Now in public beta

The identity platform
for the agentic era

Secure authentication for humans and AI agents. Biscuit-based credential delegation, Token Vault, fine-grained authorization — self-hosted, open protocol.

Get Started View Documentation

mcp-server.ts

// Protect any MCP tool in 3 lines
import { BulwarkMCP } from "@bulwark/mcp-auth";

const bulwark = new BulwarkMCP();
server.tool("query", bulwark.protect(handler));

Everything agents need. Nothing they don't.

Built ground-up for agentic workloads, with human auth as a natural extension.

Agent Identity

AI agents as first-class principals with trust levels, capabilities, and scoped credentials.

Biscuit Delegation

Cryptographic delegation chains. Agents create narrower tokens for sub-agents — no server call needed.

Token Vault

Managed OAuth tokens for 30+ APIs. Automatic refresh. Agents never see the raw credentials.

Human-in-the-Loop

CIBA async authorization. Agents request approval, humans decide — with full audit trail.

Fine-Grained Authorization

Document-level access control for RAG. Only retrieve what the user is allowed to see.

Self-Hosted

You own the entire trust chain. No vendor lock-in. No per-MAU pricing surprises.

Secure your AI agents in minutes

Start a scoped session for any agent task. Access APIs through the credential proxy — Bulwark handles token refresh, audit logging, and rate limits automatically.

Need to hand off to a sub-agent? Delegate a narrower token with fewer permissions and a shorter TTL — cryptographically enforced, no server round-trip required.

Biscuit tokens with offline verification

Automatic token refresh via credential proxy

Full audit trail on every access

agent-task.ts

1  // Create a scoped session for an agent task
2  const session = await bulwark.startSession({
3    task: "Analyze Q1 sales data",
4    ttl: "15m",
5    maxUses: 100,
6  });

7  // Access APIs through the credential proxy
8  const data = await session.fetch("sales_db", {
9    path: "/",
10   operations: ["read"],
11 });

12 // Delegate narrower access to a sub-agent
13 const subToken = session.delegate({
14   permissions: ["read"],
15   services: ["sales_db"],
16   ttl: "5m",
17   maxUses: 10,
18 });

Built different

The only identity platform designed for AI agents from day one.

Feature	Bulwark	Auth0	Clerk	Keycloak
Agent Identity
Delegation Chains
Offline Verification
Self-Hosted
Open Protocol
Token Vault
Per-MAU Pricing

Ready to secure the agentic era?

Self-hosted. Open protocol. No per-MAU pricing. Deploy in minutes.

Get Started View on GitHub →

The identity platformfor the agentic era