Build on Verified Intent.
Control execution before it happens. Every action is evaluated, authorized, and verified before it runs.
const receipt = await yebo.authorize({ ... })
A few lines to gate any AI agent action. Full SDK reference available under sandbox access.
Request Sandbox Access โNative SDKs
Built for the modern stack with type-safety first.
The 7-Stage Authorization Pipeline
Every authorization request passes through all 7 stages. No shortcuts, no bypasses.
What the API does
A small number of capabilities cover every integration: submit actions, preview decisions, approve pending requests, and retrieve verifiable records. Full endpoint reference, payload shapes, and authentication details are available under sandbox access.
Request Sandbox Access โSend an action through the pipeline. Yebo returns a sealed mandate and a decision.
Check whether an action would be allowed without triggering execution.
Confirm an authorization is still valid: policy compliance, expiry, replay protection.
The user reviews the exact action and authorizes it via secure biometric verification.
Pull the verifiable authorization record: what was requested, who approved it, what policy applied.
Package a complete authorization record for auditors, compliance teams, or external verification.
The Mandate
Every action is converted into a mandate - the core authorization primitive. A mandate defines the action, the scope, and the governing policy. Mandates are immutable once created, time-limited, and single-use. Any change requires a new mandate.
Sealed on creation
Short expiry window
Cannot be replayed
Decision Model
Yebo returns one of three outcomes for every action:
Action executes immediately.
Action pauses until approved.
Action is blocked and never executes.
Verification
Before execution, Yebo verifies that the action matches the approved mandate, the authorization is valid, the request has not expired, and the request has not been replayed. If any check fails, execution is blocked and a clear reason is returned.
Yebo MCP Server
Add Yebo authorization to Claude Desktop, Cursor, or any MCP-compatible AI tool in one line.
The MCP server installs with a single config block in Claude Desktop or Cursor and exposes a focused set of authorization tools: preflight a decision, request approval, verify, and pull a receipt. Config snippets, package name, tool surface, and API-key format are available to approved partners under sandbox access.
Request Sandbox Access โIdentity setup
One interactive command creates your Yebo identity, generates your config, and binds your device key. Works on Mac, Windows, and Linux.
The CLI walks you through naming your identity, picking a handle, and binding your device key via the Yebo iOS app. The exact command, generated identifiers, config paths, and gateway endpoints are available to approved partners under sandbox access.
Request Sandbox Access โYebo does not replace your systems.
It controls what they are allowed to execute.
If an action cannot be verified, it does not run.
Request Sandbox Access