TrustLayer
Trust for AI & human actions
Demo Early Access
Action governance for SaaS • approvals • audit • Zanzibar-style auth

The trust layer for AI and human actions in SaaS.

Add approvals, separation-of-duties, and audit trails to any button or API call — without rebuilding your app.

The one-liner
ALLOW APPROVAL DENY 
import { TrustButton } from "@trustlayer/react";

<TrustButton
  resource="invoice:123"
  action="approve"
  policy="four_eyes_v1"
>
  Approve
</TrustButton>
Get Early Access See a working demo Book a call
✅ 4-eyes & N-eyes approvals ✅ AI confidence & risk gating ✅ Audit trails ✅ Zanzibar-style graph (SpiceDB-compatible)
Decision preview
What your UI gets back
low latency • deterministic
approve invoice:123
REQUIRES_APPROVAL
Reason: four-eyes policy • requester excluded • needs 2 distinct approvers
merge pr:884
ALLOW
Reason: reviewer role • not author • branch protection satisfied
rotate secret:prod/db
DENY
Reason: missing SRE role • outside time window
Works with your stack
Designed around Zanzibar-style relationship tuples and policy reasons.
React / Next.js
Node / Go / Rust
SpiceDB / OpenFGA
Postgres

Interactive demo (try in 30 seconds)

This walkthrough runs in-browser only. No backend calls are made on this page.

No backend required Use real API/SDK

Core flow at a glance

Compact by design
What it is

Action trust layer

Wrap critical actions once, then enforce approvals, SoD, and audit on every click or API call.

React SDK REST API Idempotent
How decisioning works

Three outcomes

Policy evaluates actor, resource, and context, then returns an enforceable UI decision.

ALLOW PENDING_APPROVAL DENY
Why teams use it

Ship fast, keep control

Keep product velocity while adding governance that scales across human and AI initiated actions.

  • Built for Zanzibar-style relationship graphs
  • SpiceDB-compatible policy semantics
  • Clear reason codes for UX and audit

Use cases

Finance workflows

Require independent review before payouts, refunds, and role changes.

AI action control

Gate AI write actions by confidence, tenant policy, and approver context.

Admin consoles

Prevent critical ops from shipping without visible human authorization.

Developer validation (real API + SDK)

Use these with your running backend to validate real behavior.

Get access
API check
curl -sS "$SERVICE_URL/v1/actions?resource=invoice:123&action=approve" \
  -H "x-api-key: {API_KEY}" \
  -H "Authorization: Bearer $TRUST_USER_TOKEN"
React one-liner
import { TrustButton } from "@trustlayer/react";

<TrustButton resource="invoice:123" action="approve">
  Approve
</TrustButton>
Get access Open simulated demo

FAQ

Do you store PII?

Initial setup stores only the user and action identifiers required for approvals.

How does 4-eyes work?

Multiple distinct approvers must approve before execution, and the requester is excluded.

What do reason codes mean?

Every decision includes a reason so UI and logs can explain why an action was allowed or blocked.

Pricing

Start small. Upgrade when governance becomes core.

Starter
$25/mo
For indie + early SaaS
  • • 4-eyes approvals
  • • React SDK
  • • Basic audit trail
  • • 1 environment
Join Early Access
Growth
$199/mo
For B2B SaaS teams
  • • Policy packs (SOC2-ish defaults)
  • • Multiple environments
  • • Webhooks + notifications
  • • Exportable audit logs
Get Growth Access
Enterprise
Custom
Regulated & high scale
  • • Dedicated region / VPC
  • • SSO / SCIM
  • • Fine-grained audit + retention
  • • SLA + support
Talk to us

Join early access

Get the SDK + managed Trust API when we open the beta.

Requests are stored in the TrustLayer leads database table.

Confirmation email is not automatic yet; alerts are sent only when SMTP/Slack is configured.