Signed Action Tokens: HMAC Proof Before Side Effects Run
Approval in console is not enough. Executors verify short-lived HMAC tokens scoped to actor, action, and audit ID before any real-world effect.
Approval in a dashboard is not proof an executor saw it. Signed action tokens are short-lived HMAC-SHA256 credentials binding actor, action, org, and audit ID — executors must verify before running side effects.
Why tokens matter
- Prevents “replay” of stale approvals
- Stops bypass paths that skip the runtime
- Gives microservices a cryptographic check, not honor system
Flow
- Agent calls verifyAction → APPROVED
- Runtime returns action_token (5 min TTL)
- Executor verifies token → executes → reports result
Guides: agentic AI risk · MCP security · runtime authorization · HITL approvals · coding agents · get started
More: all posts · AI trust layer · open Sanctum Console
