PERMISSION/PROTOCOL

Integrations

Authorization for the frameworks your agents run on.

Permission Protocol adds a human approval gate and signed authority receipt to any AI agent framework. One decorator or API call. The gate is external to the agent — it cannot be bypassed by prompt or reinterpreted by context.

LangChain authorization gate

LangChain

LangChain agents can invoke tools that call APIs, write files, execute code, and deploy infrastructure. Permission Protocol adds an external authorization gate — an approval receipt that must exist before any tool call executes. The agent pauses, a human approves, and execution continues only with a cryptographic proof of authorization.

View integration

OpenAI Agents authorization gate

OpenAI Agents

OpenAI Agents SDK agents execute handoffs and tool calls autonomously. Permission Protocol adds an authorization layer — a signed receipt that must exist before any consequential tool call runs. The agent pauses at the gate, a human approves, and the receipt travels with the action as cryptographic proof of authorization.

View integration

CrewAI authorization gate

CrewAI

CrewAI crews delegate tasks between specialized agents, each with their own tools. Permission Protocol adds an authorization gate at the tool level — the agent pauses, a human approves, and execution only continues with a signed receipt. One decorator protects any tool in any crew.

View integration

Claude Code authorization gate

Claude Code

Claude Code can open pull requests, push commits, and trigger CI workflows. Without an external enforcement boundary, it can reach production as soon as it interprets a message as authorization — which is not the same as a human actually authorizing it. Permission Protocol adds the external gate: merge and deploy are blocked until a signed receipt exists. The agent cannot bypass this with a better prompt.

View integration

MCP tool call authorization

Model Context Protocol (MCP)

MCP servers expose powerful tools to AI agents — filesystem access, code execution, API calls, database operations. Once an MCP server is trusted, the agent can invoke any tool it exposes without further approval. Permission Protocol adds an authorization gate at the tool level: a signed receipt must exist before the tool handler runs. The MCP server calls the gate; the gate calls the human.

View integration

Not listed?

Any framework. Any language.

Permission Protocol works with any agent framework through the authorize() API or @require_approval decorator. If your framework isn't listed, the quickstart covers the core pattern that applies everywhere.