Arc by GEOstack

Auth for AI agents.

Arc lets apps safely allow AI agents like Claude, ChatGPT, OpenClaw, Cursor, and custom agents to act on behalf of users without giving them full access.

Start building See demo

Claude

ChatGPT OpenClaw

Cursor Custom agents

The problem

Your users want agents to use your app. Full access is not acceptable.

API keys, shared sessions, and broad OAuth grants were built for software and people. AI agents need a narrower action layer: who is acting, what action they can take, whether the user must approve it, and how to turn it off.

Buyer pain

Agents need app access.

Teams are hearing the same request: "Let my AI use your product." The risk is giving the agent more authority than the task requires.

User pain

Users need control.

A user may trust an agent to read orders or draft an email, but not to send, delete, refund, or change account settings without consent.

Developer pain

Auth is not the feature you wanted to build.

Agent identity, action permissions, approval screens, audit logs, and revocation become a full security product fast.

What Arc does

Arc gives every agent action an identity, permission decision, and audit trail.

Developers define the actions. Users choose what agents can do. Arc enforces allow, ask, or block before the action reaches your app.

Developer defines actions

Expose safe action names such as read_email, draft_reply, send_email, create_event, or request_return.

actions

User chooses permissions

Each action can be allowed automatically, require approval, or be blocked for that agent.

allow / ask / block

Agent requests action

Claude, ChatGPT, OpenClaw, Cursor, or a custom agent asks Arc to perform one approved app action.

agent request

Arc enforces policy

Arc allows safe actions, asks the user for sensitive actions, and blocks actions outside the grant.

policy check

Everything is logged

The app and user can inspect who acted, what happened, when it happened, and which permission allowed it.

audit log

Permission matrix

Simple decisions for every app action.

Arc turns agent access into a table users and developers can reason about. Read operations can be automatic. Sensitive writes can ask. Dangerous actions can be blocked.

App	Allow	Ask	Block
Email	read_email, draft_reply	send_email	delete_email
Calendar	read_calendar	create_event	delete_event
Account and commerce	read_orders	request_return	delete_account

Demo narrative

Personal AI Operator: one agent connected to email, calendar, and commerce.

The user lets an agent help across multiple apps while Arc keeps every action inside a visible permission boundary.

Email app

Read and draft are allowed. Send requires approval. Delete is blocked.

ask

Calendar app

Read is allowed. Create event asks. Delete event is blocked.

ask

Account and commerce app

Read orders is allowed. Return requests ask. Delete account is blocked.

block

Open full demo How permissions work

Developer surface

Define actions once. Let Arc handle the agent auth layer.

Arc is not an agent framework. You keep your app and APIs. Arc provides the permission system around the actions agents are allowed to request.

import { geostack } from "@geostack/sdk";

const app = geostack.app("Email", {
  description: "Scoped email actions for AI agents."
});

app.tool("send_email", sendEmail, {
  description: "Send a prepared email reply.",
  scope: "email:send",
  input: {
    to: { type: "string", required: true },
    subject: { type: "string", required: true },
    body: { type: "string", required: true }
  },
  annotations: {
    readOnlyHint: false,
    destructiveHint: false
  }
});

export default app;

Read quickstart Open docs

Security and trust

Built for teams that cannot hand agents the keys.

Arc keeps the long-term vision in view, but V1 stays focused: agent identity, action permissions, approvals, audit logs, and revocation.

Identity

Know which agent is acting.

Arc treats Claude, ChatGPT, OpenClaw, Cursor, and custom agents as clients requesting scoped actions.

Approvals

Pause sensitive work.

Ask policies turn high-impact actions into explicit user approval moments before the action reaches your app.

Revocation

Turn access off anytime.

Users can revoke an agent grant. Future requests fail until the user reconnects and grants access again.

Integrations and adapters

Arc sits between your app and the agent clients your users already use.

MCP is supported as an adapter detail where useful. Arc is the auth and control layer around app actions, not a protocol pitch.

Clients

Claude, ChatGPT, OpenClaw, Cursor.

Expose the same controlled action surface to the AI clients your users ask for.

Apps

Email, calendar, commerce, SaaS APIs.

Start with a few actions, then expand permissions as users prove what they trust agents to do.

Adapters

MCP and custom agent routes.

Use MCP where the client expects it. Use Arc policies for the authorization decision that matters.

FAQ

What is Arc by GEOstack?

Arc is auth for AI agents. It lets apps safely allow agents to act for users with action-level permissions, approval flows, audit logs, and revocation.

How is Arc different from MCP?

MCP is a way for clients to connect to tools. Arc controls whether an agent is allowed to perform a specific app action. Arc can use MCP as an adapter, but the product is the permission and enforcement layer.

How is Arc different from OAuth?

OAuth grants app access. Arc adds agent-aware action controls: allow, ask, block, audit, and revoke at the action level.

Why are API keys unsafe for AI agents?

API keys are usually broad, persistent, and hard for users to understand. Agents need limited, revocable permission to perform specific actions.

Start

Let users connect AI agents to your app safely.

Define actions, set permission defaults, and give users a control layer they can understand.

Start building Contact founder