Regent Control
Regent Control sits in the data path in front of an AI agent’s actions. Every tool call — a refund, a wire, a DB write, an API request — is authorized first (allow / deny / escalate), the real credential is injected by a sidecar so the agent never holds a key, and an immutable, attributable audit record is written.
Unlike an out-of-band token service, Regent Control is in-path — so it can enforce on transaction amount (mandates), redact sensitive response content, pause an action for human approval, and contain a hijacked agent. An authorizer that steps out of the path can’t.
How it works
- The agent points its tool calls at the sidecar (HTTP proxy
/{tool}/{path}or MCP) — it holds no provider credentials. - The sidecar asks the gate to authorize the call. The gate evaluates identity, mandate/spend limits, behavioral risk, and policy, and returns allow / deny / escalate — deny-by-default and fail-closed (any internal error denies).
- On allow, the sidecar injects the vaulted credential and makes the real call; on deny, the provider is never touched; on escalate, the action is parked for a human.
What you can enforce
| Capability | What it does |
|---|---|
| Policy (Cedar) | allow / deny / escalate on role, operation, resource, amount, account facts |
| Mandates | spend caps — flat, per-entity (per customer/ticket), and relational (refund ≤ original charge) |
| Delegation | verify the human’s OIDC token, derive the role, record “on behalf of” |
| Human-in-the-loop | escalate to an approver; resume on approval |
| Provider auth | static bearer · OAuth2 · AWS SigV4 · mTLS — vaulted, the agent never sees it |
| Redaction | mask sensitive fields/patterns in responses before the agent sees them |
| Audit + SIEM | immutable, anchored audit log + a real-time webhook to your SIEM |
| Containment | egress lockdown — a hijacked agent can reach nothing but the sidecar |
Get started
The admin path: keys, tools, policy, mandates, delegation, approvals, SIEM, deploy.
Onboarding GuideBring it up with Docker — a zero-prod demo (docker compose up) and a real deployment.
A full end-to-end example — role, spend caps, delegation, and human approval.
Walkthrough: Refund AgentThe developer path: Python / TypeScript SDKs, MCP, error contract, token verifier.
SDK & Integration