Glossary · passkey-approval
Passkey approval
Definition
A FIDO2 / WebAuthn confirmation that gates privileged actions. When an AI agent on Ellul attempts a sensitive operation (git push, deploy, database write, secret read), execution pauses and the action queues for approval. The user receives a notification, taps Touch ID, Face ID, or a hardware key, and the action proceeds only on approval.
Context
Passkey approval is enforced server-side by the Sovereign Shield, not by a permission prompt the agent could be coached to skip. Each gate type (write, push, deploy, secret-read, etc.) has a configurable TTL: once approved, follow-up actions of the same class can flow through within the window without re-prompting. The TTL is bounded; long-running agents must re-authorize. Approvals can be granted from any registered device, including a phone, so agents stay productive while the human is mobile.
Also known as
Related terms
See also