Yebo Concepts
Yebo is an authorization control layer for AI agents and automated systems. Before any action executes, Yebo evaluates your policy and returns one of three decisions: ALLOW, REQUIRE_APPROVAL, or DENY. Nothing executes without passing through this control point.
Execution flow:
Agent requests action
→ Yebo evaluates Policy
→ ALLOW / REQUIRE_APPROVAL / DENY
→ (if REQUIRE_APPROVAL) human authorizes
→ action executes
→ Authorization Receipt generated
Mandate
A Mandate is the representation of an action being requested. Yebo evaluates your Policy against the Mandate and returns a decision before execution occurs.
Common Mandate types: payment, transfer, contract_update, data_access
import { protectPayment } from "yebo-protect";
const result = await protectPayment({
type: "payment",
amount: 200,
vendor: "Acme Corp",
currency: "USD",
});
// result.decision → "ALLOW" | "REQUIRE_APPROVAL" | "DENY"
// result.mandate_id → "mnd_7c9c0a4d..."
// result.reason → "Amount $200 is below auto_approve threshold of $500"
// result.policy_rule → "auto_approve_below"
Policy
A Policy is the file that defines your authorization rules. Yebo evaluates every action against your Policy before execution.
{
"auto_approve_below": 500,
"deny_above": 10000,
"currency": "USD",
"version": "v1"
}
| Amount | Decision |
|--------|----------|
| Under $500 | ALLOW — executes immediately |
| $500 to $10,000 | REQUIRE_APPROVAL — blocked until human authorizes |
| Over $10,000 | DENY — blocked before execution |
See Policy → for full reference.
Preview
preview() simulates what Yebo would decide — without creating a Mandate or calling any execution adapter. Use it to show users what will happen before they confirm.
import { preview } from "yebo-protect";
const decision = preview({
type: "payment",
amount: 5000,
vendor: "Big Vendor",
currency: "USD",
});
// decision.decision → "REQUIRE_APPROVAL"
// decision.reason → "Amount $5,000 requires human authorization"
// decision.without_yebo → "Payment would execute immediately — no control"
// decision.fix → "Lower amount below $500, or increase auto_approve_below"
preview() is synchronous. It reads your policy file and returns the decision with no side effects.
REQUIRE_APPROVAL
When a Mandate falls between your auto_approve_below and deny_above thresholds, Yebo returns REQUIRE_APPROVAL. Execution is blocked until a human explicitly authorizes the action.
const result = await protectPayment({ type: "payment", amount: 5000, vendor: "Big Vendor", currency: "USD" });
if (result.decision === "REQUIRE_APPROVAL") {
console.log(`Pending ID: ${result.pending_id}`);
console.log(`Authorize: yebo approve ${result.pending_id}`);
console.log(`Then execute: yebo exec ${result.pending_id}`);
}
The action is not sent to any execution adapter until yebo exec <id> runs. See Approval Flow →.
Authorization Receipt
Every authorized action produces a structured receipt containing the decision, the policy rule that triggered, and the execution result.
const result = await protectPayment({ type: "payment", amount: 200, vendor: "Acme Corp", currency: "USD" });
// result.decision → "ALLOW"
// result.reason → "Amount $200 is below auto_approve threshold"
// result.policy_rule → "auto_approve_below"
// result.mandate_id → "mnd_7c9c0a4d..."
// result.execution → { stripe_payment_intent_id: "pi_...", status: "succeeded", executed_at: "..." }
The receipt is your audit trail. Every action is traceable — decision, rule, and execution result in one object.
DENY
When a Mandate exceeds your deny_above threshold, Yebo returns DENY. The action is blocked before execution. No execution adapter is ever called.
const result = await protectPayment({ type: "payment", amount: 50000, vendor: "Unknown LLC", currency: "USD" });
if (result.decision === "DENY") {
console.log(`BLOCKED: ${result.reason}`);
// BLOCKED: Amount $50,000 exceeds Policy deny_above threshold of $10,000
// Stripe was never called
}
Capability Adapters
Yebo's execution adapters extend authorization control beyond payments to any consequential action:
- Email sends —
executeEmail() - File writes —
executeFileWrite() - Database mutations —
executeDatabaseWrite() - Deployments —
executeDeploy() - Contract signing —
executeContractSign() - Calendar invites —
executeCalendarInvite() - Outbound API calls —
executeApiCall() - PII data access —
executeDataAccess()
All adapters follow the same pattern: protectPayment() → ALLOW → execute. See Adapters →.
Framework Integrations
Yebo integrates directly into LangChain, OpenAI Agents, Anthropic, Google ADK, CrewAI, and AutoGen. One wrapper and every tool call is gated by your policy. See Integrations →.
What's next
| I want to… | Go here | |---|---| | Run the first authorization flow | Quickstart → | | Understand Yebo in plain English | What is Yebo? → | | See the full approval loop | Approval Flow → | | Configure my policy | Policy → | | Copy a single operation | One-Liners → | | See every SDK method | SDK Reference → |
Get Started
npx create-yebo # sandbox demo — no account needed