AgentWall is the runtime control plane for AI agents — scoped identity, enforced policies, approval workflows, and spend limits across every MCP server and tool API.
Works alongside
import { AgentWall } from '@agentwall/sdk'
const wall = new AgentWall({
apiKey: process.env.AW_KEY
})
const agent = await wall.register({
name: 'research-agent-v2',
capabilities: ['search_docs', 'read_github'],
policy: {
deny: ['transfer_money', 'delete_*'],
requireApproval: ['send_email'],
budget: { daily: 5.00 }
}
})
// One middleware — wraps any MCP server or REST API
app.use(wall.middleware())Not just authentication — the full runtime control layer that enterprise AI workloads need.
Short-lived signed JWTs per agent instance. Revoke any agent in under 1ms without touching user sessions.
Dynamic policies without redeployments. Allow, deny, rate-limit by capability name.
Protect Model Context Protocol servers. Add auth and governance in a single middleware call.
Pause and route sensitive agent actions for explicit human sign-off via Slack, email, or your own UI.
Tamper-proof cryptographically signed execution history. Every grant, denial, and approval recorded.
Hard spend caps per agent per API per day. Enforced before any external call is made.
Plug in alongside Better Auth, Auth0, generic JWTs, or AgentWall's own issuer. No migration needed.
| Capabilities | API Keys | Generic JWT | AgentWall |
|---|---|---|---|
| Agent identity | — | ~ | ✓ |
| Scoped capabilities | — | — | ✓ |
| Runtime policy enforcement | — | — | ✓ |
| Approval workflows | — | — | ✓ |
| Budget / spend controls | — | — | ✓ |
| Cryptographic audit logs | — | ~ | ✓ |
| MCP server support | — | — | ✓ |
Go beyond authentication. Add the policy, approval, and audit layer that production AI workloads require.