LIVE DEMO

An agent asks for Stripe access. You approve. It works.

Watch the full loop: Butler proposes a scoped policy, you approve in Slack, the gateway grants it, the agent retries — every step audited.

SCENARIO

Read-only Stripe API for a billing-reconciliation agent

Project project-billing has a new agent that reconciles Stripe charges against an internal ledger. It needs stripe:charges:read for 24h. Right now it has zero Stripe permissions — deny by default.

The baseline policy

Every project gets a YAML policy file. Deny by default — only listed grants are enforced. Stripe is not on the list.

policies/project-billing.yml

# project-billing — RBAC policy
# Deny by default. Only listed grants are allowed.

project: project-billing
agents:
  - billing-reconciler-1
  - invoice-generator

grants:
  - service: aws
    actions: [s3:GetObject, s3:PutObject]
    resources: ["arn:aws:s3:::ledger-internal/*"]

  - service: git
    actions: [read, push]
    resources: ["reidataai/billing-ledger"]
    branches: ["feature/*"]

  - service: tools
    actions: [Read, Edit, Bash]
    deny: ["rm -rf", "git push --force"]

# ← no stripe grants. Any stripe:* call returns 403.

Agent gets denied

The agent calls the Stripe API. The gateway intercepts and denies — and it logs the denial.

audit-log.jsonl

{
  "ts": "2026-05-01T17:42:11Z",
  "agent": "billing-reconciler-1",
  "project": "project-billing",
  "action": "stripe:charges:read",
  "resource": "stripe.com/v1/charges",
  "decision": "DENY",
  "reason": "no policy grants stripe:* for project-billing",
  "http_status": 403
}

Agent asks Butler for access

Following the access-request protocol, the agent files a tight, scoped request through Butler.

billing-reconciler-1 AGENT

4:42 PM in #ops-butler

@butler I'm blocked — need read-only Stripe charges for ledger reconciliation.

REQUEST

service: stripe

action: stripe:charges:read

resource: stripe.com/v1/charges

duration: 24h

reason: reconcile 1,400 charges/day against internal ledger; no writes

Butler proposes a scoped policy diff

Butler doesn't grant — it proposes. The diff goes to a human for approval.

Butler BOT

4:42 PM

Proposed policy patch for project-billing. Approval required.

--- a/policies/project-billing.yml
+++ b/policies/project-billing.yml
 grants:
 - service: aws
 actions: [s3:GetObject, s3:PutObject]
+     - service: stripe
+       actions: [stripe:charges:read]
+       resources: ["stripe.com/v1/charges"]
+       expires: "2026-05-02T17:42:11Z"  # 24h
+       requested_by: billing-reconciler-1

You approve in Slack (or Telegram)

One tap. Risky operations gate on a real human — no agent bypass, no automation override.

APPROVAL REQUIRED · 24H GRANT

billing-reconciler-1 requests stripe:charges:read

scope: stripe.com/v1/charges · expires in 24h · read-only

@jordan approved · 4:43 PM

Gateway applies the grant. A2A pings the agent. It retries.

No restart, no manual nudge — the gateway notifies the waiting agent over A2A and the original call goes through.

a2a-messages.log

[4:43:02] butler → gateway: apply_grant("req_5c94d8", approved_by="jordan")
[4:43:02] gateway: policy reloaded for project-billing (1 grant added)
[4:43:03] gateway → billing-reconciler-1: grant_ready(stripe:charges:read, ttl=24h)
[4:43:04] billing-reconciler-1: retrying stripe.com/v1/charges …

audit-log.jsonl

{"ts": "2026-05-01T17:43:04Z", "agent": "billing-reconciler-1",
 "action": "stripe:charges:read", "decision": "ALLOW",
 "grant_id": "req_5c94d8", "http_status": 200,
 "approved_by": "jordan", "expires": "2026-05-02T17:42:11Z"}

WHAT JUST HAPPENED

Audit Trail

Every step — denial, request, proposal, approval, grant, retry — is one immutable JSONL line. Replay any agent's session.

Human-in-the-Loop

No agent self-grants. Butler proposes; humans approve. Slack, Telegram, or dashboard — same one-tap UX.

Multi-Agent Orchestration

Butler, gateway, and the requesting agent coordinate over A2A. Live session tracking shows it all in real time.

Run this in your stack →

Free trial · No credit card · 5 minutes to first agent