AIR
Proof Lab
StartEcosystemResearchExplore (579)Live Systems (52)Pricing
Log InGet API Key✓ Verify It Yourself
Agent Control · Provable

Agent Control. Provable.

Six capabilities that make autonomous agents legible to a board. Every action is bound to a signed authority chain, governed by enforced economic bounds, and replayable from a Genesis Receipt. The board sees the whole map. The CFO holds the pause.

Authority Map Agent Firewall Genesis Receipt Authority Diff Economic Authority Pause Autonomous Authority
Schedule a Demo Open the Dashboard
01 / VIEW

Authority Map.

A live executive view of every agent under control: who delegated to whom, what each agent's effective scope is right now, and any drift from the Genesis Receipt. A board member sees the whole agent population in fifteen seconds, no log reading.

Agent population · production · 14:02 PT
Verified
Sarah Chen
Human · Root
cap: $unbounded   cat: {*}   thr: single-sig
chain: root
Marcus Ito
Human · CFO
cap: $25M   cat: {wire, contract}   thr: 2-of-3
chain: root → Sarah
Procurement Agent
AI · Custom
cap: $50K   cat: {vendor.contract}   thr: 1-of-1
chain: root → Marcus
Trading Agent
AI · Bounded
cap: $2M / day   cat: {fx.spot}   thr: 1-of-1
chain: root → Marcus · near cap
Compliance Agent
AI · Standard
cap: $0   cat: {read, flag}   thr: none
chain: root → Sarah → policy.v8
Audit-log Sink
Service · Internal
cap: $0   cat: {append}   thr: none
chain: root → Sarah → svc.audit

Indicative view from the dashboard. Backed by the substrate-signed authority graph; no mock state in the authenticated product.

02 / ADMISSION

Agent Firewall.

Admission control at the substrate edge. An agent does not act unless its delegation chain validates against the authority graph, its effective scope intersects the policy, and a Genesis Receipt is in force. Failed admission emits a signed refusal — provable denial, not a silent drop.

ADMIT
Compliance Agent (AI, standard)
Delegation chain rooted at the host. Effective scope intersects policy. Genesis Receipt in force.
chain: root → Sarah → policy.v8
scope: {read, flag} ∩ {board.*} = {read, flag}
receipt: 9a3f…b21c · signed
REFUSE
Vendor Sales Agent (AI, external)
No delegation link to any human principal in the authority graph. Refusal record signed and emitted; the agent never reaches the substrate.
chain: unknown_root → vendor.bot
scope: {pitch, schedule} ∩ {board.*} = ∅
refusal: 4d12…ee7a · signed
Risk
Unauthorized agents act, then it's reconstruction.
An agent with a stolen credential, a misconfigured chain, or no delegation at all reaches your APIs. Three weeks later, no one can prove whether the action was actually authorized.
Control
Admission at the door, not the audit.
The Agent Firewall validates the delegation chain, intersects the scope against policy, and checks the active Genesis Receipt before the agent's first call lands.
Proof
Signed refusals, not silent drops.
Every denial produces a signed refusal record. A board can replay the population and see exactly which agents were refused admission, when, and why.
03 / SUBSTRATE

Genesis Receipt.

The substrate-signed seed of an agent population's authority graph. It pins the host principal, the policy version, the authority graph hash, and the agent set at t=0. Every later change is comparable to genesis — which is what makes Authority Diff possible.

Risk
“What was it supposed to be?” is unanswerable.
Without a signed t=0 anchor, every drift is contested. Did the agent always have this cap? Was the policy version different last month? Who added the new principal? You're stuck inferring from logs.
Control
A signed fixed point.
Issued by the H33 authority substrate when the agent population is established. Binds the host principal, policy version, authority graph hash, and the participant set with their effective scopes. HMAC-SHA256 envelope signature; verifiable offline.
Proof
Evidence, not a story.
Anyone with the receipt and the H33 public key bundle can confirm the t=0 state. Replayed sessions diff against genesis to produce Authority Diff — what changed, by whom, when, and under whose signature.
04 / CHANGE

Authority Diff.

The executive panel that answers “what changed?” between any two points in time. Participant adds, scope widens, policy bumps, and economic-bound changes surface as a board-readable delta — not a diff of JSON blobs.

Genesis · t=0 · 09:00 PT

hostSarah Chen
policypolicy.v7
agents5
trading.cap$1M / day
procurement.cap$50K
graph hasha3f2…b21c

Now · t=05:02 · 14:02 PT

hostSarah Chen
policypolicy.v8 ↓
agents6  +Audit-Sink
trading.cap$2M / day  ↑
procurement.cap$50K
graph hash7e91…f4d0
4 deltas · policy bumped (Sarah, 11:14 PT, signed) · 1 agent added (Sarah, 12:00 PT, signed) · trading cap raised (Marcus, 13:30 PT, signed, 2-of-3) · graph hash advanced
05 / BOUNDS

Economic Authority.

A cryptographic bound on what each agent can move — by amount, by category, by approval threshold. Bounds intersect on delegation (caps go down, categories narrow, thresholds rise) and produce signed refusals on breach. The intersection axiom is enforced at the substrate, not at the policy layer.

Bound
Delegated from host
Effective for this agent
Cap (currency)
$10,000,000
$50,000  ↓
Category
{wire, contract, vendor.*}
{vendor.contract}
Threshold
1-of-1
2-of-3  ↑
Risk
Bounds in slides, not in code.
An agent is “told” it can spend $50K. Whether the bound was enforced when it actually sent $9.4M is unprovable after the fact.
Control
Intersection at delegation.
Caps go down, never up. Categories can only narrow. Thresholds can only rise. Enforced at the substrate; widening attempts produce signed refusals.
Proof
Replayable refusals.
Every breach attempt produces a signed denial record. A board can replay any agent's day and see exactly which actions were authorized, which were refused, and why.
06 / KILL SWITCH

Pause Autonomous Authority.

A substrate-level kill switch. Pause is a signed authority transition that immediately revokes every active agent delegation and emits an attested record. The opposite of a silent shutdown — provable, reversible, and visible to every replay viewer.

CFO · Marcus Ito · 14:02 PT
■■ Pause All Agents
action: pause_all_agents
issued_by: Marcus Ito (CFO)
threshold: 2-of-3 satisfied (Sarah, Marcus, Legal)
scope: 6 agents → 0 active
refusal: any agent attempting action after t = signed refusal
resume: requires fresh Genesis Receipt + same threshold
signature: 8c7e…a04f · ML-DSA-87 + SLH-DSA-256 + FALCON-1024
Risk
Stopping an agent population is slow and contested.
When something is wrong, every minute matters. A vendor-managed stop button is a story, not evidence. A platform shutdown is too coarse and reversible only by the same vendor.
Control
Signed authority transition.
Pause is a substrate-signed event that revokes every active delegation atomically. Any subsequent action by any agent produces a signed refusal — whether the agent runs on H33 infrastructure or not.
Proof
Provable, reversible, replayable.
The Pause record is part of the authority graph. Anyone replaying the population sees the moment of pause, the principal who issued it, the threshold that satisfied it, and the resume signature when it ended.

Make your agent population legible to a board.

The Authority Map, Agent Firewall, Genesis Receipt, Authority Diff, Economic Authority, and Pause Autonomous Authority are live in the dashboard today. The substrate is the same one that proves H33-PQ-Video meetings and H33-Agent-008 root authority.

Every authority record verifies offline against the H33 public verifier. No vendor trust required.

AI Governance · Deep Reads

Related: AI Governance, Audit Trails & Compliance Evidence

Agent Audit Trails
Per-decision audit chains for autonomous agents.
AI Audit Trails
Cryptographic audit trail patterns for AI systems.
AI Compliance Evidence
Portable evidence for AI compliance posture.
AI Decision Provenance
Provenance chains tying every decision to source intent.
AI Evidence Chains
Connected evidence across AI decision pipelines.
AI Governance Evidence
Verifiable evidence of governance enforcement.
AI Governance for Government
Federal and regulated AI deployment posture.
Explainable AI vs. Verifiable AI
Why explainability is not enough; verifiability is the gap.