Once an AI agent reads sensitive data, its write and execute permissions are permanently removed. No API call, no override, no rollback can restore them.
P(t) ⊆ P(t-1) for all t — mathematically guaranteed
AI agents with broad permissions can silently exfiltrate sensitive data. RBAC grants permissions at session start and never reduces them based on what the agent actually accessed.
Click the buttons below to simulate an AI agent accessing data at different sensitivity levels. Watch the permissions shrink — and try to restore them.
High-water mark only increases. Permission set only shrinks. These hold for every operation, no exceptions.
Not a policy check. Not a prompt instruction. The narrowing is implemented in code that cannot be bypassed at runtime.
Child agents inherit the parent's ratchet state. A sub-agent spawned after CONFIDENTIAL access cannot obtain delete permissions.
pip install agent-iam-ratchetfrom agent_iam_ratchet import RatchetSession, Sensitivity
session = RatchetSession(scopes=["read:*", "write:*", "delete:*", "execute:*"])
# Agent reads a confidential document
session.access(Sensitivity.CONFIDENTIAL)
print(session.effective_scopes)
# frozenset({'read:*', 'write:*'}) ← delete + execute gone forever
# Agent reads restricted data
session.access(Sensitivity.RESTRICTED)
print(session.effective_scopes)
# frozenset({'read:*'}) ← write gone forever
# Try to get permissions back by reading public data
session.access(Sensitivity.PUBLIC)
print(session.effective_scopes)
# frozenset({'read:*'}) ← still read-only. Irreversible.pip install 'agent-iam-ratchet[langchain]'pip install 'agent-iam-ratchet[crewai]'pip install 'agent-iam-ratchet[openai-agents]'One line of code. Zero configuration. Mathematically irreversible.