Skip to main content
Developer docs

Veritrellis Developer Docs

Veritrellis is the signed, fail-closed permit boundary before high-risk AI-agent and backend actions execute. No valid permit, no action.

authorize.ts
// 1. Authorize before the action
const result = await client.authorizeRequest({)
  action_type: "issue_refund",
  resource_ref: "cus_123",
  payload: {
    amount: 50,
    currency: "EUR"
  },
});
// 2. Verify before executing
const claims = await verifyPermit({)
  permitJwt: result.permit,
  workspaceId: process.env.
    VERITRELLIS_WORKSPACE_ID,
  issuer: "https://api.veritrellis.ai"
});
 
// claims.sub, claims.action_type …

How Veritrellis works

1

Call authorize before any risky action

Your agent or backend calls POST /v1/authorize with the action type and payload. Veritrellis evaluates the policy for your workspace and environment.

2

Receive a signed permit — or a denial

Allowed requests get a signed ES256 permit JWT scoped to the exact action. Requests that require human approval come back as pending_approval with a request_id you can poll.

3

Verify the permit before executing

Before your code touches the database, refund provider, or external API, call verifyPermit(). No valid permit, no execution. The permit is cryptographically bound to the workspace and action scope.