The Clearance Layer for Agentic Access

Decide who gets through — per request.

AIdenID is the site-owned decision layer for AI-agent traffic. Cryptographic hard path. Confidence-labeled soft path. Transparency-log audit path. Six outcomes per request — allow, throttle, queue, sandbox, deny, or price — with revocation and evidence built in.

Read the Thesis

Per-request decisionsInstant revocationTransparency-log auditCross-edge neutral

aidenid-control-plane

Actor classification

browser request

signature · DPoP · session

verify

verified_agent

proof bound to route

route

/checkout

strict policy

AIdenID separates verified agents, signed agents, suspicious automation, and unknown traffic before policy runs.

proof verifiedactor classified

Clearance, end-to-end.

From edge verification to revocation, AIdenID decides — per request — who gets through, what they can do, and what evidence they leave behind.

Route Clearance Policy

Declare what each route should do with verified agents, signed agents, suspicious automation, and unknown traffic. Observe first, enforce when ready.

Cryptographic Agent Proof

Verify RFC 9421 request signatures, DPoP proofs, exchanged session tokens, key epochs, and replay resistance before a request reaches sensitive handlers.

Six Outcome Ladder

Return allow, throttle, queue, sandbox, deny, or price_required with deterministic precedence. The origin sees a decision, not raw upstream credentials.

Live Demo Swarms

Send authorized browser swarms through staging portals and watch the dashboard split verified, signed, suspicious, and unknown traffic with replayable evidence.

Transparency-Log Audit

Every decision can emit OCSF-shaped events and Merkle-rooted audit evidence so security teams can prove what happened after revocation or dispute.

Edge and Origin Verifiers

Run the same clearance model at Cloudflare, Fastly, Node, Python, or origin middleware. Start in shadow mode, then enforce by route.

Instant Revocation

Bump an issuer epoch or revoke a session and strict routes stop accepting the actor before grant lookup, without leaking whether a grant exists.

Three steps to a clearance gate.

Mount the verifier, route each request through policy, and keep the evidence stream live for security, product, and finance.

Mount

Add AIdenID at the edge or origin and register the routes that need observe, shadow, or enforce behavior.

# Register a target and policy mode
curl -X POST /v1/targets \
-H "Authorization: Bearer $AIDENID_KEY" \
-d '{
"host": "app.example.com",
"default_mode": "shadow"
}'

Decide

Each request is classified, verified when proof exists, checked against route policy, and assigned one of six outcomes.

# Per-request decision
POST /v1/decisions

{
"actor_class": "verified_agent",
"action": "allow",
"reason": "signature+dpop+session"
}

Audit & Revoke

Decisions stream to the dashboard, exporters, and transparency log. Revoke a session or epoch and strict routes stop it cold.

# Live control plane
GET /v1/decisions/stream
POST /v1/revoke

{
"epoch": 42,
"outcome": "deny_before_grant_lookup"
}

Works with every AI framework

AIdenID plugs into the tools your agents already use. REST API, TypeScript SDK, MCP server — pick your interface.

OpenAIAnthropicGoogle GeminiLangChainCrewAIAutoGPTClaude CodeCursorCopilotMistralAWSDockerGitHub ActionsTerraformFastAPIPythonTypeScriptNode.jsSlackCloudflare

Don't take our word for it

Still not sure if AIdenID is right for you?

Let your preferred AI research the public case. Each link opens a transparent evaluation question you can edit before sending.

Ask ChatGPT Ask Claude Ask Perplexity Ask Gemini Ask Grok

Clearance use cases. One control plane.

Health, commerce, internal tools, and demos all run through the same decision ladder, revocation model, and evidence stream.

Health Portal Clearance

Shipped

Let helpful agents through without opening the whole portal.

Protect authenticated patient, care, and benefits flows with route-level decisions, revocation, and replayable demo evidence from real staging traffic.

Digital HealthBuilder

Checkout Agent Gate

Shipping Next

Separate buyer agents from scraping and fraud bursts.

Apply per-route price, throttle, queue, or deny outcomes to commerce traffic so approved agents can transact and unknown automation pays its way or backs off.

CommerceSecurity

Internal Copilot Boundary

Coming Soon

Give internal agents a gate they cannot widen.

Put agent access to admin tools, docs, and customer systems behind signed requests, route policy, epoch revocation, and transparency-log evidence.

Enterprise ITSecurity

Demo Swarm Evidence

Coming Soon

Show the clearance layer with live traffic, not slides.

Authorized browser swarms hit three staging portals, emit actor-class traffic, and produce dashboard logs, videos, reports, and email-ready proof packs.

Security GTMTeam

Pricing

Site platform fees plus per-cleared-action usage. Network and risk add-ons stay roadmap until pilots prove the rail.

Pilot Platform

$25K-$75Kannual minimum

For early customers putting clearance in front of real routes.

Verifier SDK + policy engine
Decision logs and dashboard
Audit exports and revocation
Design-partner launch support

Enterprise Platform

$100K-$300Kannual minimum

For security teams standardizing agent access governance.

Multi-site route portfolios
Policy approvals and RBAC
SIEM and evidence exports
Enterprise rollout support

Cleared Action Usage

Usageper decision

For pricing traffic by route risk and action class.

Low-risk reads: fractions of a cent
Auth-gated writes: $0.005-$0.05
High-risk writes: $0.05-$0.25
HTTP 402 priced-access support

Network & Risk

Roadmap

For reputation, dispute, retention, and settlement add-ons.

Premium audit retention
Agent reputation intelligence
Dispute resolution workflows
Optional settlement take-rate

Put a clearance gate in front of agent traffic

Decide which agents get through your site, per request, with revocation, pricing, evidence, and dashboard visibility built in.