Build on Verified Intent.
Control execution before it happens. Every action is evaluated, authorized, and verified before it runs.
import { Yebo } from '@yebo/sdk';
const yebo = new Yebo({
apiKey: process.env.YEBO_API_KEY,
gateway: 'https://gateway.yebo.dev'
});
// 1. Submit an action for authorization
const mandate = await yebo.intent.execute({
capability: 'payment',
amount: '5000.00',
currency: 'USD',
counterparty: 'vendor_acct_123',
});
// Returns: mandate_id, decision, challenge_url
// 2. After human approves via biometric
const receipt = await yebo.receipt.get(mandate.mandate_id);
// Returns: verifiable authorization record
// 3. Verify the authorization independently
const verification = await yebo.receipt.verify(receipt.receipt_id);
// Returns: { valid: true }Native SDKs
Built for the modern stack with type-safety first.
The 7-Stage Authorization Pipeline
Every authorization request passes through all 7 stages. No shortcuts, no bypasses.
API Overview
Six core endpoints handle every integration. Submit actions, check decisions, approve requests, and retrieve verifiable records.
Request Sandbox AccessPOST /intent/executeSubmit an action for authorization. Yebo evaluates the request and returns a mandate with a decision.
POST /preflightCheck if an action would be allowed before submitting. Preview decisions without triggering execution.
POST /verifyVerify that an authorization is valid before execution. Checks policy compliance, expiration, and replay protection.
POST /challenge/:id/approveApprove a pending action. The user reviews the exact action and authorizes it via secure biometric verification.
GET /authorization-receipt/:idRetrieve a verifiable authorization record - what was requested, who approved it, what policy applied.
GET /authorization-receipt/:id/bundleExport a complete authorization record for auditors, compliance teams, or external verification.
The Mandate
Every action is converted into a mandate - the core authorization primitive. A mandate defines the action, the scope, and the governing policy. Mandates are immutable once created, time-limited, and single-use. Any change requires a new mandate.
Sealed on creation
Short expiry window
Cannot be replayed
Decision Model
Yebo returns one of three outcomes for every action:
Action executes immediately.
Action pauses until approved.
Action is blocked and never executes.
Verification
Before execution, Yebo verifies that the action matches the approved mandate, the authorization is valid, the request has not expired, and the request has not been replayed. If any check fails, execution is blocked and a clear reason is returned.
Yebo MCP Server
Add Yebo authorization to Claude Desktop, Cursor, or any MCP-compatible AI tool in one line.
Claude Desktop config
{
"mcpServers": {
"yebo": {
"command": "npx",
"args": ["-y", "@yebo-auth/mcp-server"],
"env": { "YEBO_API_KEY": "yk_live_..." }
}
}
}Cursor config (.cursor/mcp.json)
{
"mcpServers": {
"yebo": {
"command": "npx",
"args": ["-y", "@yebo-auth/mcp-server"],
"env": { "YEBO_API_KEY": "yk_live_..." }
}
}
}yebo_preflightCheck decision before execution.
yebo_authorizeRequest approval.
yebo_verifyConfirm authorization.
yebo_receiptRetrieve proof of authorization.
npx create-yebo
One command to create your Yebo identity and generate your config. Works on Mac, Windows, and Linux.
$ npx create-yebo
◆ Yebo Authorization Setup
◆ Your display name
│ Alex Johnson
◆ Your Yebo handle
│ @alex
◆ Yebo gateway URL
│ https://gateway.yebo.dev
◇ Creating your Yebo identity...
◆ Your Yebo Identity
│ identity_id: did:yebo:...
│ handle: @alex
│ config: ~/.config/yebo/config.json
◇ Done!After running npx create-yebo, install the Yebo iOS app and sign in with your handle to bind your device key. Your config is written to ~/.config/yebo/.
Yebo does not replace your systems.
It controls what they are allowed to execute.
If an action cannot be verified, it does not run.
Request Sandbox Access