Selah
personal agentsone agent · kept honest

One agent, acting alone, kept honest.

You run an agent of your own: an open-source one you host, a vendor's agent wired into your tools, a side project that now touches real accounts. Our platform puts a gate in front of it, so it asks before it acts, and you stay the one who decides.

Why a personal agent needs a gate

An unattended agent with your keys is the highest trust grant most people will ever make to software. It does not fail from malice; it fails from scale and confidence: one wrong assumption applied eight hundred times before you look.

illustrative example

your operations agent is limited to updating 200 records per run. One night it decides 1,800 need changing. The action check returns hold before anything moves, an alert lands in your panel and your inbox, and everything within the limit keeps running while you decide over coffee.

The lightest path in

Create a private tenant, register your agent with its limits, author the handful of AOPs that matter to you (spend ceilings, record scopes, what it may say if it talks to people), and wrap its actions in our middleware pattern: it proposes through one API call and acts only on a permit. Holds reach you as a panel alert and an email; our dashboard is your control surface, nothing to build.

Honest scope, today

What you integrate now is the middleware pattern and our API: a thin wrapper around the actions your agent takes. Deeper runtime-specific adapters are on our roadmap and are not available yet. If you want the agent to hold no credentials at all, register a connector with us and execute permits server side.

Shadow first, even for one agent

Run shadow for a few days. Read what our engine would have held or denied against your real runs, tighten the limits that were wrong, then enforce the hard ones and let judgment calls stay in shadow until you trust them.

Trust your agent the way you trust a good lock: structurally.