Six capabilities that make autonomous agents legible to a board. Every action is bound to a signed authority chain, governed by enforced economic bounds, and replayable from a Genesis Receipt. The board sees the whole map. The CFO holds the pause.
A live executive view of every agent under control: who delegated to whom, what each agent's effective scope is right now, and any drift from the Genesis Receipt. A board member sees the whole agent population in fifteen seconds, no log reading.
Agent population · production · 14:02 PT
Verified
Sarah Chen
Human · Root
cap: $unbounded cat: {*} thr: single-sig
chain: root
Marcus Ito
Human · CFO
cap: $25M cat: {wire, contract} thr: 2-of-3
chain: root → Sarah
Procurement Agent
AI · Custom
cap: $50K cat: {vendor.contract} thr: 1-of-1
chain: root → Marcus
Trading Agent
AI · Bounded
cap: $2M / day cat: {fx.spot} thr: 1-of-1
chain: root → Marcus · near cap
Compliance Agent
AI · Standard
cap: $0 cat: {read, flag} thr: none
chain: root → Sarah → policy.v8
Audit-log Sink
Service · Internal
cap: $0 cat: {append} thr: none
chain: root → Sarah → svc.audit
Indicative view from the dashboard. Backed by the substrate-signed authority graph; no mock state in the authenticated product.
02 / ADMISSION
Agent Firewall.
Admission control at the substrate edge. An agent does not act unless its delegation chain validates against the authority graph, its effective scope intersects the policy, and a Genesis Receipt is in force. Failed admission emits a signed refusal — provable denial, not a silent drop.
ADMIT
Compliance Agent (AI, standard)
Delegation chain rooted at the host. Effective scope intersects policy. Genesis Receipt in force.
chain: root → Sarah → policy.v8 scope: {read, flag} ∩ {board.*} = {read, flag} receipt: 9a3f…b21c · signed
REFUSE
Vendor Sales Agent (AI, external)
No delegation link to any human principal in the authority graph. Refusal record signed and emitted; the agent never reaches the substrate.
Unauthorized agents act, then it's reconstruction.
An agent with a stolen credential, a misconfigured chain, or no delegation at all reaches your APIs. Three weeks later, no one can prove whether the action was actually authorized.
Control
Admission at the door, not the audit.
The Agent Firewall validates the delegation chain, intersects the scope against policy, and checks the active Genesis Receipt before the agent's first call lands.
Proof
Signed refusals, not silent drops.
Every denial produces a signed refusal record. A board can replay the population and see exactly which agents were refused admission, when, and why.
03 / SUBSTRATE
Genesis Receipt.
The substrate-signed seed of an agent population's authority graph. It pins the host principal, the policy version, the authority graph hash, and the agent set at t=0. Every later change is comparable to genesis — which is what makes Authority Diff possible.
Risk
“What was it supposed to be?” is unanswerable.
Without a signed t=0 anchor, every drift is contested. Did the agent always have this cap? Was the policy version different last month? Who added the new principal? You're stuck inferring from logs.
Control
A signed fixed point.
Issued by the H33 authority substrate when the agent population is established. Binds the host principal, policy version, authority graph hash, and the participant set with their effective scopes. HMAC-SHA256 envelope signature; verifiable offline.
Proof
Evidence, not a story.
Anyone with the receipt and the H33 public key bundle can confirm the t=0 state. Replayed sessions diff against genesis to produce Authority Diff — what changed, by whom, when, and under whose signature.
04 / CHANGE
Authority Diff.
The executive panel that answers “what changed?” between any two points in time. Participant adds, scope widens, policy bumps, and economic-bound changes surface as a board-readable delta — not a diff of JSON blobs.
A cryptographic bound on what each agent can move — by amount, by category, by approval threshold. Bounds intersect on delegation (caps go down, categories narrow, thresholds rise) and produce signed refusals on breach. The intersection axiom is enforced at the substrate, not at the policy layer.
Bound
Delegated from host
Effective for this agent
Cap (currency)
$10,000,000
$50,000 ↓
Category
{wire, contract, vendor.*}
{vendor.contract}
Threshold
1-of-1
2-of-3 ↑
Risk
Bounds in slides, not in code.
An agent is “told” it can spend $50K. Whether the bound was enforced when it actually sent $9.4M is unprovable after the fact.
Control
Intersection at delegation.
Caps go down, never up. Categories can only narrow. Thresholds can only rise. Enforced at the substrate; widening attempts produce signed refusals.
Proof
Replayable refusals.
Every breach attempt produces a signed denial record. A board can replay any agent's day and see exactly which actions were authorized, which were refused, and why.
06 / KILL SWITCH
Pause Autonomous Authority.
A substrate-level kill switch. Pause is a signed authority transition that immediately revokes every active agent delegation and emits an attested record. The opposite of a silent shutdown — provable, reversible, and visible to every replay viewer.
CFO · Marcus Ito · 14:02 PT
■■ Pause All Agents
action: pause_all_agents issued_by: Marcus Ito (CFO) threshold: 2-of-3 satisfied (Sarah, Marcus, Legal) scope: 6 agents → 0 active refusal: any agent attempting action after t = signed refusal resume: requires fresh Genesis Receipt + same threshold signature: 8c7e…a04f · ML-DSA-87 + SLH-DSA-256 + FALCON-1024
Risk
Stopping an agent population is slow and contested.
When something is wrong, every minute matters. A vendor-managed stop button is a story, not evidence. A platform shutdown is too coarse and reversible only by the same vendor.
Control
Signed authority transition.
Pause is a substrate-signed event that revokes every active delegation atomically. Any subsequent action by any agent produces a signed refusal — whether the agent runs on H33 infrastructure or not.
Proof
Provable, reversible, replayable.
The Pause record is part of the authority graph. Anyone replaying the population sees the moment of pause, the principal who issued it, the threshold that satisfied it, and the resume signature when it ended.
Make your agent population legible to a board.
The Authority Map, Agent Firewall, Genesis Receipt, Authority Diff, Economic Authority, and Pause Autonomous Authority are live in the dashboard today. The substrate is the same one that proves H33-PQ-Video meetings and H33-Agent-008 root authority.