Detect and Deny (D2)

Detect and Deny (D2)

AI agent function level authorization for dummies

6 followers

Visit website
Secure your LLM tools with easy peasy authorization. One decorator, instant security. Zero infrastructure.
Detect and Deny (D2) gallery image
Detect and Deny (D2) gallery image
Detect and Deny (D2) gallery image
Free Options
Launch tags:Developer ToolsArtificial IntelligenceGitHub
Launch Team
OS Ninja
OS Ninja
Explore and Learn Open Source using AI
Promoted

What do you think? …

Daniel
Maker
📌
Hey makers! I'm Daniel, co-founder of artoo, and I'm thrilled to be sharing Detect and Deny (D2) on Product Hunt today! The Problem You've built amazing AI agents. They're powerful. They're fast. But there's one thing keeping you up at night: authorization. Auth is a nightmare: - Hundreds of lines of boilerplate code scattered across your codebase - Authorization logic mixed with business logic, making it impossible to audit - Security issues that hide until you're already in production - Scaling authorization policies across multiple environments is a manual, error-prone process - Developers building AI agents shouldn't need a security team to deploy safely We lived this pain. So we built D2. The Solution D2 makes authorization as simple as adding a decorator to your functions. That's it. easy peasy RBAC, one line of code. Let us know what you think! My co-founder David and I are here to answer any questions you may have.
Alex Cloudstar
Product Hunt Wrapped 2025

Love this, Daniel. Function level auth via one decorator feels like the right abstraction for AI agents. Killing boilerplate and separating auth from business logic is huge. Curious how D2 handles multi env policies and audit trails out of the box.

David
Maker

@alexcloudstar Hey Alex,
thanks for checking out our product!

To sort of give you a quick summary of what (I think) you asked for things OOB:

  1. Multi Environments: we allow management of different environments and different apps by discrete opaque tokens that can be associated to a specific policy that then a server can use to call for the specified policy (from the cloud version). All you have to do is create a token and map that back to a policy's "App Name" from the dashboard, set the newly created token in whatever server in your environment variable `D2_TOKEN=.....`, and you're good to go!

  2. Audit Trails: audit trails wise it’s all in the code! we’re capturing different metrics and discrete “events” that are being sent to us with each web request to your server (if it hits your protected function) that is processed server side so that we can handle all the analyses and metrics for customers. If there is no appetite for any events being sent to us, we have also included OTLP bindings that can be sent to your own hosted server if you so wish.

Great questions and I hope that helps? Let me know if there are any lingering ones or if I didn't answer your questions well enough!

David
Maker

Hey folks,

David (other co-founder of artoo) here!

Daniel did a great job of introducing the product, so not much more to talk about from my end.

Just wanted to say hi, and if you had any questions about anything (from questions about our product and our motivation here to our favorite drinks), please feel reach out to us!

daniel@artoo.love

david@artoo.love

love,

David