AI agents act on their own, but they still need a person's permission and a clear paper trail. The HASP Agent SDK gives every agent its own identity, the exact permissions a person granted it, and a tamper-evident log of every action it took. Works with your existing agent framework — or with the open Agent-to-Agent (A2A) protocol.
Agents get first-class identities — not API keys masquerading as users. Each agent has a scoped delegation token, an audit-chain identity, and a max-delegation-chain depth enforced at the platform layer. Who authorized what, on behalf of whom, is in every audit entry.
Every tool invocation by an agent passes a pre-action authorization check before execution. The gate evaluates the agent's delegated scope, the tool's policy classification, and org-level policy overrides. Blocked invocations are logged; approved invocations are metered as Agent Actions.
HASP exposes a standards-aligned Agent-to-Agent protocol endpoint. External agents — MCP clients, LangChain orchestrators, custom automation — can discover HASP's tool surface, request delegated authorization, and invoke tools through the policy gate without custom integration code.
Agent delegation uses OAuth 2.1 with Rich Authorization Requests. Scopes are bounded to what the human or app authorized — an agent can never escalate beyond the rights it was delegated. Token issuance and revocation are audit-chain events.
Every authorized tool invocation is one Agent Action: policy gate evaluation, audit chain entry, delegation tracking, and integrity-chain compute. See the pricing page for current included allotments and overage rates per tier.
Agentic workflows built in Studio use the same agent identity layer under the hood. Long-running, queued, multi-agent supervised workflows are available on Professional+ via the workflow runtime. Solo tier supports synchronous agent invocations within a single request.
The Agent-to-Agent (A2A) protocol is an open standard for how outside agents talk to HASP. It works the same way as Assistant chat does for a person: the agent proves who it is, what it's allowed to do, runs through the same PHI and permission checks, and leaves the same tamper-evident audit record. Same rules, different caller.
Discovery
Agents find available tools through a standard interface. No custom integration work per vendor.
Delegated authorization
A person (or app) grants exactly what an agent may do — and nothing more. Built on OAuth 2.1.
Invocation
Every action passes the same permission and PHI checks before reaching sensitive systems.
Accounting
Every action gets logged with a tamper-evident signature, tied back to the person who authorized it.
Buyers now ask how AI agents fit into your security model. A clear answer — agents have their own identity, their own permissions, their own audit trail — turns a hard procurement question into a short one. Reviewers can see that a person and an agent leave the same kind of record, and that revoking access works the same way for both.
Assistant, Studio, Public API, Agent SDK, and Audit & Trust are different ways to use the same platform. Pick any page to see how permissions, PHI handling, and audit logging work for that way of calling in.
A HIPAA-ready chat interface and document analysis tool for your whole team. Ask questions, get summaries, upload files — all with PHI scanning built in and every action on your audit trail.
View Chat & documents →Describe the internal tool you need and watch it build live. No developers required — AI Studio generates a working app inside HASP, audited from the first keystroke.
View AI Studio →Add HIPAA-compliant AI to your own software. Drop in your existing AI SDK code, get PHI controls and a full audit trail enforced at the gateway — your integration stays clean.
View API →A tamper-evident record of every action across every surface — signed, chained, and independently verifiable. The thing procurement teams stop scrolling for.
View Audit & Trust →Next steps
Start free, give an agent its own identity, run a test action, and download the audit record. Drop it into your next security review.