Heso Witness
Policy, approval, and proof for every web action an agent takes.
Let agents read, fill, and submit across regulated external systems — payer portals, banking, insurance, procurement, vendor and SaaS admin panels — with every action checked against policy, approved when needed, signed, and replayable.
Start with one workflow: claims, eligibility, payments, exports, or any submit that crosses a compliance boundary.
Stop the action before it lands. Domain, field, spend, and submit rules enforced before the agent can do anything irreversible.
Keep a human in the loop where it matters. Claim filing, payments, exports, and account changes route to a reviewer before they happen.
Hand audit an artifact, not a story. Each action carries URL, agent, model, DOM state, policy decision, approver, and final state — verifiable offline.
When something breaks, rebuild the run from captured state. No model memory, no guesses — just the exact bytes the agent saw.
Between your agent and the external web.
Witness is the security boundary that sits between your agent and anything your security, compliance, or legal teams would want to see before it happens — and have a defensible record of after.
AI agent
task, identity, model, account
Heso Witness
policy check, approval gate, receipt envelope
Heso runtime
native execution, cassette, hashes, browser fallback when needed
External portal
payer, vendor, SaaS, bank, internal app
Audit systems
SIEM, Datadog, Splunk, legal export, security review
Count the actions security has to trust.
The question is not browser minutes. It is how many external web actions need proof, approval, replay, and a defensible audit trail before agents can run in production.
External portal actions under control
This models production exposure, not labor replacement: how many external web actions need policy, proof, approval, and replay.
The budget case is not browser cost. It is the ability to let agents touch production portals because security can see the rule, the approver, the signed receipt, and the replay path.
Everything around the action.
Policy Gateway
Define what agents can touch before they touch it. Domain allowlists, field-level rules, spend limits, and submit gates — written once, enforced on every run.
Approval Queue
Send the high-impact actions to a human first: claim filing, payments, purchases, data exports, account changes, delete operations, final submits.
Signed Receipts
Cryptographic proof of what the agent saw, what it decided, who approved it, and how it ended. Verifiable offline, defensible in audit.
Replay & Incidents
When something goes wrong, rebuild the exact run from captured state — no model memory, no second-guessing. Forensics in minutes, not days.
Enterprise Controls
SSO/SAML, SCIM, RBAC, redaction, credential custody, customer-managed keys, audit retention, SIEM export, and private/VPC deployment.
Operator Dashboard
One pane of glass across every agent action: filter by team, account, model, workflow, policy decision, approval state, or failure reason.
Browser infra and traces are necessary. They are not the proof layer.
- Browserbase gives agents real browser sessions, identity, logs, and replay. Witness is the policy and proof layer before high-impact web actions.
- LangSmith, Datadog, and Langfuse show agent traces. Witness records whether an external web mutation was allowed, blocked, approved, and signed.
- Generic audit logs say an event happened. Witness receipts can be verified offline and tied to state hashes and replay material.
- Playwright traces help developers debug. Witness is built for security, legal, compliance, and operations when agents touch third-party systems.
Prove one workflow end to end.
Bring one workflow where agents touch real accounts, customer data, forms, or submit buttons. The evaluation proves controls and evidence on a single workflow before you scale it across more.
Bring a real workflow where agents touch external accounts, customer data, forms, or submit buttons — claims, eligibility, payments, exports, account changes.
Define allowed domains, field rules, submit gates, export rules, and approval requirements.
Verify a signed receipt offline and replay one failed or blocked run from captured state.
Confirm SSO/RBAC shape, redaction needs, SIEM export, retention, and private deployment.
A policy blocks or routes submit before impact, a signed receipt verifies offline, a failed run replays from captured state, and security can export the evidence trail.