Security
Security posture for governed agent execution.
ActLayer is designed to reduce scattered API keys and uncontrolled agent spending by centralizing keys, wallets, permissions, approvals, and receipts.
Current controls
Hashed agent keys
Raw API keys are shown once. ActLayer stores hashes and prefixes for lookup.
Wallet limits
Every paid action checks wallet balance, per-action limit, daily limit, and monthly limit.
Backend docs hidden
Public Swagger/OpenAPI routes are disabled in production.
Local service ports
Backend and frontend containers are bound to localhost behind nginx.
HTTP request filtering
The http_request capability blocks localhost, metadata, private, link-local, multicast, and reserved network targets.
Approval path
High-risk actions can require dashboard approval before execution.
Before public paid launch
ActLayer still needs Stripe production funding, Redis-backed rate limiting, provider endpoint validation, and formal privacy/terms review before broad public paid usage.