GHC requires explicit human approval for sensitive operations
executed by AI Agents, ensuring security and control.
import { createGHCVerification } from '@argos/hitl';
const verification = await createGHCVerification({
userId: 'user-123',
action: 'transfer_funds',
context: { amount: 5000, recipient: 'John Smith' },
expiresIn: 3600 // 1 hour
});
// Wait for user to click email link
const result = await verification.waitForResult();
Solve security risks that can occur when AI Agents perform sensitive operations.
Malicious attackers can hijack user sessions to send unauthorized requests to AI Agents. GHC prevents this through separate channel authentication.
AI Agents may misinterpret user intent or be manipulated by malicious prompts to perform unauthorized actions. GHC requires explicit approval.
Without audit logs for sensitive operations, tracking issues becomes difficult. GHC automatically records all approval requests and results.
GHC performs user verification in a simple 3-step process.
Before performing sensitive operations, Agent creates authentication request including action details and context.
User receives authentication link via email or push notification. Email includes operation details and approval button.
Authentication result is sent to Agent and requested operation is performed only upon approval. All steps are recorded in audit log.
GHC ensures secure, explicit user consent before any AI action takes place.
Every sensitive AI operation requires explicit human consent. No action proceeds without real user intent.
Directly embed GHC verification into your Agent logic. Call createGHCVerification() wherever sensitive action is triggered.
Consent flows are secured withr Passkey authentication. Only the verified user can approve or reject sensitive operations.
Every consent request expires automatically. If users don’t respond in time, the operation is blocked by design.
All consent requests and user responses are logged immutably. Track every action for compliance and debugging.
The @argos/hitl SDK is open source and freely available on GitHub and NPM. Get started without friction.
From solo builders to enterprise teams — choose your GHC integration path.
For individuals
No sign up
For small teams
Free
Custom at scale
Contact Us
Experience how ARGOS GHC works firsthand.
Common questions and answers about ARGOS GHC.
GHC is recommended for sensitive operations like fund transfers, personal information changes, important setting changes, and account deletion. Generally not needed for non-sensitive operations like data retrieval or simple information provision. Determine application scope according to your service's security policy.
Install ARGOS GHC SDK and connect to API endpoint as middleware. Supports major languages like Node.js, Python, Java, and integration possible in any environment via REST API. Refer to documentation for details.
While GHC introduces additional authentication step, proper design can provide users with sense of security. Apply only to sensitive operations, not all actions, and optimize authentication UI to minimize friction. Important to clearly explain why this step is necessary to users.
Yes, ARGOS GHC supports authentication through various channels besides email including SMS, push notifications, and messenger bots. Also integrates with advanced authentication methods like TOTP and WebAuthn. Choose based on user preference and security requirements.
Securely manage user approvals for AI Agent's sensitive operations.
Set up in 5 minutes and use immediately.
AI Agent attempts to transfer $50 from user account. GHC system creates authentication request.
User receives email with authentication link. Email includes operation details and approval button.
ARGOS GHC Authentication Request
AI Agent wants to perform following action:
Action: Fund Transfer
Amount: $50
Recipient: John Smith
Date: 2025-05-01 14:30
When user clicks approval button in email, they move to web page to verify operation details and give final approval.
Upon approval completion, AI Agent executes operation and notifies user of result. All steps are recorded in audit log.
