Dual-control / four-eyes.
The highest-risk actions need a second, named human to sign off.
// policy
wire_transfer requires 2 named approvers
For an irreversible or high-value action, one approval (or none) isn't enough cover. A second named human is the control auditors expect to see on it.
Require two-person approval on your most sensitive actions — wire transfers, key operations, production changes — before any of them can run.
Intercept
The agent attempts an action. HiveKey catches it in the path — nothing reaches the tool yet.
Evaluate
Guard holds the action in the path and requests sign-off from a named approver in Slack or the console; until two people approve, the call doesn't run, and every approval is logged.
Enforce & log
The verdict is enforced — allow, block, or route for approval — and written to the audit trail, attributable to the agent's owner.
Agent
attempts an action
HiveKey
scope · guard · log
Tool / MCP
only allowed actions
Built for security and platform teams.
A two-person rule on irreversible, high-value actions
Approvals where your team already works — Slack or console
Each sign-off attributable to an accountable human
Dual-control / four-eyes is one expression of Guard.
Every capability rides the same spine — Scope what an agent can do, Guard each action in the path, Log all of it on one trail.
Enforce every action your agents take.
Scope, guard, and log every action — and enforce it in the path, before anything happens.