Your AI agents need permission.
Your phone is the key.

End-to-end encrypted approval requests, delivered to your phone in real time. Biometric signing. Full audit trail. Zero-knowledge relay.

Get Started View Protocol Docs

Built on HARP — the open protocol for AI authorization

Agent

SDK / MCP

Encrypts request with shared key

Relay

Zero-knowledge

Routes opaque blobs, sees nothing

HARP App

Your phone

Biometric approve / deny

Encrypted envelope → Push notification →

← Encrypted response ← Signed decision

Getting started

Three steps. Five minutes.

No server infrastructure required. No cloud accounts to configure.

1

Pair your device

Scan a QR code with the HARP mobile app. X25519 keys are exchanged via Diffie-Hellman. The relay never sees them.

2

Agent requests approval

Your agent encrypts the action context with XChaCha20-Poly1305 and sends the opaque envelope through the relay to your phone.

3

Approve with biometrics

Review the action, authenticate with Face ID or fingerprint. Your signed response flows back. Agent proceeds. Seconds, not minutes.

Security first

Built for production

Every design decision in HARP serves one goal: your approval data stays yours.

End-to-End Encrypted

XChaCha20-Poly1305 encryption with X25519 key exchange. The relay, the network, and even HumanAuth itself never see your approval context, parameters, or reasoning. Cryptographic privacy by default.

Zero-Knowledge Relay

The relay is a dumb pipe by design. It routes opaque encrypted blobs and knows nothing about their contents. Self-host it, or use the managed relay. Either way, your data stays unreadable.

Any Agent Platform

Works with Claude Code, OpenAI agents, LangChain, custom agents, or anything that speaks HTTP.

MCP Compatible

Three lines of config. Any MCP-compatible agent gets an authorize tool automatically.

Biometric Signing

Approvals signed with Ed25519 keys protected by Face ID or fingerprint. Cryptographic non-repudiation.

Full Audit Trail

Both sides retain full plaintext independently. Export logs for SOC 2, HIPAA, or SOX compliance.

Integration

Five minutes to first approval

Choose your integration: zero-config MCP or full SDK control.

MCP Config 3 lines

{
  "mcpServers": {
    "harp": {
      "command": "npx",
      "args": ["@humanauth/mcp"]
    }
  }
}

SDK Usage TypeScript

import { Authorizer } from "@humanauth/sdk";

const auth = new Authorizer(pairing);

const result = await auth.requestApproval({
  action: "deploy_production",
  description: "Deploy v2.1 to prod",
  parameters: { service: "api", version: "2.1.0" },
  ttl: 300,
});

if (result.decision === "approved") {
  await deployToProduction();
}

Open Source

Built on HARP

HARP (Human Authorization Relay Protocol) is the open standard behind HumanAuth. MIT licensed. Self-hostable. Built for interoperability.

No vendor lock-in. Run the relay on your own infrastructure, use any compatible client, build your own integrations.

Read the Spec View on GitHub

MIT License Self-hostable Protocol-first No vendor lock-in

Pricing

Open protocol. Simple pricing.

Self-host free forever, or use the managed relay.

Free

$0 /month

For individuals and experiments

100 approvals / month
Community relay
All SDK features
Community support

Get Started

Recommended

Pro

$49 /month

For teams shipping with agents

5,000 approvals / month
99.9% SLA
Team dashboard
Priority email support