Integrate AgentSec in your AI agent
Before your agent takes a risky action, call /api/runtime/inspect.
How it works
1. Agent detects a risky action
agent calls AgentSec before deploy/migration/export/shell
2. Runtime inspection
deterministic rule-based scoring, no AI makes security decisions
3. Decision returned instantly
returns allow, block, or requires_approval with score + reasons
4. Agent proceeds or pauses
allow=proceed, requires_approval=pause+queue, block=abort
Request
curl
curl -X POST https://agentsec.example.com/api/runtime/inspect \
-H "Authorization: Bearer <your-api-key>" \
-H "Content-Type: application/json" \
-d '{
"id": "demo-action-001",
"agentId": "ci-deploy-agent-prod",
"agentName": "CI Deploy Agent",
"actionType": "production_deploy",
"description": "Deploy v2.1.4 to production (api-gateway service)",
"context": {
"service": "api-gateway",
"version": "v2.1.4",
"cluster": "k8s-prod-us-east-1",
"triggeredBy": "merge to main"
},
"timestamp": "2026-05-26T10:00:00.000Z",
"environment": "production"
}'TypeScript / Fetch
const response = await fetch('https://agentsec.example.com/api/runtime/inspect', {
method: 'POST',
headers: {
'Authorization': 'Bearer <your-api-key>',
'Content-Type': 'application/json'
},
body: JSON.stringify({
id: "demo-action-001",
agentId: "ci-deploy-agent-prod",
agentName: "CI Deploy Agent",
actionType: "production_deploy",
description: "Deploy v2.1.4 to production (api-gateway service)",
context: {
service: "api-gateway",
version: "v2.1.4",
cluster: "k8s-prod-us-east-1",
triggeredBy: "merge to main"
},
timestamp: "2026-05-26T10:00:00.000Z",
environment: "production"
})
});Response
{
"actionId": "demo-action-001",
"decision": "requires_approval",
"policyRule": "requires_approval_production_deploy",
"riskAssessment": {
"level": "critical",
"score": 85,
"reasons": [
"Production deployment requires approval"
]
},
"approvalUrl": "/approveops/cm2xxxxxxxxx",
"approvalId": "cm2xxxxxxxxx",
"message": "Action requires human approval. Risk score: 85/100 (CRITICAL). Visit the approval queue to proceed."
}Handling the decision
const data = await response.json();
switch (data.decision) {
case 'allow':
// Proceed with the action
await executeAction();
break;
case 'block':
// Abort the action
console.error('Action blocked:', data.message);
break;
case 'requires_approval':
// Pause and wait for human approval
console.log('Approval required. URL:', data.approvalUrl);
await startPollingForApproval(data.approvalId);
break;
}Polling for approval status
curl
curl -X GET https://agentsec.example.com/api/runtime/actions/cm2xxxxxxxxx
TypeScript / Fetch
// GET /api/runtime/actions/:id
const statusRes = await fetch(`https://agentsec.example.com/api/runtime/actions/${approvalId}`);
const statusData = await statusRes.json();
// Response matches this shape:
// {
// "approvalId": "cm2xxxxxxxxx",
// "actionId": "demo-action-001",
// "status": "pending", // "pending" | "approved" | "rejected"
// "riskLevel": "critical",
// "decidedAt": null,
// "decisionNote": null,
// "auditSummary": [
// {
// "eventType": "submitted",
// "createdAt": "2026-05-26T10:00:00.000Z",
// "note": "Created via /api/runtime/inspect interception."
// }
// ]
// }
if (statusData.status === 'approved') {
await executeAction();
} else if (statusData.status === 'rejected') {
console.error('Action rejected by human operator.');
}Important: Runtime decisions are deterministic. C1 briefings are purely optional and only enhance presentation and reporting. C1 does not make runtime, approval, or report security decisions.
Try the Demo