Related · tier-1 reading. For what a portable artifact actually is, see Portable Artifact.
Q-Sign turns authority into executable control.
Before a human, AI agent, service account, treasury system, or organization can act, Q-Sign determines whether authority exists, whether policy permits it, and whether execution may proceed.
Every organization has approval chains, authority structures, and audit requirements. None of them are provable. Until now.
Logs can be altered. Deleted. Backdated. Your audit trail is only as strong as your database admin's honesty. When the regulator arrives, you're presenting evidence only you can vouch for.
Someone bypassed the approval chain. You won't know until the investigation. By then, the damage is done — the transfer went through, the code shipped, the contract was signed.
"Who approved this?" Three people point at each other. Nobody can prove anything. The approval was verbal, or the system doesn't record roles, or the logs were rotated.
Governance records what happened.
Authority determines what may happen.
Authority is checked before action, not audited afterward. Policy is locked before approval begins. Execution does not proceed unless every requirement is satisfied. Proof is what remains.
Every participant — human, AI agent, service account, workflow, or organization — must possess verifiable authority before execution is permitted. Roles, jurisdiction, delegation scope, thresholds, and policy constraints are enforced before action, not audited afterward.
The governance rules are hash-locked before approval begins. No mid-flow policy changes. No retroactive rewrites. The policy that applied at the moment of decision is permanently recorded and enforced at execution time.
Not just "3 people clicked approve." 1 treasury officer + 1 compliance officer + 1 regional approver, each with verified roles, each contributing a distinct, accountable signature.
AI systems do not receive blanket permissions. They receive explicit authority. Q-Sign defines what an agent may do, what it may not do, what it may delegate, when it must escalate, and when human approval becomes mandatory. Authority is enforced at execution time.
Humans can delegate authority to humans. Humans can delegate authority to agents. Agents can delegate authority to subordinate agents when policy permits. Every delegation carries scope, limits, expiration, and accountability. No authority appears without a provenance chain.
The question is not who clicked approve. The question is whether the action was authorized to occur. Q-Sign evaluates authority, policy, delegation, thresholds, scope, and governance state before execution. Unauthorized actions do not proceed.
Any point in time. Which policy was active. Who held what authority. What was approved. What changed. Reconstructable forever — not from a database you control, but from proof you cannot alter.
The receiving party doesn't call you. Doesn't trust you. Verifies authorization themselves. A regulator, counterparty, or auditor can confirm your governance state without asking your permission.
No new workflows. No rearchitecting. Q-Sign wraps your existing approval processes and makes them cryptographically verifiable.
Someone requests an action — a wire transfer, code deploy, contract upgrade, or policy change. The request is sealed with the exact governance rules that apply at this moment. The policy cannot change mid-flight.
Not just anyone — the people the policy requires. Treasury. Compliance. Security. Each approval is individually signed against that person's verified role and recorded. Order, timing, and authority all captured.
Was the threshold met? Were all required roles present? Was the policy followed without modification? Was the request within scope? Were all participants authorized at the time of approval?
A cryptographic receipt is produced. Portable. Independent. Verifiable by anyone without contacting H33 or your organization. Provable forever — not because you say so, but because the math says so.
Fraud, overreach, and missing accountability don't announce themselves. Q-Sign handles all three before they become incidents.
Missing secondary approval from compliance officer. Wire authorization requires dual sign-off under treasury policy version 4.1. The CFO's signature alone does not constitute a complete governance record. Request rejected. Escalation triggered. Proof preserved.
Attempted: $18M. Authorized authority ceiling: $2M. Q-Sign evaluates the agent's delegation scope at execution time, denies the action, and routes mandatory escalation to human approvers. Machine authority is bounded by verifiable delegation, not configuration flags. No system configuration change can override governance state.
Full reconstruction delivered. Every approval, every policy version, every signer's authorization state, every risk assessment. Cryptographically intact at the exact moment of decision. No database queries. No "we believe the records show." Proof.
Eight purpose-built modules, each handling a distinct failure mode in organizational decision-making.
Ordered, multi-party approval ceremonies with verifiable sequencing and timing constraints.
Governance rules are sealed at request time. No mid-flow modifications. No retroactive changes.
Not headcount — roles. Each approval is verified against the signer's actual authority.
Layered approval structures for complex organizations with nested authority hierarchies.
Machine participants operate within explicit, verifiable delegation scope. Ceiling enforced.
Authority states update continuously. Revoked roles stop counting. No stale approvals.
Decisions cannot be altered, deleted, or backdated. The record is immutable by construction.
Reconstruct any governance state at any point in time. Who was authorized. What was approved.
Not who performed the action.
Who possessed the authority to make it happen.
Q-Sign is not a proof system.
Proof is the artifact.
Q-Sign is an authority system.
The proof is merely what remains after authority has been exercised.