one decision. one identity. one audit trail.

when an agent needs to act, it requests authorization. a human reviews. if approved, the agent receives a cryptographic identity scoped to that action. no approval, no identity, no action.

agent requests action ackd pauses. sends consent. human reviews. approves. ackd issues svid agent proceeds

mcp tools

the tools your agent calls

tool 1

request_authorization

agent requests human approval before taking an action

inputs

agent_id:      string     // identifier for the agent
action:        string     // description of the action
permissions:   string[]   // specific permissions needed
justification: string     // why the agent needs this
ttl_minutes:   number     // max 60

returns

{ request_id: string, consent_url: string }
tool 2

check_authorization

agent polls to see if the human has responded

inputs

request_id: string

returns

// pending
{ status: "pending" }

// approved
{ status: "approved", svid: string,
  spiffe_id: string, expires_at: string }

// denied or expired
{ status: "denied" | "expired" }
tool 3

revoke_authorization

invalidate an SVID before its TTL expires

inputs

request_id: string
svid_id:    string

returns

{ revoked: true, revoked_at: string }

integration

what it looks like in your agent

typescript mcp tool calls 
const { request_id, consent_url } = await mcp.request_authorization({
  agent_id:      "deploy-agent",
  action:        "terraform apply --target=prod",
  permissions:   ["infra:write", "state:lock"],
  justification: "hotfix for CVE-2026-0001",
  ttl_minutes:   30
});

console.log(`approve here: ${consent_url}`);

// poll until the human responds
let status = "pending";
let result;

while (status === "pending") {
  await sleep(5000);
  result = await mcp.check_authorization({ request_id });
  status = result.status;
}

if (status === "approved") {
  // use the SVID to authenticate the action
  const { svid, spiffe_id, expires_at } = result;
  await deployWithIdentity(svid, spiffe_id);
} else {
  console.log(`authorization ${status}. aborting.`);
  process.exit(1);
}

human side

what the human sees

ackd consent ttl: 28:43
agent deploy-agent
action terraform apply --target=prod
permissions infra:write, state:lock
justification hotfix for CVE-2026-0001

consent screen hosted on CloudFront. authentication via Amazon Cognito. the human must be authenticated to approve.

identity

what the agent receives

on approval, ackd issues a SPIFFE Verifiable Identity Document — a short-lived x.509 certificate. the SPIFFE ID encodes the agent, the request, and the trust domain: 

spiffe://dev.ackd.io/agent/{agent_id}/{request_id}

it is cryptographically bound to this specific approval event. it cannot be reused, transferred, or extended. when it expires, the agent must request new authorization.

architecture

how it's wired

agent your code mcp server aws lambda dynamodb request stored ses email notification human reviews + approves consent ui cloudfront + s3 cognito authenticates spire issues svid svid received. proceeds.
agent your code mcp server aws lambda dynamodb request stored ses email sent human reviews consent ui cloudfront cognito authenticates spire issues svid svid received. agent proceeds.

foundation

built on SPIFFE

SPIFFE (Secure Production Identity Framework for Everyone) is a CNCF standard for workload identity. SPIRE is its reference implementation. ackd uses SPIRE to issue SVIDs — so the identity your agent receives is the same standard your infrastructure team already knows.

learn more at spiffe.io →