← Back to IronWeft
Customer Integration

Zero unauthorized calls.
Provable by design.

How EverHomeCall uses IronWeft to ensure every AI-powered check-in call is authorized, scoped, and permanently audited before it reaches a recipient's phone.

Company EverHomeCall
Use Case AI voice agents, outbound calls
Integration IronWeft /authorize
Stack FastAPI · Retell AI · Twilio

The service

EverHomeCall delivers scheduled AI-powered calls to people who benefit from regular check-ins — seniors, independent living, injury recovery, and remote caregivers. Two AI agents handle the calls: Grace for daily check-ins, Jackson for twice-weekly wellness conversations. Both are powered by Retell AI and routed through Twilio to reach recipients.

The model is inherently high-stakes. A call that fires at the wrong time, to the wrong number, or from an agent operating outside its defined scope isn't just a product bug — it's a violation of trust with a vulnerable person. The system needed a way to make every call decision explicit, authorized, and provable.

The problem with "just log it"

Before IronWeft, the options for agent accountability were: log the call after it happened, or build ad hoc checks scattered through the application. Neither is the same as authorization. Logging tells you what happened. It doesn't stop something that shouldn't happen. Scattered checks are brittle — they drift, get skipped, and leave no centralized record.

"Your agent acted at 3am. Can you prove it was authorized — with a tamper-evident chain and a human sponsor — in seconds? Most teams can't."

For a service calling people in their homes, "we logged it" isn't good enough. The question families and regulators ask is: who authorized this call, and how?

The integration

Both Grace and Jackson are registered as named agents in IronWeft with scoped credentials. Each agent has a policy that limits the exact actions it's permitted to take — no agent can exceed its defined scope, regardless of what the application code requests.

Before any call fires, the EverHomeCall backend makes a single authorization request to IronWeft's /authorize endpoint. The call only proceeds if IronWeft approves it. The decision — along with the agent identity, initiator, timestamp, and scope — is written immediately to a hash-chained audit log.

1
Schedule triggers
EverHomeCall scheduler fires for a user's call window. Backend prepares the call parameters and initiator context.
2
Authorization request
Backend calls IronWeft /authorize with the agent credential, action, and initiator. IronWeft evaluates the policy.
3
Decision — allow or deny
If approved, the call proceeds to Retell AI → Twilio. If denied or the agent is suspended, the call is blocked and a webhook fires immediately.
4
Permanent audit entry
Every decision is written to the hash-chained audit trail. Tamper-evident — not just logged, provable.

What this enables

Unauthorized calls
Zero
Every call gated through IronWeft /authorize — no exceptions.
Audit coverage
100%
Every authorization decision — allow and deny — in a tamper-evident chain.
Rogue agent response
< 1s
Suspend an agent in IronWeft — all future calls blocked immediately, webhook fires.

The result is a call system where authorization is structural, not procedural. It doesn't rely on every developer remembering to add a check. The policy is enforced at the infrastructure level — the agent literally cannot fire without a valid authorization.

For caregivers and families, this matters. The service can demonstrate — with a cryptographically linked audit trail — exactly which agent made each call decision, what triggered it, and that no call was made outside its authorized scope.

Integration effort

The integration required a single API call per call event — no architectural changes, no separate audit database to maintain, no bespoke access-control logic to keep in sync with the rest of the application. IronWeft handles registration, credential issuance, policy evaluation, and audit logging as a service.

Register your agents, issue scoped credentials, and get a tamper-evident audit trail — in minutes.

Get Early Access