Your AI agent is about to connect to tools, APIs, or internal systems.

For Agentic AI

Do not ship agents
without boundaries.

Agent Passports define what an agent can access, what it can do, when human approval is required, and when access expires — before the agent reaches production.

Tool boundaries declaredHuman approval gatesHard expiryInstant revocation

Agent Boundary Map

passport: active
A

Research Agent

Owner: J. Moreau · Expiry: 30 Sep 2026

Allowed tools

web_search
pdf_read
email_draft
crm_read

Blocked

email_send
crm_write
hr_system
external_api
Human approval: required before send
Trace logging: all tool calls

Agents are not chatbots. They act.

A chatbot answers questions. An agent calls tools, writes to systems, sends requests, and generates side effects — often without any human seeing the individual actions. That requires a different governance layer.

Real scenarios

Agents already in production — without governance.

CRITICAL

An AI agent drafting and sending emails autonomously — with CRM write access and no approval gate.

With Agent Passport

Agent Passport restricts to draft-only. Human approval required before any send. Egress policy: email drafts, no outbound.

CRITICAL

A coding agent with access to internal APIs, production credentials, and no audit trail.

With Agent Passport

Agent Passport defines allowed endpoints. Runtime trace logs every API call. Credential scope: read-only. Write access requires CISO approval.

HIGH

An MCP-enabled agent calling any tool it decides is relevant — with no declared tool list.

With Agent Passport

Allowed tools declared at issuance. Any call outside the list is logged as an anomaly and flagged in Tide Monitor.

HIGH

An HR agent processing employee data with an external model API — no DPA, no DPIA, no owner.

With Agent Passport

Agent Passport requires DPO sign-off before any employee data access. Data categories and model API listed. DPA status required.

The controls

Four things every agent needs before production.

Named owner

Accountable person who can approve, restrict, and revoke the agent's access instantly.

Tool boundary

Allowed tools declared at issuance. Any call outside the declared list is logged as an anomaly.

Runtime trace

Every tool call logged with timestamp, input context, and action taken. Not optional for production agents.

Hard expiry

Every Agent Passport has an expiry date. Tide Monitor sweeps hourly and alerts before lapse — no silent renewals.

Human approval gates

Some actions require a human before the agent can proceed.

Agent Passports define which actions require human in-the-loop approval. The agent pauses, a reviewer sees the proposed action, and approves or blocks it — logged with actor and timestamp.

Sending any external communication
Writing to CRM, HR, or financial systems
Accessing credentials or API keys
Any action on customer or employee data
Calls to external APIs not on the allowlist

Lifecycle

Issue. Approve. Monitor. Revoke.

01

Issue

Agent owner fills Passport: tools, data, scope, human gates, expiry.

02

Approve

CISO or DPO reviews in Compass. Approves, restricts, or blocks.

03

Monitor

Runtime trace logs every tool call. Tide sweeps for anomalies and expiry.

04

Revoke

One click revokes the Passport. Agent access stops immediately. Action logged.

The difference

Agents in production — with and without a Passport.

Without an Agent Passport

  • No named owner — unclear who is accountable
  • No declared tool boundary — agent calls anything available
  • No audit trail of what the agent did or decided
  • No expiry — agent runs indefinitely
  • CISO and DPO unaware of agent's data access
  • No revocation path — stopping the agent requires code changes

With an Agent Passport

  • Named owner with accountable revoke authority
  • Allowed tools declared — anomalies flagged automatically
  • Full runtime trace: tool, timestamp, context, action
  • Hard expiry with Tide Monitor alerting before lapse
  • CISO and DPO reviewed and signed off before production
  • One-click revocation — agent access stops immediately

Common questions

Agent governance — addressed.

Our agents are internal tools — not vendor products.

Internal agents carry the same risk as vendor AI tools — often more, because they have credentials, internal system access, and run without a buyer-vendor evidence request forcing accountability.

The agent is still in prototype — we will add governance later.

Agents in prototype that access internal systems, APIs, or data are already creating exposure. Agent Passports define boundaries before production — not as an afterthought.

We monitor our agents with LangSmith / observability tools.

Observability records what agents did. Agent Passports define what agents are authorised to do before they run — and enforce expiry and revocation when authorisation changes.

Get started

Issue your first Agent Passport
before the agent acts.

Define tools, data, systems, human approval gates, and expiry. Give every agent an owner, a boundary, and a signed receipt trail.

AffectLog provides technical and operational evidence to support AI access, supplier-risk, security, privacy, and governance review. Not legal advice, certification, or regulatory approval.