◈ SecuriX

Self-healing Auth

Let your AI agents fix security and connection issues autonomously.

Self-healing Auth

In a traditional application, a 401 Unauthorized or a policy block (like a restricted domain) results in a generic error message that stops the user journey.

For AI Agents, SecuriX provides Self-healing Auth. Our Gateway returns specialized metadata that allows the Agent to understand why a call failed and provide the user with a direct link to fix it—without you writing complex error-handling logic.

The llmError Pattern

When a tool call is blocked by a policy or requires authentication, the SecuriX Gateway returns a JSON response with an llmError field.

{
  "error": "Request blocked by OPA policy",
  "llmError": "I need to connect your Gmail account first. Please connect using this link: https://auth.securix.app/start/... \n\nWhen prompted, enter this device code: **ABCD-1234**"
}

Why this matters

AI models (like GPT-4 or Claude) are trained to follow instructions. When they see a field explicitly designed for them, they can:

  1. Explain the issue to the user in natural language.
  2. Provide the specific link required to resolve the issue.
  3. Resume the task once the user gives the go-ahead.

How it works

1. Connection-on-Demand (401)

If an agent attempts to access a resource (e.g., Gmail) and the user hasn't connected it yet, SecuriX returns a 401.

The llmError will contain a Device Flow link. The agent will prompt the user to click the link and enter a code. Once done, the agent can retry the tool call.

2. Policy Violations

If an agent attempts an action that violates a security policy (e.g., "Do not send emails to competitor.com"), the Gateway blocks the request and returns a 401 with a configurePolicyUrl.

The agent can then tell the user:

"I'm sorry, I can't send this email to competitor.com due to a security policy. You can review or change this policy here: [Link to SecuriX Dashboard]."

Implementation Example (Pseudocode)

Here is how you handle this in your agent's tool-calling loop:

try {
  const result = await myAgentTool();
  return result;
} catch (error) {
  // Check if the error came from SecuriX
  const securixError = error.response?.data?.llmError;
  
  if (securixError) {
    // Pass the LLM-friendly error directly to the agent's output
    return {
      content: [{ type: "text", text: securixError }],
      isError: false // We return false so the agent reports it gracefully
    };
  }
  
  throw error; // Handle other errors normally
}

Benefits for Developers

  • Zero UI: You don't need to build "Connect your account" buttons or "Policy settings" pages in your app.
  • Agent Autonomy: Your agent becomes more resilient and less prone to "hallucinating" when access is denied.
  • User Trust: Users see exactly why an agent was blocked and remain in control of the security boundaries.

Policy as Code

Manage security boundaries and agent permissions via the Developer Policy Console.

MCP Tool Optimization

Enhanced accuracy and performance for Model Context Protocol (MCP) toolkits.

On this page

Self-healing AuthThe llmError PatternWhy this mattersHow it works1. Connection-on-Demand (401)2. Policy ViolationsImplementation Example (Pseudocode)Benefits for Developers