Skip to main content
When Inviolet approves an LLM tool call, it issues an intent token — a short-lived JWT containing the user, the purpose, the data elements approved, and a TTL. Every downstream system that touches data on behalf of that call verifies the intent token first.

Anatomy

{
  "iss": "inviolet",
  "sub": "user_2pX9...",
  "iat": 1714050000,
  "exp": 1714050300,
  "purp": {
    "id": "purpose_customer_support_lookup",
    "name": "Customer Support Lookup",
    "elements": [
      "customer.name",
      "customer.email",
      "customer.order_history"
    ]
  },
  "wid": "ws_acme",
  "jti": "intent_2pX9..."
}
The purp claim is the bit nothing else has. Standard JWTs have identity; intent tokens add purpose.

TTL

By default, intent tokens live for 5 minutes. The right TTL depends on:
  • Tool-call workflow — most LLM workflows complete in seconds; 5 min is generous
  • Background job — for batch work, declare a longer TTL on the purpose record
  • Human approval queue — the token only mints AFTER approval, so the TTL starts when the work begins
You configure per-purpose TTLs in the policy editor.

Where intent tokens get verified

SystemWhen
Inviolet database proxyEvery SQL query — column allowlist enforced
Vault credential brokerEvery credential issuance — credential TTL bounded by token TTL
Okta token hook (optional)Standard OIDC token gets a purp claim added
Custom resource serversVerify the JWT signature + check purp.elements

Verification — code example

import { verifyIntentToken } from "@inviolet/sdk"

async function readCustomer(token: string, customerId: string) {
  const claims = await verifyIntentToken(token)
  if (!claims.purp.elements.includes("customer.name")) {
    throw new Error("intent_token_missing_required_element")
  }
  // proceed with the query, scoped to the elements approved
}

What happens when a token expires

The downstream system rejects the request with a structured error. The gateway can either:
  • Re-mint by re-evaluating the original purpose against current policy (if the agent is still active)
  • Re-approve by routing back through the human approval queue
Either way, the expired-token state is auditable in the decision feed.