HARP The human control layer for AI agents
AI agents generate plans, modify files, run commands, and deploy code. HARP lets humans authorize every action from a mobile device — cryptographically bound, out-of-band, and enterprise-ready.
Popular:
The problem
AI coding agents are becoming autonomous — but approvals are still just UI buttons.
Approvals live inside IDEs, terminals and servers
Today’s control model: click “approve” in the same UI the agent controls. No cryptographic binding. No out-of-band verification.
No proof of human intent
There’s no way to prove that a human actually reviewed and approved what executed. Audits rely on timestamps, not signatures.
Enterprise risk grows
As agents run migrations, deploy infrastructure, and modify production code — enterprises need governance, not just guardrails.
How HARP works
Your AI agent asks. You approve from your phone. Execution only happens with your cryptographic signature.
Agent creates an artifact
The AI agent produces a plan, patch, command, or checkpoint describing what it wants to do.
Desktop encrypts & hashes
The desktop enforcer canonicalizes the artifact, computes its hash, and encrypts it end-to-end to your mobile device.
You review on your phone
Your mobile approver decrypts and displays the exact content for review — out-of-band from the IDE.
You sign your decision
Approve or deny. Your device signs the decision (Ed25519), bound to the artifact hash, scoped and time-limited.
Desktop enforces
The desktop verifies signature, hash match, expiry, and replay protection. Only then: execute. Otherwise: fail closed.
Why out-of-band matters
Authorization should happen on a device the agent cannot control.
Separate trust boundary
Your phone holds the signing keys. The AI agent never touches them. Even a compromised IDE can’t forge your approval.
Cryptographic binding
The approval is mathematically bound to the exact bytes the agent proposed. Substitution after approval is detectable.
Zero-knowledge relay
The gateway routes only ciphertext and metadata. It cannot read your code, inspect diffs, or forge approvals.
What agents do that needs authorization
Every autonomous action becomes a reviewable, signable artifact.
Plans & task bundles
Agent proposes a multi-step implementation plan. You review and approve the plan before any code is written.
Patches & diffs
Agent generates code changes. You see the exact diff, approve, and only then is the patch applied.
Terminal commands
Agent wants to run a shell command. You see the exact command, approve from your phone, and it executes.
Checkpoints
Commits, pushes, deployments, migrations — each becomes a signed checkpoint with your cryptographic approval.
Enterprise-ready from day one
Built for organizations where governance is not optional.
Audit trail
Every decision is verifiable offline: what was proposed, who approved, when, and what executed.
Policy enforcement
Define rules: require approval for high-risk operations, escalate for production deployments, enforce team-level governance.
Compliance-grade
Cryptographic signatures, replay protection, scoped time-limited decisions, and tamper-evident logging.