2026-01-13 · Authensor

How to Secure AI Agents on Vercel

SafeClaw by Authensor provides deny-by-default action gating for AI agents deployed on Vercel. If you are building AI-powered features with the Vercel AI SDK or running agentic backends on Vercel Serverless Functions, SafeClaw intercepts every action the agent attempts and enforces your YAML policy before execution. Install with npx @authensor/safeclaw and ship AI features on Vercel without risking uncontrolled agent behavior.

Prerequisites

A Vercel project with Node.js 18+ runtime
An AI agent using the Vercel AI SDK, Claude, OpenAI, or any supported provider
Vercel CLI installed (npm i -g vercel)

Step 1 — Install SafeClaw

npx @authensor/safeclaw

This creates safeclaw.config.yaml and wires into your agent runtime. SafeClaw has zero dependencies and runs within Vercel's Serverless Functions size limits.

Step 2 — Define a Vercel-Specific Policy

version: 1 defaultAction: deny rules: - action: "file:read" path: "/var/task/**" effect: allow - action: "file:write" path: "/tmp/**" effect: allow - action: "network:request" host: "api.openai.com" effect: allow - action: "network:request" host: "api.anthropic.com" effect: allow - action: "network:request" host: "*.vercel.app" effect: allow - action: "env:read" key: "OPENAI_API_KEY" effect: deny reason: "Agent must not read API keys directly" - action: "env:read" key: "ANTHROPIC_API_KEY" effect: deny reason: "Agent must not read API keys directly"

- action: "shell:execute" effect: deny reason: "No shell execution in serverless"

Step 3 — Integrate with Vercel AI SDK

SafeClaw wraps your tool definitions to enforce gating before any tool executes:

import { createSafeClawGate } from "@authensor/safeclaw";
import { streamText, tool } from "ai";
import { openai } from "@ai-sdk/openai";

const gate = createSafeClawGate({ policy: "./safeclaw.config.yaml" });

export async function POST(req: Request) {
  const { messages } = await req.json();

const result = await streamText({
    model: openai("gpt-4o"),
    messages,
    tools: {
      searchDatabase: tool({
        description: "Search the product database",
        parameters: z.object({ query: z.string() }),
        execute: gate.wrap(async ({ query }) => {
          return db.search(query);
        }),
      }),
    },
  });

return result.toDataStreamResponse();
}

Every tool invocation passes through SafeClaw's policy engine first. Denied actions return a structured rejection instead of executing.

Step 4 — Deploy as a Serverless Function

vercel --prod

No additional infrastructure is needed. SafeClaw runs in-process within each Serverless Function invocation. The policy file is bundled with your deployment.

Step 5 — Configure Audit Output

Since Vercel Serverless Functions are ephemeral, route the audit trail to stdout so Vercel's log drain captures it:

audit:
  sink: stdout
  format: json

Connect a Vercel log drain to your SIEM or log aggregation service to persist the hash-chained audit trail.

Step 6 — Protect Environment Variables

Vercel stores secrets in environment variables. An uncontrolled agent with access to process.env can exfiltrate API keys, database URLs, and other credentials. SafeClaw blocks this:

rules:
  - action: "env:read"
    key: "DATABASE_URL"
    effect: deny
  - action: "env:read"
    key: "OPENAI_API_KEY"
    effect: deny
  - action: "env:read"
    key: "STRIPE_SECRET_KEY"
    effect: deny

The application code itself can still access these variables during initialization. SafeClaw only blocks the AI agent from reading them during action execution.

Step 7 — Edge Functions Consideration

Vercel Edge Functions run on the V8 isolate runtime, not Node.js. SafeClaw's core policy engine is JavaScript-native and works in Edge Functions. Ensure your policy file is importable:

import { createSafeClawGate } from "@authensor/safeclaw/edge";

const gate = createSafeClawGate({
  policy: safeClawPolicy, // Imported as a JS object for edge
});

Verifying the Deployment

Run the audit verification against your most recent invocations:

npx @authensor/safeclaw audit verify --last 50

SafeClaw's 446-test suite guarantees the policy engine and audit chain work correctly across all supported runtimes, including Vercel's serverless and edge environments.

Try SafeClaw

Action-level gating for AI agents. Set it up in your browser in 60 seconds.

$ npx @authensor/safeclaw