๐Ÿ›ก๏ธ Interven

Quickstart

Protect your AI agent's tool calls in under 2 minutes.

This page assumes you already have an iv_live_* API key โ€” get one by signing up at app.intervensecurity.com/signup.

Option A โ€” Gateway CLI (zero code changes)

The fastest path. One command, instant protection:

npx @interven/gateway --api-key iv_live_YOUR_KEY

Then point your agent's tool calls through the local proxy:

# Instead of:  POST https://api.github.com/repos/org/repo/pulls
# Route via:   POST http://localhost:4100/proxy/https://api.github.com/repos/org/repo/pulls

curl -X POST http://localhost:4100/proxy/https://api.github.com/repos/org/repo/pulls \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer ghp_..." \
  -d '{"title":"My PR","head":"feature","base":"main"}'

Open http://localhost:4100 for a live dashboard. See the Gateway CLI guide for details.

Option B โ€” SDK integration (5 lines)

1. Install

# Python
pip install interven

# TypeScript / Node
npm install @interven/sdk-js

2. Send your first scan

from interven import Client

client = Client(api_key="iv_live_...")
result = client.scan(
    method="POST",
    url="https://hooks.slack.com/services/T../B../secret",
    body={"text": "hello from my agent"},
)
print(result.decision)  # ALLOW | DENY | SANITIZE | REQUIRE_APPROVAL

The same call in TypeScript:

import { IntervenClient } from '@interven/sdk-js';

const client = new IntervenClient({ apiKey: 'iv_live_...' });
const result = await client.scan({
  method: 'POST',
  url: 'https://hooks.slack.com/services/T../B../secret',
  body: { text: 'hello from my agent' },
});
console.log(result.decision);

3. Handle the four decisions

match result.decision:
    case "ALLOW":
        send_to_slack(result.body_to_forward)
    case "SANITIZE":
        send_to_slack(result.sanitized_body)
    case "DENY":
        log("blocked", result.reason_codes)
    case "REQUIRE_APPROVAL":
        # SDK handles polling โ€” blocks until analyst decides
        final = client.wait_for_approval(result.approval_id, timeout=300)
        if final.status == "approved":
            send_to_slack(result.body_to_forward)

4. One-liner alternatives

For the simplest integration, use guard (decorator) or gate (function):

from interven import guard

@guard(api_key="iv_live_...", tool="slack", operation="post_message")
def send_slack_message(channel, text):
    requests.post("https://slack.com/api/chat.postMessage", json={"channel": channel, "text": text})

send_slack_message("#general", "hello")  # scanned automatically
from interven import gate

result = gate("POST", "https://api.github.com/repos/org/repo/pulls", body={...}, api_key="iv_live_...")
if result.decision == "ALLOW":
    forward(result.body)

5. (Optional) Scan response bodies

When the agent reads sensitive content, scan the response for forensics and read-then-write exfiltration detection:

client.scan_response(
    trace_id=result.trace_id,
    response_body=upstream_response_text,
    response_status=200,
)

What's next

What is Interven?

Inline policy + risk firewall for AI agent tool calls.

Concepts

Mental model โ€” agents, tools, scans, policies, approvals, decisions.

On this page

Option A โ€” Gateway CLI (zero code changes)Option B โ€” SDK integration (5 lines)1. Install2. Send your first scan3. Handle the four decisions4. One-liner alternatives5. (Optional) Scan response bodiesWhat's next