": "2.1.0",
"environment": "production"
},
"context": {
"triggered_by": "scheduled_release",
"commit_sha": "a1b2c3d4",
"tests_passed": true,
"staging_verified": true
},
"risk_score": 0.7,
"risk_factors": ["production_environment", "business_hours"]
}
// Approver clicks "Approve" or "Deny"Cryptographic Permit Issued
Once approved, SilentAuth issues a cryptographically signed permit token. This permit is time-limited and scoped to the specific action.
// Agent receives the permit
const permit = await intent.waitForApproval({
timeout: 3600000 // Wait up to 1 hour
});
console.log(permit.token); // "eyJhbGciOiJSUz..."
console.log(permit.approved_by); // "jane@company.com"
console.log(permit.approved_at); // "2024-03-15T14:35:00Z"
console.log(permit.expires_at); // "2024-03-15T15:35:00Z"
// The permit token contains:
// - Intent ID and action
// - Approver identity
// - Approval timestamp
// - Expiration time
// - RSA signatureBackend Validates and Executes
Your backend receives the permit token, validates it cryptographically, and only then executes the sensitive action. Full audit trail is logged.
// Backend validates permit before executing
async function deployProduction(permitToken, deployParams) {
// Validate the permit
const validation = await silentauth.validatePermit(permitToken);
if (!validation.valid) {
throw new Error(`Invalid permit: ${validation.error}`);
}
// Verify permit matches this action
if (validation.action !== 'deploy_production') {
throw new Error('Permit action mismatch');
}
// Check permit hasn't expired
if (new Date(validation.expires_at) < new Date()) {
throw new Error('Permit expired');
}
// Permit valid - execute the action
console.log(`Deploying with approval from ${validation.approved_by}`);
await executeDeployment(deployParams);
// Log to audit trail
await silentauth.logExecution({
permit_id: validation.permit_id,
status: 'completed',
result: { success: true }
});
}Use Cases
Execution Gates are designed for any scenario where autonomous actions need human oversight.
AI Agent Payment Authorization
Customer service AI needs approval before issuing refunds over $100
Production Deployments
CI/CD pipelines gate on human approval before deploying to production
Database Operations
Data export, bulk updates, or schema changes require DBA approval
Infrastructure Changes
Terraform applies, DNS changes, and scaling operations need ops approval
Secret Rotation
Automated credential rotation requires security team sign-off
Multi-Party Transactions
High-value operations require approval from multiple stakeholders
Integrations
Works with your existing tools and frameworks.
Why Execution Gates?
Audit Trail
Complete history of who approved what, when, and why.
Compliance Ready
Meet SOC2, GDPR, and industry-specific requirements for human oversight.
Offline Validation
Permits can be validated cryptographically without network calls.
Flexible Policies
Auto-approve low-risk, require multi-party for high-risk.
Add human oversight to your systems
Start free with 1,000 intents/month. Scale as your AI agents grow.
Get Started Free