The lightweight, developer-first safety layer for AI actions

Let your AI take real actions.
Without risking real damage.

Queue, approve, and execute API calls safely from your agents. Add human approval, retries, and audit trails in minutes.

Start free → View example →

If your AI can issue refunds, update customer data, or trigger internal APIs — one bad output hits a real API. One retry becomes a duplicate charge.

SafeFetch sits between your agent and the real world.

Replace any API call your AI makes with SafeFetch.

Every action goes through a gate.

You decide what needs a human approval and when to skip approval for trusted endpoints.

// Your agent calls SafeFetch, not Stripe
send_action({
  url: "https://api.stripe.com/v1/refunds",
  method: "POST",
  body: { charge: "ch_3Qx9R2eZ" },
  approve: true,
})
// => { id: "act_Xk9mP2nQ4rT1vW", status: "awaiting_approval" }

// You approve. The action executes.
approve({ id: "act_Xk9mP2nQ4rT1vW" })
// => { status: "completed", response_code: 200 }

Your AI doesn't call Stripe directly. It goes through SafeFetch.

How it works

Your AI sends actions to SafeFetch instead of calling APIs directly.

🤖
Your AI
safeFetch()
SafeFetch
Approve
🔑
Dedupe
🔄
Retry
🔐
Sign
🌐
Target API
Stripe, CRM, etc.
📋
Result stored
GET /actions/:id
1

Your AI decides to act

Refund a payment, update a CRM record, trigger a deploy. Instead of calling the API directly, it calls SafeFetch.

2

SafeFetch intercepts it

The action is validated, deduped, and held for approval if configured. Retries and signing are automatic.

3

Approve or skip approval

Approve via MCP, SDK, CLI, or API. Or skip approval for trusted endpoints.

4

Execute + store the result

Signed delivery to the target API. Full response stored. Your agent or system can fetch the result anytime.

Why not call APIs directly?

Because this happens.

Without SafeFetch

  • Duplicate refunds from agent retries
  • Hallucinated outputs triggering real actions
  • No audit trail of what happened
  • No way to pause or intervene

With SafeFetch

  • Built-in idempotency and deduplication
  • Human-in-the-loop approval before execution
  • Persistent job state and full request history
  • Safe retries with exponential backoff

Before

// ❌ BEFORE — your AI calls Stripe directly
await stripe.refunds.create({
  charge: "ch_3Qx9R2eZ",
})
// No approval. No retries. No audit trail.
// A hallucinated charge ID hits a real API.
// A retry double-refunds a customer.

After

// ✅ AFTER — your AI goes through SafeFetch
import { safeFetch } from "safefetch"

await safeFetch({
  url: "https://api.stripe.com/v1/refunds",
  method: "POST",
  body: { charge: "ch_3Qx9R2eZ" },
  approve: true,
})
// Human approves. SafeFetch executes.
// Signed delivery. Full audit trail. Safe retries.
One function. That's it.

Replace fetch() with safeFetch()

You don't need to re-architect anything. Import the SDK, swap one function, and every API call your AI makes now has approval, retries, deduplication, and a full audit trail.

  • Same concept as fetch(). Just add approve: true.
  • Works anywhere — serverless, Node, edge.
  • Under 10 minutes from install to first protected action.
import { safeFetch } from "safefetch"

// Before: await fetch("https://api.stripe.com/v1/refunds", ...)
// After:
await safeFetch({
  url: "https://api.stripe.com/v1/refunds",
  method: "POST",
  body: { charge: "ch_3Qx9R2eZ" },
  approve: true,    // hold for human approval
  dedupe: "refund-ch_3Qx9R2eZ",  // prevent duplicates
})
import { safeFetch } from "safefetch"

// Define tools that go through SafeFetch.
// The agent never gets direct API access.

const refundTool = {
  name: "refund_payment",
  description: "Refund a Stripe charge",
  execute: async (args) => {
    return safeFetch({
      url: "https://api.stripe.com/v1/refunds",
      method: "POST",
      body: args,
      approve: true,
    })
  },
}

// Your agent only knows about refund_payment.
// It cannot call Stripe directly.
For agent builders

Constrain your agent by design

The strongest safety pattern: your agent doesn't have credentials to call production APIs. Only SafeFetch does. Define tools that route through SafeFetch, and your AI literally cannot bypass the safety layer.

  • Agent only knows about the tools you define
  • API credentials live in SafeFetch, not in the agent
  • Works with any agent framework

Built for real workflows

From AI support agents to internal copilots. SafeFetch handles actions so your AI doesn't go rogue.

💳

AI support agents

Your support AI handles refunds, credits, and account changes. Every sensitive action held for approval — so a hallucinated charge ID doesn't trigger an unintended refund, and a retry doesn't double-charge a customer.

→ Require approval before execution. Auto-approve safe reads.

🧑‍💻

Internal copilots

Modify CRM, run admin actions.

→ Audit everything your AI does

⚙️

Automations

Sync systems, call flaky APIs.

→ Retries + durability built in

Everything you need. Nothing you don't.

A complete safety layer. Simple REST API, SDK, MCP tools, and CLI.

✋ Human approval

Pause actions for sign-off. Approve via API, MCP, or email magic link. Auto-approve safe reads.

🔑 Deduplication

Dedupe keys and idempotency headers. No double refunds from agent retries.

🔄 Retries & backoff

Exponential backoff from 20s to 1h. Configurable max attempts per action.

🔐 Signed delivery

Every request signed with HMAC SHA-256. Your target API can verify it came from SafeFetch.

📋 Full audit trail

Every action logged — who approved it, when it ran, the full response, duration, and status. Queryable via API.

🔔 Completion webhooks

Get notified when actions complete or fail. POST to any callback URL with the full result.

Works with MCP, SDK, CLI, and REST API. Connects to ChatGPT, Claude, Cursor, and any agent framework.

Works with MCP-enabled agents

Native support for ChatGPT, Claude, and Cursor

Your agent can queue actions, request approval, and check results — all through MCP tools. No custom code needed.

Pricing built around control

Per job, not per message. Safety features on every plan.

Free

$0 /mo

Experiment safely

Start free
  • 500 jobs/month
  • Human approval
  • 24-hour audit history
  • SDK + MCP + CLI
Most popular

Pro

$99 /mo

Production protection

Get started
  • 25,000 jobs/month
  • 30-day audit history
  • 5 API keys
  • Email support
  • + $2 per 1,000 extra jobs

Team

$299 /mo

Enterprise-grade control

Get started
  • 100,000 jobs/month
  • 90-day audit history
  • Unlimited API keys
  • 99.9% uptime SLA
  • Priority support
  • + $1.50 per 1,000 extra jobs

All plans include approval gates, safe retries, deduplication, signed delivery, stored results, audit history, SDK, MCP, and CLI.

No credit card required. Get your API key in 30 seconds.

Your AI should never call production APIs directly.

Stop letting your AI call production APIs directly.

Add a safety layer in minutes.

Start free →