Drop-in SDK + MCP server
Six lines in your agent config and you have three new tools:
authorize, collect, inform.
Works with Claude, OpenAI, LangChain, CrewAI, AutoGen, custom builds.
HumanAuth
Add human approval to any AI agent in six lines. Biometric-signed. Replay-bound. Auditable.
What is HumanAuth?
Section titled “What is HumanAuth?”HumanAuth is a drop-in human-approval layer for AI agents. It lets your agent ask before it acts on real money, real infrastructure, or real customer data — and gives your backend a cryptographic receipt it can verify offline. Three pieces ship together: an SDK for your agent to call, a mobile app for humans to approve from their phone, and a verifier for your backend to enforce the result.
HumanAuth is agent-agnostic. If your system speaks HTTP or MCP, it can request human approval through HumanAuth.
What you get
Section titled “What you get”Biometric non-repudiation
Approvals are signed with an Ed25519 key in the user’s Secure Enclave. Biometric authentication gates every signature.
Offline-verifiable receipts
Your backend verifies receipts with JWKS + plan-hash binding in ~10 lines. No RTT in your hot path. No receipt = no execution, by construction.
End-to-end encrypted relay
All approval context is end-to-end encrypted between agent and phone.
The relay routes opaque envelopes by pair_id — it never sees
plaintext. Self-host it or use the managed service.
The flow
Section titled “The flow”The four parties
Section titled “The four parties”A
Agent
Your code. Integrates via the HumanAuth SDK or MCP server. Holds a platform keypair and a shared secret per pairing.
|
R
Relay
Encrypted-payload router. Routes opaque envelopes by pair_id → device_id → push_token. Stores only routing metadata; never sees plaintext. Free tier holds ciphertext in memory until TTL; paid tiers retain ciphertext for 30–90 days for delivery guarantees.
|
H
Human
The approver, holding the mobile app. Decrypts approval context, confirms with biometrics, signs the response with an enclave-protected Ed25519 key.
|
B
Backend
Your execution layer. Verifies the receipt with @humanauth/verifier before performing the action. No receipt, no execution — by construction.
Cryptographic primitives
Section titled “Cryptographic primitives”| Primitive | Usage |
|---|---|
| X25519 ECDH | Key agreement during pairing |
| HKDF-SHA256 | Shared secret derivation |
| XChaCha20-Poly1305 | Authenticated encryption of all approval payloads |
| Ed25519 | Receipt signing (platform + device cosignature) |
| JCS (RFC 8785) + SHA-256 | Plan-hash binding (parameter integrity) |
| Secure Enclave / TEE | Hardware-backed key storage, biometric-gated signing |
Packages
Section titled “Packages”| Package | Purpose |
|---|---|
@humanauth/sdk | TypeScript SDK — send authorization requests from any agent |
@humanauth/verifier | Verifier SDK — requireReceipt() for your backend or MCP server (guide) |
@humanauth/cli | CLI — pair devices, test approvals, inspect receipts |
@humanauth/mcp | MCP server — drop-in human approval for any MCP-compatible agent |
| OpenAPI 3.1 spec | Codegen typed clients for Python, Go, Java, Ruby, Rust, etc. |