Decide and act on every action.
Most agent tools watch and log. HiveKey decides and acts — allow, block, or approve — on every tool and MCP call, in the path, before anything happens. These are the capabilities that put your policy to work.
One decision, in the path, on every call.
Every capability below is the same four beats — only the rule in the middle changes. The agent attempts an action, HiveKey evaluates it against your policy, enforces a verdict before anything reaches the tool, and writes it to one trail.
Intercept
Catch the action in the path — nothing reaches the tool yet.
Evaluate
Check scope, ceilings, and signals against your policy.
Enforce
Allow, block, or route to a human — per action, per role.
Log
Write the verdict to one trail, attributable to the owner.
Allow
The call is in scope and under every limit. It runs — and is logged.
Block
It breaks a rule — out of scope, over a cap, or wrong order. It never reaches the tool.
Approve
Risky but legitimate. It's held for a human to release before anything happens.
Core enforcement
The verdict on every call — allow, block, or approve — plus the scope and ceilings that decide it.
4 capabilitiesReal-time allow / block / approve
Every tool and MCP call gets a verdict before it runs.
on action → evaluate(scope, guard) → allow | block | approve Least-privilege scoping
An agent gets exactly the tools its job needs — and not one more.
role: support-agent → scope [mail.send, crm.read] Spend caps & budget ceilings
A hard ceiling on what an agent can spend, per agent and per day.
payments_pay → sum(24h) + amount ≤ $100/day Rate limits
Bound how fast and how often an agent can act.
tool.calls ≤ 20 / hour / agent Workflow control
Put a human in the loop where it matters: approvals, dual-control, and the right order of operations.
2 capabilitiesContainment
When something looks wrong, shrink or cut an agent's reach in a single move — no redeploy.
2 capabilitiesKill switch & circuit breaker
Cut an agent off in one click — or let it trip automatically on a breach.
breach detected → revoke(agent) + quarantine Quarantine & step-down
Step a breaching agent down to read-only instead of killing it outright.
trigger → role = read-only + flag(review) Data protection
Keep sensitive data from walking out through an agent's tools and integrations.
1 capabilityOperations
Tune and prove a policy against real traffic before you turn enforcement on.
1 capabilityDetection signals
Feed detectors into the decision — anomalies and injection raise the bar; deterministic rules still decide.
2 capabilitiesBehavioral anomaly detection
Turn an agent's drift from normal into a guard decision you can act on.
risk_signal(high) → require approval Prompt-injection & jailbreak detection
Enforce on a trusted injection verdict, right at the tool boundary.
untrusted_context AND sensitive_call → deny | escalate Every capability rides Scope, Guard, and Log.
Enforcement isn't a separate product — it's what the spine does on each call. Scope sets what an agent could do, Guard decides this action in the path, Log makes it provable.
Put every agent under one policy — and enforce it.
See HiveKey decide, enforce, and log every action your agents take, in the path.