Ship product, not plumbing.

Account systems, developer access, event delivery, and agent workflows in one product layer.

pnpm add @wacht/nextjs

Use cases

Built for what you're building.

Different products need different surfaces, but they all need the same underlying model for people, tenants, permissions, and runtime behavior.

Built for AI Agents

Run agents inside your product boundary.

Carry product identity into every run

Bind each execution to the user, org, deployment, and session context that actually triggered it.

Attach tools, files, and MCP servers

Expose runtime tools, file access, and MCP server connections without letting agents drift across uncontrolled surfaces.

Keep workflows and approvals in-bounds

Run memory, workflow state, artifacts, and approval steps inside the same operational layer as auth and access.

Featured capabilities

Agent sessions

MCP servers

File access

Workflow memory

Start free Open console

Execution context

Bind each run to the user, org, and deployment that triggered it.

actor = user_42
org = northwind
deployment = prod-eu

Context verified

Policy checked

Lease issued

Tools and MCP

files.readmcp.lineartickets.reply

Workflow result

Approve refund and reply to customer

Reply drafted and queued for approval

Built for Identity

Make identity native to the product experience.

Own the sign-in surface

Support email, social login, passkeys, and recovery flows without handing the customer journey to another stack.

Control sessions and factors

Tune MFA, session rules, and verification requirements around how your product actually behaves.

Carry identity into runtime

Keep user, org, and session context attached to every request, workflow, and permission decision.

Featured capabilities

Passkeys

MFA

Social login

Sessions

Start free Open console

Sign-in methods

Email + Password

Default

Google

Enabled

Passkey

Available

Magic link

Optional

Session rules

Session length14 days

MFA challengeAdaptive

Runtime claims

user = user_42
org = northwind
session = verified

Built for Internal Tools

Secure internal tools without another stack.

Build internal apps fast

Ship staff dashboards, copilots, and admin tools on top of the same product identity model.

Secure humans and machines

Use SSO, M2M auth, and scoped credentials across staff tools, bots, and backend services.

Provision access automatically

Keep membership, entitlements, and access reviews in one control plane as teams evolve.

Featured capabilities

SSO

M2M auth

SCIM

Fine-grained auth

Start free Open console

Internal access control

Invite by name, team, or email

Angela

angela@acmeteam.com

Owner

Ben

ben@acmeteam.com

Editor

Tony

tony@acmeteam.com

Viewer

Aisha

aisha@acmeteam.com

Viewer

Provisioned internal apps

Admin panelSupport deskBillingOps console

Role policy

role = support_team
apps = ["admin", "tickets"]
sso = required

Built for B2B SaaS

Make customer access native to your SaaS.

Organizations and workspaces

Model customer teams, environments, and collaborative access without bolting it on after launch.

Enterprise controls

Handle invitations, delegated admin, and SSO policies with product-grade defaults.

Permissions as product

Keep roles, scopes, and feature entitlements close to the runtime surface they actually gate.

Featured capabilities

Organizations

Workspaces

Invitations

Role catalogs

Start free See pricing

Organization control plane

Organizations

NorthwindAcmeFutura

Workspace roles

AdminsAnalystsBillingSupport

Delegated admin

Allow customer-managed invitesEnabled

Customer invite

team@northwind.com

Workspace admin

Send invite

Permission matrix

ProjectsAEVBilling●●●Invites●●●Workspaces●●●

Built for API Products

Ship developer access without another control plane.

Issue keys and OAuth apps

Give developers API keys, OAuth apps, and machine access from the same product surface.

Gate requests at runtime

Check scopes, tenants, and rate limits before traffic reaches the API your customers actually use.

Deliver webhooks clearly

Send product events, track deliveries, and retry failures without stitching together separate systems.

Featured capabilities

API keys

OAuth apps

Gateway auth

Webhooks

Start free See pricing

Gateway auth

key check

scope check

rate limit

Webhook event

event.user.created

delivery.status = queued

Delivery log

hook_1291200

hook_1292retrying

Platform shape

Built as a practical product layer, not a narrow auth widget.

Most products end up rebuilding tenancy, request auth, event delivery, and runtime state in separate places. Wacht keeps those layers connected.

4 layers

Control plane, runtime, integrations, and operations working as one product model.

6 surfaces

Identity, orgs, API auth, webhooks, notifications, agents, and SDKs in one framework.

Prebuilt UI

Use the actual UI surface, not a starter template.

Sign-in, consent, tenancy, and account flows all come ready to embed, with the product logic already wired in behind them.

Registration and onboarding

Component set

Click through the shipped UI pieces and the viewport shifts across the real product collage.

“

”

From teams shipping with Wacht

We ditched Clerk for Wacht and it turned out to be one of the best decisions we made. It is simple, comprehensive, flexible where it matters, and the DX is exactly what we wanted while building InboxDoctor.

Sumith Bangarwa

InboxDoctor

Get started

Build AI-first products on one complete platform.

Start with a solid account and access layer, then grow into developer auth, delivery flows, and runtime automation on the same foundation.

Start free Documentation