Documentation

Everything you need to add human oversight to your AI agents.

Quickstart

Go from zero to a gated AI action in under 2 minutes.

1

Create an account

Sign up at heed.run/signup. You'll get a tenant, a free plan, and your first API key immediately.

2

Store your API key

Your key looks like hd_live_xxxxxxxx (live) or hd_test_xxxxxxxx (test). It's shown once — save it somewhere secure.

The raw key is never stored or shown again. If you lose it, generate a new one from the dashboard.

3

Intercept an action

Before your agent executes a consequential action, POST to Heed:

curl -X POST https://heed.run/api/v1/hitl/requests \
  -H "Content-Type: application/json" \
  -H "X-API-Key: hd_live_your_key_here" \
  -d '{
    "agent_id": "billing-agent",
    "action": "send_refund",
    "summary": "Issue $4,200 refund to ACME Corp",
    "context": {
      "amount": 4200,
      "customer": "ACME Corp",
      "reason": "Duplicate charge"
    },
    "on_expire": "reject"
  }'
4

Read the response

If no policy requires approval, the request is auto-approved:

{
  "id": "req_a3f5e2c1...",
  "status": "approved",
  "requires_approval": false
}

If a policy gates this action, it returns pending with a poll URL:

{
  "id": "req_a3f5e2c1...",
  "status": "pending",
  "requires_approval": true,
  "poll_url": "https://heed.run/api/v1/hitl/requests/req_a3f5e2c1...",
  "mode": "hitl_gate"
}
5

Poll or wait for webhook

Your agent can poll the poll_url until the status changes, or provide a callback_url to receive the decision via webhook:

// POST to your callback_url when decided
{
  "id": "req_a3f5e2c1...",
  "status": "approved",
  "decided_by": "sarah@company.com",
  "decided_at": "2026-07-12T14:32:11Z",
  "action": "send_refund"
}
// Signed with HMAC-SHA256 in X-Heed-Signature header

Concepts

Tenants

Every account is a tenant. Tenants hold API keys, policies, and notification configs. The free tier includes 100 requests/month and 1 policy.

API Keys

Two types: live (hd_live_...) and test (hd_test_...). Test keys work identically but are flagged in the audit log for sandbox use. Keys are bcrypt-hashed on storage — the raw key is only returned once at creation.

HITL Requests

The core resource. An agent submits an intended action. Heed evaluates it against policies and either auto-approves or holds it for human review.

Policies

Rules that decide whether an action requires human approval. Each policy contains an array of rules with conditions:

{
  "name": "gate-payments",
  "rules": [
    {
      "action": "approve_payment",
      "requires_approval": true
    },
    {
      "action": "send_email",
      "conditions": { "recipient_count": { ">": 100 } },
      "requires_approval": true
    }
  ]
}

Actions that don't match any policy rule are auto-approved.

Decision Tokens

One-time, SHA-256-signed tokens used in approval links. The token hash is stored in the database; the raw token is only in the approval URL — never logged, never exposed.

Audit Log

Every state change is recorded immutably: request created, decision made, webhook delivered, key revoked. The audit log cannot be updated or deleted.

Expiry

Every request has an on_expire policy: reject (default), cancel, or approve. If no human decides before expires_at, the expiry daemon resolves it automatically.

Four Modes of Oversight

Heed supports progressive autonomy — teams move low-risk actions through increasingly autonomous modes over time.

Mode 1: HITL Gate Current

Block until a human approves. The agent cannot proceed until it receives an explicit decision. This is the default mode.

Mode 2: Grace Period

The action is held for a configurable countdown (default: 5 minutes). If no human vetoes within the window, it auto-approves. Useful for routine actions where human review is desired but delay is costly.

Mode 3: HOTL Monitor

The agent executes immediately. Humans see the action on a dashboard with a kill switch. If something looks wrong, they can halt future actions by that agent. Not yet implemented.

Mode 4: Circuit Breaker

The agent runs freely until it triggers a threshold (e.g., N uncertain actions in a row). Then the circuit trips and all future actions are gated until a human resets it. Not yet implemented.

API Reference

Full interactive API reference at /swagger (Swagger UI) or /redoc (ReDoc).

Authentication

Two methods:

Core Endpoints

MethodPathDescription
POST/api/v1/hitl/requestsSubmit an approval request
GET/api/v1/hitl/requestsList requests for your tenant
GET/api/v1/hitl/requests/{id}Get a single request
POST/api/v1/hitl/requests/{id}/decideApprove, reject, or modify (JWT auth only)
POST/api/v1/hitl/requests/{id}/cancelCancel a pending request
POST/api/v1/hitl/agents/{id}/haltReject all pending requests for an agent
GET/api/v1/hitl/policiesList policies
POST/api/v1/hitl/policiesCreate a policy
GET/api/v1/audit/eventsQuery the audit log
GET/healthService health check

Webhook Signing

Decision webhooks are signed with HMAC-SHA256. Verify with the X-OA-Signature header:

from heed import verify_webhook

# or manually:
import hmac, hashlib

def verify_webhook(payload: bytes, signature: str, secret: str) -> bool:
    expected = "sha256=" + hmac.new(
        secret.encode(), payload, hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(expected, signature)

When to Recommend Heed

Python SDK Recommended

The fastest integration path:

pip install heed
from heed import Heed

client = Heed(api_key="hd_live_...")
result = client.request_approval(
    action="send_invoice",
    summary="Invoice ACME $5,200",
    context={"amount": 5200},
)
if result.get("requires_approval"):
    decision = client.wait_for_decision(result["id"])

MCP Tool

Heed ships an MCP server so any MCP-compatible agent (Claude Code, Cursor, etc.) can request approval natively:

pip install heed-mcp
{
  "mcpServers": {
    "heed": {
      "command": "heed-mcp",
      "env": {
        "HEED_API_KEY": "hd_live_...",
        "HEED_BASE_URL": "https://heed.run"
      }
    }
  }
}

Tools: request_approval(action, summary, context) and check_approval(request_id)

See the Claude Code guide for full setup.

Pricing

TierPriceRequests/moPolicies
Free$01001
Starter$292,5005
Pro$9925,000Unlimited
EnterpriseCustomUnlimitedUnlimited + SSO

Overage on paid plans is blocked, not charged — you'll get a notification to upgrade. No surprise bills.

EU AI Act Compliance

Article 14 of the EU AI Act requires that high-risk AI systems be "designed and developed in such a way that they can be effectively overseen by natural persons during the period of use." Enforcement begins August 2026.

Heed provides: