the enforcement layer for AI agents
Phinn sits between your agents and tools (HTTP + MCP), enforcing default-deny, requiring human approvals for risky actions, and generating tamper-evident audit receipts for every call.
Phinn sits between your agents and tools (HTTP + MCP), enforcing default-deny, requiring human approvals for risky actions, and generating tamper-evident audit receipts for every call.
Phinn issues short-lived, capability-scoped tokens per action. No token → no execution.
Slack approvals for deletes, wires, and other risky actions. Policies define approvers. Every decision is recorded with identity.
Hash-chained, signed receipts for every action. Verify offline with phinnctl verify.
Structured events stream to Splunk or Datadog using OTel semantics for full agent visibility.
Same gateway, multiple topologies.
Run the gateway beside each agent workload. Route HTTP/MCP calls with minimal config changes.
Operate Phinn as a central ingress so agent traffic routes through one enforcement point.
Drop it on a VM for non-Kubernetes environments. Same enforcement, simpler stack.