← Back to Integrations
🧠

Using ACT with Anthropic Claude

Add fine-grained permissions and runtime enforcement to Claude AI agents and tool use

✓ Production Ready ⏱️ 15-minute setup

Overview

Anthropic Claude is known for its safety and reliability, but when integrating Claude with external tools and APIs, you need additional safeguards to prevent misuse. ACT provides a governance layer that controls what tools Claude can access and how it can use them.

  • Claude may call tools with incorrect parameters or malicious intent
  • No way to enforce constraints (e.g., "read-only" access to databases)
  • Limited visibility into tool usage patterns and anomalies
  • Difficult to revoke tool access dynamically without redeployment
  • No rate limiting on tool calls across different resources

ACT solves this by adding a permission layer between Claude and your tools.

Architecture

Claude Model
Decides tool use
ACT Middleware
✓ Validates token
✓ Checks policy
✓ Logs action
Your Tools
Protected resources

⚠️ Authentication Required

All requests to https://api.acttokens.com require:

  • API Key (in X-Api-Key header) - Platform authentication
  • Capability Token (in request body) - Agent authorization

Learn more about dual-token authentication →

Quick Start

Step 1: Get Your API Key

Sign up for ACT and obtain your API key from the dashboard.

ACT_API_KEY="your_api_key_here"
ACT_BASE_URL="https://api.acttokens.com"
ANTHROPIC_API_KEY="your_anthropic_key"

Step 2: Register Your Claude Agent in ACT

curl -X POST $ACT_BASE_URL/v1/agents \
  -H "X-Api-Key: $ACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Claude Document Assistant",
    "description": "Analyzes and processes documents with tool use",
    "metadata": {
      "framework": "anthropic",
      "model": "claude-3-opus",
      "capabilities": ["tool_use"]
    }
  }'

Step 3: Define a Policy

Specify which tools Claude can access and under what conditions:

curl -X POST $ACT_BASE_URL/v1/policies \
  -H "X-Api-Key: $ACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Claude Tool Use Policy",
    "actions": ["read_file", "search_docs", "list_documents"],
    "resources": ["api://documents/*", "api://search/*"],
    "effect": "allow",
    "constraints": {
      "maxFileSizeBytes": 104857600,
      "maxSearchResults": 100,
      "allowedFormats": ["pdf", "txt", "docx"]
    }
  }'

Step 4: Issue an ACT Token

curl -X POST $ACT_BASE_URL/v1/tokens \
  -H "X-Api-Key: $ACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "agentId": "agent_123",
    "expiresIn": 3600
  }'

# Response: {"token": "eyJhbGc..."}

Step 5: Wrap Claude Tools with ACT Validation

Create tool wrappers that validate with ACT before execution:

import anthropic
import requests
from uuid import uuid4

ACT_API_KEY = "your_api_key"
ACT_BASE_URL = "https://api.acttokens.com"
ACT_TOKEN = "token_from_step_4"

def validate_with_act(action, resource):
    """Validate tool use with ACT"""
    response = requests.post(
        f"{ACT_BASE_URL}/v1/enforce",
        headers={
            "X-Api-Key": ACT_API_KEY,
            "Content-Type": "application/json"
        },
        json={
            "requestId": str(uuid4()),
            "capabilityToken": ACT_TOKEN,
            "action": action,
            "resourceId": resource,
            "tenantId": "default-tenant",
            "context": {}
        }
    )
    result = response.json()
    return result["decision"] == "allowed"

# Define tools for Claude
tools = [
    {
        "name": "read_file",
        "description": "Read the contents of a file",
        "input_schema": {
            "type": "object",
            "properties": {
                "file_path": {
                    "type": "string",
                    "description": "Path to the file to read"
                }
            },
            "required": ["file_path"]
        }
    },
    {
        "name": "search_documents",
        "description": "Search documents for keywords",
        "input_schema": {
            "type": "object",
            "properties": {
                "query": {
                    "type": "string",
                    "description": "Search query"
                }
            },
            "required": ["query"]
        }
    }
]

# Tool execution with validation
def read_file(file_path):
    if not validate_with_act("read_file", f"api://documents/{file_path}"):
        return "File read not permitted by policy"
    
    with open(file_path, 'r') as f:
        return f.read()

def search_documents(query):
    if not validate_with_act("search_docs", "api://search/documents"):
        return "Search not permitted by policy"
    
    # Perform search
    return f"Search results for: {query}"

# Use Claude with tool use
client = anthropic.Anthropic()

response = client.messages.create(
    model="claude-3-opus-20240229",
    max_tokens=1024,
    tools=tools,
    messages=[
        {
            "role": "user",
            "content": "Read the file at docs/report.txt and summarize it"
        }
    ]
)

# Process tool calls
for block in response.content:
    if block.type == "tool_use":
        tool_name = block.name
        tool_input = block.input
        
        if tool_name == "read_file":
            result = read_file(tool_input["file_path"])
        elif tool_name == "search_documents":
            result = search_documents(tool_input["query"])
        else:
            result = "Unknown tool"
        
        print(f"Tool: {tool_name}, Result: {result}")

Step 6: Run Your Claude Agent

# Claude will use tools only if they pass ACT validation
# All tool calls are logged and auditable

Example Use Cases

✅ Document Processing Assistant

Policy: Read documents, extract data, no deletion

actions: ["read_file", "list_files"]
resources: ["api://documents/*"]
constraints: { 
  maxFileSizeBytes: 100MB,
  allowedFormats: ["pdf", "docx", "txt"]
}

✅ Code Analysis Tool

Policy: Read source code, analyze, provide feedback

actions: ["read_file", "list_repository"]
resources: ["api://repositories/*"]
constraints: { 
  readOnly: true,
  allowedLanguages: ["python", "javascript", "go"]
}

✅ Research Assistant

Policy: Search knowledge base, retrieve documents, summarize

actions: ["search_docs", "read_file", "list_files"]
resources: ["api://knowledge_base/*"]
constraints: { 
  maxSearchResults: 100,
  maxFilesPerRequest: 10
}

Best Practices

  • Always validate before tool execution: Call ACT before executing any tool, even if Claude is "being careful"
  • Use short-lived tokens: Issue ACT tokens with 1-hour expiration and refresh as needed
  • Be specific with resources: Use precise resource paths (e.g., api://documents/public/* not api://*) to limit scope
  • Enforce file size limits: Set maxFileSizeBytes constraints to prevent resource exhaustion
  • Monitor tool usage: Review ACT audit logs to detect unusual patterns or abuse
  • Test tool interactions: Thoroughly test Claude's tool use behavior before production

Troubleshooting

Claude's tool calls are being blocked

Solution: Verify your policy includes the action and resource Claude is trying to access. Check ACT audit logs for the specific error.

Token validation failures

Solution: Ensure your token is not expired. Implement automatic token refresh every hour.

Claude isn't using tools

Solution: This might indicate all tool calls are being blocked. Start with a permissive policy and gradually add constraints.

Next Steps

📖 API Reference

Full REST API documentation

📊 View Audit Logs

Monitor Claude's tool usage

🦜 LangChain Integration

Secure LangChain agents

📝 Read Blog

AI security best practices