AI agents should ask
before they act. Now they can.

Consent Graph as Code — define what your agent can do autonomously, what requires approval, and what is permanently off-limits. In a single JSON file.

$ pip install consentgraph

AI agents break trust not because they're malicious — but because the authorization boundary was never made explicit. ConsentGraph gives you a deterministic, auditable policy layer that travels with your deployment.

Four tiers. No ambiguity.

SILENT
Execute and log. High-trust actions the agent handles autonomously. No notification, full audit trail.
VISIBLE
Execute and notify. Agent acts, then tells the operator what it did and why. Undoable.
FORCED
Ask first. Low-confidence or sensitive actions require explicit operator approval before execution.
BLOCKED
Never execute. Absolute prohibition. Attempt is logged and operator is alerted.

Three lines to integrate

from consentgraph import check_consent

tier = check_consent("email", "send", confidence=0.9)
# → "SILENT" | "VISIBLE" | "FORCED" | "BLOCKED"

Define policy in JSON

{
  "domains": {
    "email": {
      "autonomous": ["read", "archive_promo"],
      "requires_approval": ["send", "reply"],
      "blocked": ["delete_all", "forward_external"]
    },
    "filesystem": {
      "autonomous": ["read", "create_temp"],
      "requires_approval": ["write", "rename"],
      "blocked": ["delete", "chmod"]
    }
  }
}

MCP-native MCP

# Any MCP-compatible agent can query your policy directly
consentgraph mcp

# Tool exposed: check_consent(domain, action, confidence) → tier
GitHub PyPI llms.txt Schema