# Keel Permit Protocol · v0.1

Machine-readable authority for AI execution.

Keel is the authority layer around AI execution. Before an agent does anything consequential — a model call that matters, a tool call, a payment, a system change — it requests a permit. This surface tells it how. It is a protocol, not a registry.

Machine clients — start here
/llms.txtconcise summary, links out — start here /agents.mdfull operating instructions /.well-known/keel.jsonstructured discovery — endpoints, decision vocabulary
The rule

Request a permit before a consequential action. Act only on a live allow.

deny · challenge · throttle · expired · revoked → do not act. Can't get a permit? Fail closed.

How authority separates
credentialwhich principal is asking — authenticates the request grantwhat that principal may request — set by a human / service principal permitwhether this action may run now — issued per action evidencetamper-evident record of what was decided
Request
POST https://api.keelapi.com/v1/permits
Authorization: Bearer $KEEL_RUNTIME_KEY
→ decision: allow | deny | challenge  ·  see /agents.md
Not a registry

Being known to Keel is not authority — only a permit is. Keel does not issue your identity; your operator supplies or binds the runtime credential Keel uses to attribute requests. Registration never stands in for a permit.