Overview of Use Cases

Iron Book's flexible framework supports a wide range of use cases, including beyond just AI agents.

This is a unified, trust-based control plane for non-human identities: AI agents, bots, NHIs, automations, MCP servers, and service accounts.

Instead of scattering credentials, allowlists, and custom checks across apps, Iron Book centralizes them into verifiable agent identities (DIDs) with cryptographically verifiable credentials (VCs), capability-based access control (CapBAC), one-shot zero trust tokens, behavioral trust scoring, open policies (Rego/OPA), and tamper-evident audit logs.

The result is a single, consistent trust and authorization layer you can apply anywhere the agent or any other NHI runs and to anything it wants to do.

Uniform Independent Trust Control Plane

Iron Book’s architecture is environment-agnostic. Whether your workloads live in a hyperscaler (AWS, Azure, GCP), private cloud, on-prem, air-gapped networks, or at the edge, you can enforce the same policy logic and trust thresholds at request time, complete with auditability and behavioral trust enforcement throughout.

Iron Book plays nicely with the stack you already have:

It complements IAM/IdP (SAML/OIDC) by focusing on the agent and its capabilities, not the human user.
Augments service meshes, secrets managers, and CI/CD gates by supplying verifiable, per-request authorization with precise and highly customizable business context (consent flags, spend limits, device posture, time windows, regions, rate limits, etc.).
MCP tools, RPA bots, LLM agents, and microservices all speak the same trust language, so guardrails are portable across teams, languages, and runtimes.

Use Cases

Below is a list of just some of the use cases we support. If you don't see your use case listed, contact us at [email protected] to discuss your requirements and we can help you get started.

PII-Aware Support Copilot (read-only, least privilege)

Reduce breach risk and audit scope while speeding ticket resolution (right data, right time), with automatic logs for compliance review.

Trading Bot Guardrails (spend limits + trust-based floor)

Enforce risk limits and auditability without slowing algo execution and reduce compliance workload via immutable audit and action-level logs.

Consent-Aware Marketing Automation

Reduce spam and legal risk while protecting sender reputation; clean audits of every send.

Data Export Firewall (block risky exfiltration)

Prevent inadvertent data leaks while preserving analyst velocity.

CI/CD Deployment Agent (prod gate with evidence)

Cut change failures by enforcing gates consistently across teams; give auditors one source of truth.

RPA Invoice Processor (write to ERP + safe bounds)

Slash manual AP effort while preventing overpayments and ensuring auditability.

Healthcare PHI Query Bot (HIPAA guardrails)

Enable safe analytics while reducing PHI exposure and simplifying audits.

MCP Tooling Control for Developer Environments

Prevent accidental destructive tooling use; enforce change windows; create clean audits.

Implementation Notes (applies to all use cases)

Install the SDK

# Python
pip install ironbook-sdk
# Node
npm install @identitymachines/ironbook

Initialize the client

Python: client = IronBookClient(api_key="your-api-key")
Node: const client = new IronBookClient({ apiKey: 'your-api-key' });

Both SDKs expose registerAgent, getAuthToken, uploadPolicy, and policyDecision.

One-shot / short-lived tokens

The client acquires narrow, short-lived tokens per call, aligned with Iron Book’s agent-centric zero-trust model. Treat each token as single-purpose within your request flow; re-acquire for the next action.
Iron Book

Behavioral trust in decisions

input.trust is evaluated alongside capabilities and context, enabling risk-adaptive control (e.g., raise thresholds during incidents).
Iron Book

Audit logs

All decisions/actions are logged with DID, resource, action, outcome, and more. You can view them in your Iron Book Portal for all entities, or browse a particular entity's log (by clicking on the respective agent record).