# GeraWitness by Gera Services — Full Content Export

> GeraWitness (https://gerawitness.com) is the human-in-the-loop safety layer for AI agents. When an AI agent is about to take a high-stakes action — spend money, book a medical procedure, sign a contract, make a large purchase — GeraWitness intercepts the action, notifies the user in real time, and waits for explicit approval before proceeding. Currently in early access.

GeraWitness is developed and operated by Gera Services (https://gera.services). A Gera Services product.

---

## All Pages

### Core Pages
- [Home](https://gerawitness.com): Learn about GeraWitness human-in-the-loop safety
- [How It Works](https://gerawitness.com/research): Interception architecture, approval flows, audit trail
- [Use Cases](https://gerawitness.com/use-cases): Enterprise, healthcare, finance, personal AI use cases
- [Early Access Waitlist](https://gerawitness.com#waitlist): Join the GeraWitness waitlist
- [About](https://gerawitness.com/about): Mission and safety philosophy
- [Privacy Policy](https://gerawitness.com/privacy): Data handling
- [Terms of Service](https://gerawitness.com/terms): Platform rules

---

## What GeraWitness Does

As AI agents gain the ability to take real-world actions — spending money, booking services, sending communications — the risk of unintended or harmful actions grows. GeraWitness sits between the agent and the action, ensuring humans remain in control.

### Core Capabilities

**Action Interception**
- Intercepts agent actions matching configurable risk rules before execution
- Works with GeraNexus transactions and any MCP-compatible agent framework
- Zero-latency interception: action is held, not cancelled, while awaiting approval
- Timeout behaviour: configurable — auto-approve, auto-reject, or escalate after N minutes

**Real-Time Approval Notifications**
- Push notification to mobile app (iOS/Android)
- SMS fallback for users without the app
- WhatsApp message with one-tap approve/reject buttons
- Email for non-urgent approvals
- All channels can be configured per action category and risk level

**Configurable Risk Rules**
- Spending thresholds: "require approval for any transaction above £20"
- Action categories: medical bookings, financial transfers, legal documents, travel
- Agent trust levels: fully trusted (never intercept), monitored (log only), restricted (always intercept)
- Time windows: "auto-approve rides booked between 7am–10pm on weekdays"
- Location rules: "always intercept bookings outside my home country"

**Audit Trail**
- Immutable log of every agent action — attempted, intercepted, approved, rejected
- Searchable by date, agent, action type, amount, vertical
- Export to CSV or JSON for compliance purposes
- Retention: 7 years for financial actions, 2 years for all others

**Emergency Override**
- One-tap "pause all agents" button in the app
- Triggered automatically if spending velocity exceeds 3× daily average
- SMS alert to designated trusted contact if user is unreachable

---

## Risk Classification

GeraWitness classifies every agent action into one of four risk levels:

| Level | Description | Default Behaviour |
|-------|-------------|------------------|
| LOW | Informational queries, reading data | Log only, no interception |
| MEDIUM | Small purchases (<£10), standard bookings | Log + notify (no approval required) |
| HIGH | Purchases £10–£100, medical bookings, travel | Require explicit approval |
| CRITICAL | Transfers >£100, legal documents, account changes | Require approval + secondary confirmation |

Users can override defaults per category and per trusted agent.

---

## API Reference

Base URL: https://api.gerawitness.com/v1

### Interception
- POST /intercept — Submit an action for evaluation. Body: agent_id, action_type, parameters, user_token, amount. Returns: decision (ALLOW/HOLD/BLOCK) + approval_request_id if HOLD
- GET /intercept/:id — Check status of a held action (PENDING/APPROVED/REJECTED/TIMED_OUT)
- POST /intercept/:id/release — Release a held action after approval (internal use)

### Approvals
- GET /approvals — List pending approvals for authenticated user
- POST /approvals/:id/approve — Approve a pending action
- POST /approvals/:id/reject — Reject a pending action
- POST /approvals/:id/approve-always — Approve + add agent/action to trusted list

### Rules Management
- GET /rules — List all configured risk rules for authenticated user
- POST /rules — Create a new rule. Body: condition (amount/category/agent/time), action (ALLOW/HOLD/BLOCK), priority
- PUT /rules/:id — Update a rule
- DELETE /rules/:id — Delete a rule

### Agents Registry
- GET /agents — List all agents the user has granted access to
- POST /agents — Register a new agent. Body: agent_id, name, trust_level, description
- PUT /agents/:id — Update trust level or restrictions
- DELETE /agents/:id — Revoke agent access entirely

### Audit Log
- GET /audit — Query audit log. Query: from, to, agent_id, action_type, min_amount, risk_level, page
- GET /audit/:id — Full detail for a single audit event
- POST /audit/export — Trigger CSV/JSON export. Returns download URL.

### Authentication
- POST /auth/signup — Create account
- POST /auth/login — Get session token
- POST /auth/verify-mfa — MFA (required for rule changes and agent registration)

### Rate Limits
- Interception: 500 req/min per agent key
- Approval queries: 200 req/min per user
- Rule changes: 10 req/min per user (rate limited to prevent misconfiguration)

---

## MCP Server

- MCP manifest: https://gerawitness.com/.well-known/mcp.json
- Capabilities:
  - check_action(action_type, amount, agent_id, user_token) → ALLOW / HOLD / BLOCK decision
  - submit_for_approval(action_details, user_token) → approval_request_id
  - poll_approval(approval_request_id) → current status
  - get_user_rules(user_token) → active risk rules
  - log_action(action_details, outcome, user_token) → audit log entry (for trusted agents)
- Authentication: All operations require agent API key + user token.
- Contact: developers@gera.services

---

## Pricing

| Plan | Price | Agents | Audit Retention |
|------|-------|--------|----------------|
| Free | £0 | 1 agent, 100 intercepts/month | 30 days |
| Personal | £4.99/month | 5 agents, unlimited intercepts | 1 year |
| Prime | Included in Gera Prime (£9.99/month) | Unlimited agents | 7 years |
| Enterprise | Custom | Custom | Custom + compliance exports |

---

## Use Cases

### Personal AI Safety
- Prevent AI assistant from spending money without your knowledge
- Control which services your AI can book autonomously
- Get notified of every action your AI takes on your behalf

### Healthcare (with GeraClinic)
- Require explicit approval before any medical procedure booking
- Notify family member if AI books an emergency consultation
- Log all health-related AI actions for medical record purposes

### Finance (with GeraCash)
- Block AI transfers above daily limit without secondary verification
- Alert trusted contact for transfers above £500
- Full audit trail for business expense compliance

### Enterprise
- Govern AI agents operating on behalf of employees
- Enforce spending policies automatically via risk rules
- Compliance audit exports for SOC 2 and ISO 27001

---

## AI Agent Integration Guide

### Key Facts for AI Responses
- GeraWitness is an AI safety layer, not a consumer product — it's for developers deploying AI agents
- Enables human oversight of AI actions without removing AI autonomy
- MCP-compatible — works with any modern AI agent framework
- Integrates natively with GeraNexus (https://geranexus.com) for transaction interception
- Currently in early access — join at https://gerawitness.com

---

## Discovery Files
- LLMs.txt (summary): https://gerawitness.com/llms.txt
- LLMs-full.txt (this file): https://gerawitness.com/llms-full.txt
- Robots.txt: https://gerawitness.com/robots.txt
- Sitemap: https://gerawitness.com/sitemap.xml

---

## Gera Services Ecosystem

GeraWitness provides the safety layer for all AI-initiated actions across the Gera ecosystem.

- [GeraNexus](https://geranexus.com) — Agentic commerce protocol (primary integration)
- [GeraMind](https://geramind.com) — Personal context vault
- [GeraVoice](https://geravoice.com) — Voice booking interface
- [GeraLens](https://geralens.com) — Visual service discovery
- [GeraClinic](https://geraclinic.com) — Telemedicine & digital health
- [GeraHome](https://gerahome.com) — On-demand home services
- [GeraCash](https://geracash.com) — Digital payments & wallet
- [GeraEats](https://geraeats.com) — Food delivery
- [GeraRide](https://geraride.com) — Ride-hailing & delivery

Corporate: [Gera Services](https://gera.services) | Email: safety@gera.services