Rod Carvalho
Founder, Permission Protocol
AI agents are writing code, moving money, deleting data, and calling APIs across enterprise systems. Most of them do it without any external proof that a human authorized the specific action.
I’m building Permission Protocol to close that gap. One enforcement layer that puts a named human signer on every consequential agent action before it executes, and issues a signed receipt that proves it.
Live today
GitHub merge gates for AI-authored code. Agent PRs stay blocked until the right human signs the exact commit. Signed receipt issued. Works with Cursor, Claude Code, Copilot, Codex, Devin.
Building next
Authorization receipts for any agent action, any system. Deploys, data mutations, API calls, financial transactions, compliance workflows. Same primitive: named signer, signed receipt, before execution.
What a receipt proves
If this resonates, reply to the email that brought you here.
Or book 15 minutes directly. I’m looking for honest reactions from people building in this space.
Built for OWASP Agentic Top 10 · Tracking agent incidents · Technical deep dive