Introduction
Relynt is a multi-tenant authorization, approvals, and signed-receipts gateway for AI agent write actions. It sits between your agent and its target systems, ensuring every write action is evaluated against policy, optionally approved by a human, and recorded with a tamper-evident receipt.
How it works
Agent → Relynt Gateway → Policy Engine → Approval? → Connector → Receipt- Your agent calls the Relynt gateway before performing any write action
- The policy engine evaluates the request against your configured rules
- If the policy requires it, an approval request is sent to Slack for human review
- If allowed (or approved), the connector executes the action against the target system
- A signed receipt is recorded for every attempt — whether allowed, denied, or pending
Core concepts
| Concept | Description |
|---|---|
| Organization | Tenant boundary — all agents, policies, and receipts belong to one |
| Agent | Non-human actor registered under your organization |
| Policy | Versioned rules that evaluate each request (allow, deny, or require approval) |
| Connector | Configured HTTP endpoint that executes the actual write action |
| Receipt | Append-only, signed audit record of every gateway call |
| Approval | Human decision via Slack when policy requires one |
Architecture
Relynt has two planes:
Control plane (Dashboard)
- Manage organizations, memberships, and agents
- Rotate agent credentials
- Create and version policies
- Configure connectors
- View approvals and receipts
Runtime plane (Gateway)
- Authenticate agent credentials
- Evaluate policies
- Route to Slack for approvals when required
- Execute connector calls
- Record signed receipts
Next steps
- Quickstart — integrate your first agent in minutes
- Agents — understand agent registration and credentials
- Policies — configure allow, deny, and approval rules
- API Reference — full gateway endpoint documentation
Last updated on