HARP is the open protocol powering HumanAuth Read the spec →

Secure authorization for AI agents

End-to-end encrypted approval requests via your phone. Built on HARP, an open, industry standard protocol.

Get Started → View on GitHub
Download on the
App Store
Get it on
Google Play
Approval Request
action: "deploy_production"
description: "Deploy v2.1 to prod cluster"
parameters: { service: "api", region: "us-east-1"}
ttl: 300
requires: "biometric"
What the relay sees
aGFycC1lbnZlbG9wZS12MSx4MjU1MTkse
DQ4N2EyZjNkLi4uLHNhbHQtbm9uY2Us
Y2lwaGVydGV4dC1ibG9iLWVuY3J5cHRl
ZC13aXRoLXgyNTUxOS1rZXktZXhjaGFu
Z2UtYW5kLWFlcy0yNTYtZ2NtLXNvLXRo
ZS1yZWxheS1zZWVzLW5vdGhpbmc9PQ==
E2E Encrypted
Biometric Signed
Zero Knowledge

How it works

Pair your device

Scan a QR code. X25519 keys exchange via Diffie-Hellman.

Agent requests approval

Request is encrypted and sent through the zero-knowledge relay.

Approve on your phone

Biometric sign with Face ID or fingerprint. Full audit trail.

Approval Request
Action
deploy_production
Description
Deploy v2.1 to prod
Expires in 4:32
Deny
Approve

Get the HumanAuth app

Review and approve agent actions from your phone. Biometric authentication with Face ID or fingerprint. Works offline with push notifications.

App Store Google Play

Available for iOS 16+ and Android 12+

Drop-in integration

Works with any MCP client or directly via the SDK.

mcp.json 
{
  "mcpServers": {
    "humanauth": {
      "command": "npx",
      "args": ["@humanauth/mcp"]
    }
  }
}
app.ts 
import { HumanAuth } from "@humanauth/sdk"

const auth = new HumanAuth()

const result = await auth.requestApproval({
  action: "deploy_production",
  ttl: 300
})

Get started with HumanAuth

Choose the integration path that fits your stack.

Add to any MCP agent

Drop-in MCP server. Zero code changes.

MCP Guide →

Build with the SDK

Full control for custom integrations.

SDK Reference →

Self-host the relay

Run your own relay. MIT licensed.

Self-hosting guide →

Open protocol. Free forever.

HARP is an open, MIT-licensed protocol. Self-host free forever, or use the managed relay.

Read the Spec → View on GitHub →