PERMISSION/PROTOCOL
RC

Rod Carvalho

Founder, Permission Protocol

AI agents are writing code, moving money, deleting data, and calling APIs across enterprise systems. Most of them do it without any external proof that a human authorized the specific action.

I’m building Permission Protocol to close that gap. One enforcement layer that puts a named human signer on every consequential agent action before it executes, and issues a signed receipt that proves it.

Live today

GitHub merge gates for AI-authored code. Agent PRs stay blocked until the right human signs the exact commit. Signed receipt issued. Works with Cursor, Claude Code, Copilot, Codex, Devin.

Building next

Authorization receipts for any agent action, any system. Deploys, data mutations, API calls, financial transactions, compliance workflows. Same primitive: named signer, signed receipt, before execution.

What a receipt proves

Action merge PR #184 → production
Policy prod-deploy-v2
Commit 9f2c1a7
Timestamp 2026-05-28T15:42:03Z
✓ Verified Receipt-ID rcpt_792x_kf93

If this resonates, reply to the email that brought you here.

Or book 15 minutes directly. I’m looking for honest reactions from people building in this space.