What is Axtary

Axtary is a runtime authorization layer for AI-agent actions. Before an agent's tool call reaches GitHub, Slack, Linear, a database, or an internal API, Axtary normalizes it, checks it against deterministic policy, optionally requires a human to approve the exact payload, signs a short-lived ActionPass for the allowed action, records a tamper-evident ledger entry, and only then executes it through a scoped connector.

The agent never holds your provider credentials, and an approval cannot be replayed against different content — the approval binds to the SHA-256 hash of the exact payload.

The problem

Agents are getting identities and API keys, but tokens authorize a channel ("this agent may post to Slack"), not the content ("this agent may post this exact message to this channel"). A prompt-injected or confused agent holding a valid token can still open a PR that touches infra/prod/, read a .env, or message the wrong channel. OAuth scopes are too coarse for probabilistic actors.

What Axtary actually does

  • Decides before execution. Policy runs on the hot path and fails closed — nothing executes unless it's explicitly allowed.
  • Binds approvals to content. High-blast-radius actions require a human to approve the exact payload/diff; the signed pass is bound to that payload's hash, so the agent can't swap it afterward.
  • Keeps credentials out of the agent. Provider secrets live in a local proxy/broker, never in the model's context.
  • Records everything. Every decision and outcome is written to a hash-chained ledger you can verify offline and export.

How it's shaped

Axtary runs as two planes:

  • Local enforcement plane (the axtary CLI / proxy / SDK / Claude Code hook / MCP wrapper) — runs on your machine, holds the provider credentials, makes the decision, and executes. This is the hot path.
  • Hosted control plane (the dashboard at axtary.com) — where humans review approvals, inspect the synced ledger, and manage the team. It never sees a provider credential and is never required for an action to run.

New here? Start with the Quickstart, then read Core concepts.

Versioning

Axtary follows semver, and the version in the header is the single source of truth — the docs, the @axtary/* npm packages, and tagged releases all move together. Axtary is currently 0.x (pre-1.0): the runtime is real and demoable, but APIs may still change before the first stable 1.0.0 release.