Automatic Identity
Users are identified by their WhatsApp phone number or Telegram account automatically, from the connection. No one types their name. No one can impersonate another user. The AI never decides who is talking.
Identity Gate for AI Agent Gateways
Secure AI agents for WhatsApp and Telegram.
Cirith is a middleware layer between your messaging channels and your business systems. It verifies who is talking from the connection, checks what they are allowed to do, and records every action before the AI can touch your data.
tl;dr
- The system identifies who is messaging based on their WhatsApp or Telegram connection. No one types their name. No one can pretend to be someone else.
- Each user has a role (employee, admin, superadmin). The system only shows them the actions their role permits, before the AI even processes the request.
- Every operation is logged with who did it, what they did, and when. Your database is only accessed through a secure layer, never directly by the AI.
This is for you if...
- Service businesses deploying WhatsApp or Telegram agents that handle payroll, scheduling, or inventory data
- Teams that need employee-level time tracking via messaging without risking cross-user data exposure
- Operations requiring a provable audit trail showing exactly who authorized every AI-assisted action
0 Identity spoofing incidents100% Database isolation3 tiers Role-based access control18+ Business operations supported
The problem
One clever message is all it takes to bypass AI-level security.
01
An employee asks 'show me everyone's hours' and the agent complies, because the restriction was just a line in the AI's instructions that can be talked around.
02
In a WhatsApp group, the agent confuses who sent the message and logs hours under the wrong employee profile.
03
A contractor discovers they can see admin-level financial data by rephrasing their request. The AI interprets intent, it does not enforce rules.
04
After a data incident, you cannot prove which user authorized the action. The AI modified the database directly with no actor trail.
The core differentiator
Security built into the system, not into the AI's instructions.
Most AI agent setups try to protect data with prompts. Cirith protects data with architecture. Unauthorized requests are blocked before the AI sees them, and the AI only gets the tools the current user is allowed to use.
Why this matters
- Identity comes from the connection. Security comes from the server. The AI only sees what the user's role allows.
Typical AI Agent Setup
1
Agent guesses who is talking based on conversation. Easy to impersonate.
2
Security rules written in the AI's instructions. Can be bypassed by clever phrasing.
3
AI connects directly to your database. One mistake corrupts real data.
4
No reliable record of who authorized what. The AI doesn't self-report accurately.
Cirith Architecture
✓
Identity verified from the WhatsApp or Telegram connection. Impossible to fake.
✓
Permissions enforced by the server. Unauthorized requests are blocked before the AI sees them.
✓
Database completely isolated from the AI. All operations go through a secure checkpoint.
✓
Every action logged with who, what, and when. Tamper-proof and complete.
Technical implementation note
Cirith converts all business operations into a standard format. Your backend (payroll, scheduling, inventory) plugs in as a module. The same backend works with WhatsApp and Telegram without changes. Adding a new messaging channel means writing one identity resolver, not rebuilding your business logic.
Architecture
How a message becomes a secure operation
Every message passes through 4 checkpoints before it touches your data. Here is the exact flow, from the moment a user sends a message to the moment the result appears in their chat.
cirith-identity-gate / request-flow
WhatsApp / Telegram
User sends a message
message
AI Agent Gateway
Hermes (Python) or OpenClaw (TypeScript)
before agent sees message
Identity Resolution
Reads WhatsApp LID or Telegram ID from connection, not user input
verified actor_id
Role Check (RBAC)
employee to admin to superadmin, tools scoped to role
Unauthorized? Blocked with 403. AI never sees the request.
authorized intent
Secure API
Validates and executes business logic
PostgreSQL
Only the API connects. Never the AI.
Audit Log
Who, what, when. Permanent record.
WhatsApp / Telegram
User sends a message
message
AI Agent Gateway
Hermes (Python) or OpenClaw (TypeScript)
before agent sees message
Identity Resolution
Reads WhatsApp LID or Telegram ID from connection, not user input
verified actor_id
Role Check (RBAC)
employee to admin to superadmin, tools scoped to role
Unauthorized? Blocked with 403. AI never sees the request.
authorized intent
Secure API
Validates and executes business logic
PostgreSQL
Only the API connects. Never the AI.
Audit Log
Who, what, when. Permanent record.
Security checkpoint
Blocked if unauthorized
External component
How it works
Message in. Identity verified. Action executed. Everything logged.
Step 01
Automatic Identity
Before the AI even sees the message, Cirith identifies the sender from their WhatsApp or Telegram connection data. On WhatsApp, it resolves the sender's account ID to their phone number. On Telegram, it reads the numeric user ID from the platform. No one types their name. No one can pretend to be someone else.
Step 02
Role Check & Tool Access
Once identified, the system checks the user's role (employee, admin, or superadmin). The AI only receives the tools that role is allowed to use. Employees see time-entry actions. Admins see financial tools. If the role doesn't have clearance, the tool simply doesn't exist for that session.
Step 03
Secure Execution & Audit
When the user triggers an action, it flows through a secure checkpoint that validates permissions again, executes the operation, and logs everything: who did it, what they did, the result, and the timestamp. If anything fails, the system blocks the request. No partial executions. No data exposure.
Features
What Cirith handles for you
Role-Based Permissions
Three levels: employee, admin, superadmin. Each role only sees the actions it's allowed to perform. Employees can't access rates or other people's data. The restriction happens at the server, not in the AI's instructions.
Database Isolation
Your data lives in PostgreSQL. The AI never connects to it directly. Every operation passes through a secure checkpoint that validates who is asking and whether they're allowed. If something goes wrong, the system blocks. It never leaks.
Complete Audit Trail
Every action is logged: who did it, what they did, the result, and the exact timestamp. The log is permanent and tamper-proof. After any incident, you can trace exactly what happened and who authorized it.
Admin Dashboard
A web interface where admins can view sessions, manage employee permissions, review audit logs, and override access when needed. Real-time visibility into what your agents are doing.
Works on WhatsApp and Telegram
Deploy agents on WhatsApp, Telegram, or both. The same backend handles everything. Adding a new messaging channel is a configuration change, not a rebuild. Your business logic stays the same.
FAQ
Common Questions
How does the system know who is messaging without asking them?
On WhatsApp, the system reads the sender's account ID from the encrypted connection and maps it to a phone number using session files. On Telegram, it reads the numeric user ID from the platform metadata. In both cases, identity comes from the connection itself, not from anything the user types. This makes impersonation impossible at the protocol level.
What stops a user from telling the AI to act as someone else?
The system ignores anything the user or AI says about identity. It only trusts the identifier provided by the messaging platform's server infrastructure. Even if a user says 'I am the admin' or the AI hallucinates a different identity, the server only accepts the verified connection data. The identity is set before the AI even processes the message.
What happens if something goes wrong, like an API down or user not found?
The system fails closed. If identity can't be verified, the AI receives zero tools and the user sees a safe error message. No business operations execute. No data is exposed. The system waits for recovery rather than guessing or falling back to an insecure path.
Can employees see other employees' data?
No. Every query is automatically scoped to the requesting user. When an employee asks for their hours, the system only returns their own records. This restriction is enforced at the database query level, not in the AI's instructions. An employee physically cannot retrieve another person's data regardless of how they phrase the request.
How does it handle WhatsApp group chats where multiple people share a thread?
Each message in a group carries the individual sender's identity. The system resolves each person independently and caches their identity separately, never under the shared group ID. Two employees in the same group chat are always treated as distinct users with their own permissions and data scope.
What business operations can it handle?
The production system supports 18+ operation types including time tracking, hour queries, invoice generation, payment management, employee rates, company profiles, and admin functions. All operations use the same security model: consistent identity verification, role checks, and audit logging regardless of complexity.
Ready to start
Your AI agents need real security, not instructions.
Book an architecture assessment. We'll review your current agent setup, identify where data is exposed, and show you how Cirith would work with your specific business operations.