For founders, CTOs, and platform leads · 2026

Add human approval
to any AI agent.
In six lines.

Stop building approval pipelines that should already exist. Drop in a biometric-signed authorization layer — your backend rejects what no human approved, without you writing the verifier.

Begin See how it works
6
lines of code

From npm install to first authorized action.

47s
to integrate

Pair an agent to a phone in under a minute.

< 1ms
verifier hot-path

Receipts verify offline. Zero RTT at the edge.

The problem

Your agents have credentials, code execution, and reach into your customer data. Right now, nothing's asking permission.

6
Lines of code
MCP · TypeScript · Python
Add it now

Three new tools your agent has by lunch.

Install the CLI, scan the QR with the HumanAuth app, paste the snippet into your agent config. You're done. Your agent can now ask, collect, and inform.

$
npx @humanauth/cli pair
mcp.json
// Add to your agent's MCP config — that's it
{
  "mcpServers": {
    "humanauth": {
      "command": "npx",
      "args": ["@humanauth/mcp"]
    }
  }
}

// Three new tools: human_authorize, human_collect, human_inform
What happens

Four moves. Your agent learns to ask. You ship the rest.

01

Your agent asks

It calls auth.authorize() with the action it wants to perform. The SDK encrypts the request and routes it to your phone.

02

You see it

Push notification. Plain-language summary of what the agent wants. Anomaly flags if it's acting outside its pattern.

03

Touch ID confirms

One tap. The device signs the response with a key locked in its secure enclave — never leaves your phone.

04

Your backend verifies

Drop the receipt into your handler. Ten lines verify it offline. No receipt, no execution — by construction.

Architecture

The relay routes envelopes. Only your phone sees content.

End-to-end encrypted between agent and approver device. The relay can route — it cannot decrypt. By design, by math, by audit.

Agent
Your code
SDK / MCP server
Relay
Cloudflare Workers
Encrypted-payload router
Approver device
Biometric · Secure enclave
Cryptography
XChaCha20-Poly1305 Ed25519 X25519 HKDF-SHA256
Receipts

Your backend rejects what no human approved.

Every approval mints a short-lived, signed receipt bound to the exact action and its parameters. Your backend verifies it offline in ten lines. No receipt, no execution — without you writing the verifier from scratch.

Plan-hash bound

Receipt is cryptographically tied to the parameters the human saw. Parameter swap is rejected.

Single-use, replay-safe

Composite jti + idempotency key. Same key retries safely; different key is an attack.

Offline verifiable

EdDSA + JWKS. Zero RTT in your hot path. Fast at the edge.

Integrations

Drops into whatever you're already running.

Claude / MCP

Drop-in MCP server. Zero code changes.

Guide
LangChain

Human-in-the-loop authorization tool.

Guide
CrewAI

Gate critical crew actions with biometrics.

Guide
AutoGen

Authorization checkpoints in multi-agent flows.

Guide
OpenAI Agents SDK

Drop-in authorization for native agents.

Guide
Custom agents

Full SDK for TypeScript or Python.

Guide
High severity
4:53
A
Acme Deploy Bot
47 approvals · 30d
wants to
Delete repository
acme-corp/old-experiment
Touch ID required
What your humans see

Plain language. Severity at a glance. Eight seconds, decided.

No login walls, no inscrutable JSON. Your approvers see what the agent wants in human language. Anomalies are flagged when a request deviates from an agent's pattern. Tap to approve, Touch ID confirms, receipt logged.

App Store Google Play

iOS 16+ · Android 12+

Build vs. buy

You could build this. You shouldn't.

What you'd have to build
  • 01 A mobile app on two platforms, signed with App Store / Play Store credentials, maintained against OS updates forever.
  • 02 Push notification infrastructure for iOS APNs and Android FCM, with reliability monitoring and token refresh.
  • 03 Device key generation in the secure enclave, pairing protocol, multi-device key management, lost-device recovery.
  • 04 End-to-end encryption with audited cryptographic libraries. Replay protection. Receipt format. Verifier SDK in every language your customers use.
  • 05 An audit trail your security team trusts. Anomaly detection. Tenant management. The runbook for the day a CISO asks you to prove it works.
What you do instead

Paste six lines. Ship the part only you can build.

We've spent eighteen months on the parts above so you don't have to. The mobile app, the cryptography, the verifier, the runbook — they're done. They're open source. You drop them in.

The part you couldn't outsource? Your agent's intelligence, your product's voice, the integration with your data. That's still yours. We just took the boring scaffold off your plate.

Open source · MIT licensed

You own the infrastructure. No vendor lock-in.

The SDK, the verifier, the mobile app, the relay — all MIT licensed. Self-host the whole stack if your compliance team requires it. Use our managed instance if you don't.

Self-hosting guide → Security model → GitHub →

Ship the next thing.
Let humans approve the dangerous one.

$
npx @humanauth/cli pair
Get Started