The lightweight, developer-first safety layer for AI actions

Let your AI take real actions.
Without risking real damage.

Queue, approve, and execute API calls safely from your agents. Add human approval, retries, and audit trails in minutes.

Start free → View example →

If your AI can issue refunds, update customer data, or trigger internal APIs — one bad output hits a real API. One retry becomes a duplicate charge.

DispatchQ sits between your agent and the real world.

Replace any API call your AI makes with DispatchQ.

Every action goes through a gate.

You decide what needs a human — refunds always, safe reads never. Everything else is configurable.

// Your agent calls DispatchQ, not Stripe
send_action({
  url: "https://api.stripe.com/v1/refunds",
  method: "POST",
  body: { charge: "ch_3Qx9R2eZ" },
  approve: true,
})
// => { id: "act_Xk9mP2nQ4rT1vW", status: "awaiting_approval" }

// You approve. The action executes.
approve({ id: "act_Xk9mP2nQ4rT1vW" })
// => { status: "completed", response_code: 200 }

Your AI doesn't call Stripe directly. It goes through DispatchQ.

How it works

Your AI sends actions to DispatchQ instead of calling APIs directly.

🤖
Your AI
dq.send()
DispatchQ
Approve
🔑
Dedupe
🔄
Retry
🔐
Sign
🌐
Target API
Stripe, CRM, etc.
📋
Result stored
GET /actions/:id
1

Your AI decides to act

Refund a payment, update a CRM record, trigger a deploy. Instead of calling the API directly, it calls DispatchQ.

2

DispatchQ intercepts it

The action is validated, deduped, and held for approval if configured. Retries and signing are automatic.

3

Approve or auto-approve

Approve via MCP, SDK, CLI, or API. Or auto-approve safe actions. You define the rules.

4

Execute + store the result

Signed delivery to the target API. Full response stored. Your agent or system can fetch the result anytime.

Why not call APIs directly?

Because this happens.

Without DispatchQ

  • Duplicate refunds from agent retries
  • Hallucinated outputs triggering real actions
  • No audit trail of what happened
  • No way to pause or intervene

With DispatchQ

  • Built-in idempotency and deduplication
  • Human-in-the-loop approval before execution
  • Persistent job state and full request history
  • Safe retries with exponential backoff

Before

// ❌ BEFORE — your AI calls Stripe directly
await stripe.refunds.create({
  charge: "ch_3Qx9R2eZ",
})
// No approval. No retries. No audit trail.
// A hallucinated charge ID hits a real API.
// A retry double-refunds a customer.

After

// ✅ AFTER — your AI goes through DispatchQ
import { safeFetch } from "dispatchq"

await safeFetch("https://api.stripe.com/v1/refunds", {
  method: "POST",
  body: { charge: "ch_3Qx9R2eZ" },
  approve: true,
})
// Human approves. DispatchQ executes.
// Signed delivery. Full audit trail. Safe retries.
One function. That's it.

Replace fetch() with safeFetch()

You don't need to re-architect anything. Import the SDK, swap one function, and every API call your AI makes now has approval, retries, deduplication, and a full audit trail.

  • Same signature as fetch(). Just add approve: true.
  • Works anywhere you'd use fetch() — serverless, Node, edge.
  • Under 10 minutes from install to first protected action.
import { safeFetch } from "dispatchq"

// Before: await fetch("https://api.stripe.com/v1/refunds", ...)
// After:
await safeFetch("https://api.stripe.com/v1/refunds", {
  method: "POST",
  body: { charge: "ch_3Qx9R2eZ" },
  approve: true,    // hold for human approval
  dedupe: "refund-ch_3Qx9R2eZ",  // prevent duplicates
})
import { safeFetch } from "dispatchq"

// Define tools that go through DispatchQ.
// The agent never gets direct API access.

const refundTool = {
  name: "refund_payment",
  description: "Refund a Stripe charge",
  execute: async (args) => {
    return safeFetch("https://api.stripe.com/v1/refunds", {
      method: "POST",
      body: args,
      approve: true,
    })
  },
}

// Your agent only knows about refund_payment.
// It cannot call Stripe directly.
For agent builders

Constrain your agent by design

The strongest safety pattern: your agent doesn't have credentials to call production APIs. Only DispatchQ does. Define tools that route through DispatchQ, and your AI literally cannot bypass the safety layer.

  • Agent only knows about the tools you define
  • API credentials live in DispatchQ, not in the agent
  • Works with any agent framework — LangGraph, CrewAI, Vercel AI SDK, custom

Built for real workflows

From AI support agents to internal copilots. DispatchQ handles actions so your AI doesn't go rogue.

💳

AI support agents

Your support AI handles refunds, credits, and account changes. Every sensitive action held for approval — so a hallucinated charge ID doesn't trigger an unintended refund, and a retry doesn't double-charge a customer.

→ Require approval before execution. Auto-approve safe reads.

🧑‍💻

Internal copilots

Modify CRM, run admin actions.

→ Audit everything your AI does

⚙️

Automations

Sync systems, call flaky APIs.

→ Retries + durability built in

Everything you need. Nothing you don't.

A complete safety layer. Simple REST API, SDK, MCP tools, and CLI.

✋ Human approval

Pause jobs for sign-off. Approve via MCP, API, or auto-approve safe actions.

🔄 Retries & backoff

Exponential backoff from 20s to 1h. Configurable max attempts per job.

🔑 Deduplication

Dedupe keys and idempotency headers. No double refunds from agent retries.

📋 Stored results

Every response stored. Query status, body, and duration. Results outlive sessions.

🔐 HMAC signatures

Every delivery signed with SHA-256. Verify requests are from DispatchQ.

⏳ Delayed execution

Delay actions by seconds, minutes, hours, or days. Actions execute automatically when the delay expires.

📋 Full audit trail

Every action logged with who approved it, when it ran, and the full response. Queryable via API.

🤖 MCP + CLI

Works with ChatGPT, Claude, and Cursor. Full CLI for developers.

Works with MCP-enabled agents

Native support for ChatGPT, Claude, and Cursor

Your agent can queue actions, request approval, and check results — all through MCP tools. No custom code needed.

Pricing built around control

Per job, not per message. Safety features on every plan.

Free

$0 /mo

Experiment safely

Start free
  • 500 jobs/month
  • Human approval
  • 24-hour audit history
  • SDK + MCP + CLI
Most popular

Pro

$99 /mo

Production protection

Get started
  • 25,000 jobs/month
  • 30-day audit history
  • 5 API keys
  • Email support
  • + $2 per 1,000 extra jobs

Team

$299 /mo

Enterprise-grade control

Get started
  • 100,000 jobs/month
  • 90-day audit history
  • Unlimited API keys
  • 99.9% uptime SLA
  • Priority support
  • + $1.50 per 1,000 extra jobs

All plans include approval gates, safe retries, deduplication, signed delivery, stored results, audit history, SDK, MCP, and CLI.

No credit card required. Get your API key in 30 seconds.

Your AI should never call production APIs directly.

Stop letting your AI call production APIs directly.

Add a safety layer in minutes.

Start free →