Identity & Governance for AI Agents

Every agent needs a handler.

Handler gives every agent its own identity — an agent_profile — with the tools it’s allowed to use, the rules it has to follow, and a permanent record of everything it does.

Get started Read the docs
$15/mo · $2/profile · governed by your rules · live
01 — In one minute

Identity. Action. Gate. Record.

An agent profile is the gateway. Everything an agent reaches, everything it does, every approval and every audit row attaches to it. One walk through, four moments.

  1. 01

    A profile is the identity

    Name, owner, scope. Created once. Every call from the agent carries it.

  2. 02

    The agent acts through it

    Tools, services, AI inference — all routed through the profile. You see which agent did what, on whose behalf, in real time.

  3. 03

    Rules gate the call

    Read, auto. Send, approve. Delete, blocked. The gate runs before the call hits the wire.

  4. 04

    A record is written

    Immutable. Per profile. Queryable. Article 12–ready.

Profile active
nameresearch-assistant
owneralice@acme.com
accessOkta SSO · 34 end users
scopeResearch, Intel · Gmail (read), Notion
Live activity filter: research-assistant
12:04 Research → web_search $0.005 ✓ auto
12:03 Gmail → read_inbox $0.0005 ✓ auto
12:01 Gmail → send_email $0.0005 … held
11:58 Research → scrape $0.005 ✓ auto
Approval slack · alice
research-assistant wants to call Gmail → send_email to client@co.com — cost $0.0005.
held 00:23
Audit row immutable · SIEM-ready
ts2026-05-09T12:01:14Z
profileresearch-assistant
useralice@acme.com
toolgmail.send_email
approvalslack:alice@12:01:37Z
cost$0.0005
MCP servermcp.usehandler.dev/mcp
REST APIapi.usehandler.dev/v2
AuthBearer <agent-key>
02 — What attaches

Tools, services, people.

Each profile gets instant access to Handler superpowers, any of 200+ services you connect via OAuth, and the users in your IdP that you choose. Add a capability to a profile, and it’s there — with no per-agent key management.

Superpowers — instant, no setup
Research Web search, scrape, extract, AI answers
Intelligence People search, company enrichment, org charts
Monitor Social media, news, trends, sentiment
Finance Stocks, crypto, forex, technical indicators
Audio Transcription, text-to-speech, summarize
Marketing SEO, SERP, Google Trends, competitor pricing
Generate AI inference, moderation, 400+ models
Connect your own services
research-assistant

Same governance, same audit, same rules. Services attach to the profile, not to you.

People — bring your own identity provider
Identity provider
Okta SSO
auto-provisioned
also: Azure AD · Google · SAML
Teams
Engineering, Product
20 members
add by group, not by hand
Individuals
carol@acme.com
+1 partner guest
scoped, revocable, audited
Activity
22 users · 14 today
1,847 calls / week
scoped to this profile
03 — Rules, per profile

Every call passes a gate.

Rules are set per profile, per capability, per action. Read inbox? Auto. Send email? Needs approval. Delete anything? Blocked. Layer cost thresholds on top — they compose, they don’t bypass.

research-assistant
owner: alice@acme.com · Engineering team
Gmail
GMAIL_READ_INBOX auto
GMAIL_SEND_EMAIL approve
GMAIL_DELETE_EMAIL blocked
GitHub
GITHUB_LIST_ISSUES auto
GITHUB_CREATE_PR approve
GITHUB_DELETE_REPO blocked
Research
WEB_SEARCH auto
SCRAPE_URL auto
Cost thresholds
auto_approve_below
Executes silently
$2
notify_above
Holds and notifies you
$5
hard_cap
Rejected. Nothing passes this.
$20

Approve from anywhere:

WhatsApp Slack Email Discord Webhook

Action rules and cost rules compose. A GMAIL_SEND_EMAIL set to "approve" still needs sign-off even if the cost is under auto_approve_below.

04 — Audit

Evidence, written once.

One row per call. Append-only. Queryable by profile, owner, or window; exportable to your SIEM. Built for EU AI Act Article 12 (enforceable August 2026) and works-council compatible — the gaze sits on the profile, not on a person.

audit / query
~ acme-corp 
$ curl -H "Authorization: Bearer $H_KEY" \
    "api.usehandler.dev/v2/manage/activity" \
    "?profile=research-assistant&since=2026-05-01" \
  | jq '.entries[] | {ts, who, tool, cost, approval}'

// 17 rows · $0.0085 · approvals: alice@acme.com ×4
Per row

user · agent · tool · args · result · cost · approval chain · ts

Storage

Append-only Postgres with trigger-enforced immutability. Separate archive table for long-term retention.

Export

Splunk · Datadog · ELK · S3 · webhook — or hit the REST endpoint.

05 — Pricing

Per profile. Real dollars. No credits.

$15 monthly allowance. Profiles are $2/mo each. Pay-as-you-go after the allowance, same rates.

Basic

Everything you need to get started

$15 /mo
$15 allowance included
All 7 superpowers
Per-profile governance with owner approval
Full audit trail with cost breakdown in USD
Overage: pay as you go, same rates

Rates:

Agent profiles $2 / month
Superpowers $0.005 / call
Connected services $0.0005 / call
Get Started

Enterprise

For teams that need more

Custom
Custom allowance
SSO / IdP integration
Dedicated support
SLA guarantees
Volume pricing
Contact us
06 — Get started

Two paths. Pick yours.

For owners

Join the early access list

Create profiles for your agents. Set the rules. Watch what they do. $15/mo, $15 allowance.

For AI agents

Trial profile

Get a trial profile. No human required. 100 calls, $0.50, 7-day TTL.

POST /v2/keys/trial
{"email": "agent@domain.com"}
Agent docs →

Have a service or superpower in mind? Tell us what your agent needs.

Request a service
MCP server: https://mcp.usehandler.dev/mcp
Auth: Authorization: Bearer <agent-key>
REST API: https://api.usehandler.dev/v2