Supravision

Supravision is the human-in-the-loop layer for request_hold decisions. When enforcement suspends an action pending approval, Supravision sends the SMS, tracks the approval, and records the reviewer's decision as a signed attestation.

··

How it works

A passport on its own is a signed credential, its constraints are declarations. Supravision makes those constraints active. Instead of connecting your agent directly to tools, you point it at the Supravision MCP server. Every tool call passes through Supravision first.

Agent→Supravision MCP→enforce_action()

✓ allow→action proceeds, permit token issued

⏸ request_hold→agent waits, you get a text message

✗ block→action denied, do not retry

Every decision produces a signed attestation. Nothing is lost, you have a complete, tamper-proof record of everything your agent did and didn't do.

Approve from your phone

When your agent wants to do something that needs your sign-off, a purchase over your threshold, a destructive action, anything you've flagged for oversight, Supravision pauses the agent and texts you. You respond from your phone. The agent resumes or gets blocked, depending on your answer.

No app. No dashboard. Just a text message.

SMS from Modei:

Your agent "Travel Assistant" wants to book a flight for $350.00.

Reply YES to approve or NO to block.

Or review: https://modei.ai/a/k7x9m2

Expires in 5 min.

Reply YES

Also accepts: Y, APPROVE, 1. Agent resumes immediately.

Reply NO

Also accepts: N, DENY, 0. Action blocked, agent notified.

Tap the link

Opens a focused approve/deny page with spending context. No login required.

The approval link shows your agent's name, the action it wants to take, the amount, and how much you've already spent today against your daily limit, enough context to make a real decision.

Approvals expire after 5 minutes. If you don't respond, the action is automatically denied and any held spend reservation is released. You'll get a notification either way.

One approval at a time. If a second action needs approval while one is already pending, it returns "Approval already pending". This keeps your SMS replies unambiguous, there is always exactly one thing you could be approving.

Text STOP at any time to trigger an emergency stop on all passports registered to your number. Text START to re-enable SMS notifications.

Connect your agent

Add Supravision to your agent's MCP config. Use your passport ID as the credential, no OAuth, no API key rotation.

Claude Desktop

~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "supravision": {
      "url": "https://modei.ai/api/mcp/supravision",
      "headers": { "x-passport-id": "pass_your_passport_id" }
    }
  }
}

Cursor / Windsurf / Other

.cursor/mcp.json

{
  "mcpServers": {
    "supravision": {
      "url": "https://modei.ai/api/mcp/supravision",
      "headers": { "x-passport-id": "pass_your_passport_id" }
    }
  }
}

Your passport ID is shown in the Modei dashboard after creating a passport. The wizard's Setup tab generates this snippet pre-filled.

MCP tools

Supravision exposes six tools to the connected agent.

enforce_action

action, context?, action_id?

Evaluate a proposed action against the passport constraints. Returns a decision with an optional permit token (allow) or approval ID (request_hold). Call this before every action.

get_passport_status

Returns current passport state: active, emergency_stopped, enforcement_paused, and constraint summary.

get_cumulative_state

Returns current spend totals, action counts, and rate window state for this passport.

get_approval_status

approval_id

Poll the status of a pending approval. Returns the decision and permit token once resolved.

list_pending_approvals

List all approvals currently waiting for human response.

report_action_result

permit_token, success, result?

Report the outcome of a permitted action. Closes the audit loop. The permit token is single-use and expires after 30 seconds.

Decisions

allow

All constraints passed. A permit token is included, call report_action_result after completing the action.

request_hold

Action requires human approval. The agent should wait and poll get_approval_status. You receive an SMS and email.

block

A hard constraint was violated. Do NOT retry. The response includes the rule that triggered the block and suggested alternatives.

If a second action arrives while one is already pending, it returns "Approval already pending", there can only be one pending approval per passport at a time. This keeps SMS approvals unambiguous: there is always exactly one thing you could be approving.

block ends evaluation immediately. If any constraint produces block, remaining evaluators are skipped and the action is denied.

Safety rules

Constraints are configured in the passport wizard. The enforcement pipeline runs them in a fixed order, fail-closed and emergency stop are always checked first.

Spending

core:cost:max_per_actionHard block if any single action exceeds this amount.

core:cost:max_per_dayHard block when projected daily spend exceeds this.

core:cost:max_per_weekHard block when projected weekly spend exceeds this.

core:cost:max_totalLifetime budget, never resets.

core:cost:approval_thresholdSuspend (require approval) when action cost exceeds this.

Rate

core:rate:max_per_minuteMaximum actions per minute (sliding window).

core:rate:max_per_hourMaximum actions per hour.

core:rate:max_per_dayMaximum actions per day.

Scope

core:scope:domain_allowlistOnly allow calls to these domains (subdomain matching).

core:scope:domain_blocklistBlock calls to these domains.

core:scope:action_allowlistOnly allow these actions (exact + wildcard).

core:scope:action_blocklistBlock these actions.

Time

core:time:operating_hoursBlock actions outside configured hours and days.

core:time:blackout_windowsBlock actions during specified date ranges.

core:time:idle_timeout_minutesSuspend after N minutes of inactivity.

Oversight

core:approval:requiredSuspend on every action, require explicit approval each time.

core:approval:for_actionsSuspend for specific actions. Sentinel strings expand server-side: "high_risk" (recommended default, db writes, code:deploy, money movement, secret reads, email send), "side_effects_lower_stakes" (file/calendar/code-execute writes), "high_risk_and_side_effects_lower_stakes" (union), "sensitive_data" (PII/secret access). Legacy "destructive" / "destructive_and_sensitive" remain accepted but are frozen at their pre-2026-04-29 expansion.

core:safety:anomaly_suspendSuspend when 5-minute action rate exceeds 3× the 30-minute baseline.

core:safety:fail_closedBlock all actions when Supravision loses contact with your agent for >2 minutes.

Data protection

core:data:read_onlyBlock write-prefixed actions.

core:data:no_pii_exportBlock when personally identifiable information is detected in action context.

core:data:no_secrets_exportBlock when API keys or secrets are detected (sk-, pk_, AKIA, ghp_, Bearer prefixes).

core:data:redact_pii_in_logsRedact PII from attestation records before storage.

Spending reservations

When an action is suspended, Supravision immediately reserves the amount against your spending limits. This prevents two concurrent approvals from both being approved and together exceeding your budget.

Suspend $350 flight → reserve $350 against daily + weekly + total limits

Headroom = limit − committed spend − held reservations

Approve → reservation committed, permit token issued

Deny / timeout → reservation released, headroom restored

Emergency stop

Hit Emergency Stop from the passport detail page or text STOP to your Supravision number. It takes effect immediately:

✗All active sessions terminated
✗All pending approvals auto-denied
✗All held reservations released
✗Every subsequent enforce_action returns block
✗A PANIC attestation is recorded
✗SMS and email confirmation sent

Resume from the dashboard when you're ready. The agent can reconnect and actions will be evaluated normally.

Fail-closed mode

Enable core:safety:fail_closed to block all agent actions if Supravision loses contact with your agent for more than 2 minutes. This is the right default for agents with significant spending authority or destructive capabilities.

When fail-closed triggers: enforcement_paused is set, an SMS is sent, and all subsequent enforce_action calls return block with a clear message. On reconnection, the pause clears automatically.

Without fail-closed, a stale heartbeat produces a warning in the activity feed but enforcement continues normally.

Dashboard

The passport detail page shows Supravision status and a live activity feed of every enforcement decision. The feed streams decisions in real time, allow, request_hold, and block entries appear as they happen, with inline approve/deny buttons for suspended actions.

🟢 Active

Heartbeat current, enforcement running.

🟡 Disconnected

Last heartbeat >2 min ago. Banner shown if constraints are configured.

🟠 Enforcement Paused

Fail-closed triggered a pause. All actions blocked.

🔴 Emergency Stopped

Manual stop active. Resume when ready.

A "Not Enforced" banner appears when status is not Active and constraints are configured, a persistent reminder that your rules are declared but not currently being checked.

Enforcement Layer, The constraint evaluation engine that powers Supravision.
Passports, How constraints are declared and signed into credentials.
Attestations, The tamper-proof audit trail produced by every decision.
Agent Autonomy, Designing the right level of oversight for your use case.

Enforcement Layer Attestations