The lightweight, developer-first safety layer for AI actions

Let your AI take real actions.
Without risking real damage.

Queue, approve, and execute API calls safely from your agents. Add human approval, retries, and audit trails in minutes.

Start free → View example →

If your AI can issue refunds, update customer data, or trigger internal APIs — one bad output hits a real API. One retry becomes a duplicate charge.

SafeFetch sits between your agent and the real world.

Replace any API call your AI makes with SafeFetch.

Every action goes through a gate.

You decide what needs a human — refunds always, safe reads never. Everything else is configurable.

// Your agent calls SafeFetch, not Stripe
send_action({
  url: "https://api.stripe.com/v1/refunds",
  method: "POST",
  body: { charge: "ch_3Qx9R2eZ" },
  approve: true,
})
// => { id: "act_Xk9mP2nQ4rT1vW", status: "awaiting_approval" }

// You approve. The action executes.
approve({ id: "act_Xk9mP2nQ4rT1vW" })
// => { status: "completed", response_code: 200 }

Your AI doesn't call Stripe directly. It goes through SafeFetch.

How it works

Your AI sends actions to SafeFetch instead of calling APIs directly.

🤖
Your AI
dq.send()
SafeFetch
Approve
🔑
Dedupe
🔄
Retry
🔐
Sign
🌐
Target API
Stripe, CRM, etc.
📋
Result stored
GET /actions/:id
1

Your AI decides to act

Refund a payment, update a CRM record, trigger a deploy. Instead of calling the API directly, it calls SafeFetch.

2

SafeFetch intercepts it

The action is validated, deduped, and held for approval if configured. Retries and signing are automatic.

3

Approve or auto-approve

Approve via MCP, SDK, CLI, or API. Or auto-approve safe actions. You define the rules.

4

Execute + store the result

Signed delivery to the target API. Full response stored. Your agent or system can fetch the result anytime.

Why not call APIs directly?

Because this happens.

Without SafeFetch

  • Duplicate refunds from agent retries
  • Hallucinated outputs triggering real actions
  • No audit trail of what happened
  • No way to pause or intervene

With SafeFetch

  • Built-in idempotency and deduplication
  • Human-in-the-loop approval before execution
  • Persistent job state and full request history
  • Safe retries with exponential backoff

Before

// ❌ BEFORE — your AI calls Stripe directly
await stripe.refunds.create({
  charge: "ch_3Qx9R2eZ",
})
// No approval. No retries. No audit trail.
// A hallucinated charge ID hits a real API.
// A retry double-refunds a customer.

After

// ✅ AFTER — your AI goes through SafeFetch
import { SafeFetch } from "safefetch"
const sf = new SafeFetch({ apiKey: process.env.SAFEFETCH_API_KEY })

await sf.send({
  url: "https://api.stripe.com/v1/refunds",
  method: "POST",
  body: { charge: "ch_3Qx9R2eZ" },
  approve: true,
})
// Human approves. SafeFetch executes.
// Signed delivery. Full audit trail. Safe retries.
One function. That's it.

Replace fetch() with safeFetch()

You don't need to re-architect anything. Import the SDK, swap one function, and every API call your AI makes now has approval, retries, deduplication, and a full audit trail.

  • Same signature as fetch(). Just add approve: true.
  • Works anywhere you'd use fetch() — serverless, Node, edge.
  • Under 10 minutes from install to first protected action.
import { SafeFetch } from "safefetch"
const sf = new SafeFetch({ apiKey: process.env.SAFEFETCH_API_KEY })

// Before: await fetch("https://api.stripe.com/v1/refunds", ...)
// After:
await sf.send({
  url: "https://api.stripe.com/v1/refunds",
  method: "POST",
  body: { charge: "ch_3Qx9R2eZ" },
  approve: true,    // hold for human approval
  dedupe: "refund-ch_3Qx9R2eZ",  // prevent duplicates
})
import { SafeFetch } from "safefetch"
const sf = new SafeFetch({ apiKey: process.env.SAFEFETCH_API_KEY })

// Define tools that go through SafeFetch.
// The agent never gets direct API access.

const refundTool = {
  name: "refund_payment",
  description: "Refund a Stripe charge",
  execute: async (args) => {
    return sf.send({
      url: "https://api.stripe.com/v1/refunds",
      method: "POST",
      body: args,
      approve: true,
    })
  },
}

// Your agent only knows about refund_payment.
// It cannot call Stripe directly.
For agent builders

Constrain your agent by design

The strongest safety pattern: your agent doesn't have credentials to call production APIs. Only SafeFetch does. Define tools that route through SafeFetch, and your AI literally cannot bypass the safety layer.

  • Agent only knows about the tools you define
  • API credentials live in SafeFetch, not in the agent
  • Works with any agent framework — LangGraph, CrewAI, Vercel AI SDK, custom

Built for real workflows

From AI support agents to internal copilots. SafeFetch handles actions so your AI doesn't go rogue.

💳

AI support agents

Your support AI handles refunds, credits, and account changes. Every sensitive action held for approval — so a hallucinated charge ID doesn't trigger an unintended refund, and a retry doesn't double-charge a customer.

→ Require approval before execution. Auto-approve safe reads.

🧑‍💻

Internal copilots

Modify CRM, run admin actions.

→ Audit everything your AI does

⚙️

Automations

Sync systems, call flaky APIs.

→ Retries + durability built in

Everything you need. Nothing you don't.

A complete safety layer. Simple REST API, SDK, MCP tools, and CLI.

✋ Human approval

Pause jobs for sign-off. Approve via MCP, API, or auto-approve safe actions.

🔄 Retries & backoff

Exponential backoff from 20s to 1h. Configurable max attempts per job.

🔑 Deduplication

Dedupe keys and idempotency headers. No double refunds from agent retries.

📋 Stored results

Every response stored. Query status, body, and duration. Results outlive sessions.

🔐 HMAC signatures

Every delivery signed with SHA-256. Verify requests are from SafeFetch.

⏳ Delayed execution

Delay actions by seconds, minutes, hours, or days. Actions execute automatically when the delay expires.

📋 Full audit trail

Every action logged with who approved it, when it ran, and the full response. Queryable via API.

🤖 MCP + CLI

Works with ChatGPT, Claude, and Cursor. Full CLI for developers.

Works with MCP-enabled agents

Native support for ChatGPT, Claude, and Cursor

Your agent can queue actions, request approval, and check results — all through MCP tools. No custom code needed.

Pricing built around control

Per job, not per message. Safety features on every plan.

Free

$0 /mo

Experiment safely

Start free
  • 500 jobs/month
  • Human approval
  • 24-hour audit history
  • SDK + MCP + CLI
Most popular

Pro

$99 /mo

Production protection

Get started
  • 25,000 jobs/month
  • 30-day audit history
  • 5 API keys
  • Email support
  • + $2 per 1,000 extra jobs

Team

$299 /mo

Enterprise-grade control

Get started
  • 100,000 jobs/month
  • 90-day audit history
  • Unlimited API keys
  • 99.9% uptime SLA
  • Priority support
  • + $1.50 per 1,000 extra jobs

All plans include approval gates, safe retries, deduplication, signed delivery, stored results, audit history, SDK, MCP, and CLI.

No credit card required. Get your API key in 30 seconds.

Your AI should never call production APIs directly.

Stop letting your AI call production APIs directly.

Add a safety layer in minutes.

Start free →