Proof of Authority

Delegate consequence, not control.

Handshake routes agent attempts through limits you approve. Without valid scoped approval consumed at your intended receiver, downstream handlers cannot run.

Open documentation How it works

For security, platform, and operator teams.

Architecture

Bounded Delegation

Caps you can cite.

Verified · Explicit Limits

Accountability Trail

Runs under written limits.

Verified · Decision-Grade

Receiver check

Before the handler runs.

Verified · Enforced

After the ask

Thin ask, thick run.

One stated goal unfolds into retries and tools. Limits bind each protected attempt, not the chat title.

One conversational goal.

01Intent

One conversational goal.

02Expansion

Many steps, tools, and side effects.

03Attempts

Where mandates and receiver checks bind.

Consequence pressure

Automation needs power. Power needs a ceiling.

Without a service ceiling, speed trades against open-ended risk. Each protected attempt answers to written limits—a receiver check before impact.

What the attempts look like

09:41:08billing-agentRefund · $12,400 · outside scopeno mandate

09:41:12deploy-agentShip to production · unapproved pathno mandate

09:41:19support-agentBulk export · users tableno mandate

09:41:33support-agentRefund · $450 · inside scopeauthorised

Three attempts lack a matching mandate; one does.

01–04

Mechanism

Intent to receipt. Four beats.

Cap. Intercept. Check. Record.

Money, deploys, data: set the ceiling before the run spreads.

Limits

Cap

Money, deploys, data: set the ceiling before the run spreads.

Control

Intercept

Attempts stop without a mandate that fits. Recovery only proposes a narrower scoped grant.

Enforcement

Check

Intended receiver verifies scoped approval once, immediately pre-handler.

Accountability

Record

Trail ties outcomes to the limits in force.

By surface

Shrink the blast radius.

Write the limit before the agent touches money, code, or bulk data.

Same dollar and account caps on every refund attempt.

Sketch

Surface: Refunds
Ceiling: $5,000
Scope: Own account
Window: 4h, revocable

Payments & refunds
Protected
Same dollar and account caps on every refund attempt.
Sketch
Surface
Refunds
Ceiling
$5,000
Scope
Own account
Window
4h, revocable
Code deployments
Protected
Staging paths, branches, or human gate for prod.
Sketch
Surface
Deploy
Target
Staging
Branch
feature/*
Rule
Human if prod
Counterexample
Data operations
No mandate
Exports and bulk moves: no sketch, no pass.
Unscoped
Surface
Exports & bulk
Ceiling
None set
Scope
Unscoped
Window
No TTL

Receipt · #01JV8K4XMTZ9NQRP

Action: Refund · $450
Agent: ai-customer-support
On behalf of: acme-corp
Mandate: refund_up_to_5000 · 4h · revocable
Approval: issued · consumed
Receiver: billing.acme.com/refunds
Checked: 14 May 2026 · 09:41 UTC
Outcome: authorized · ran

View trail →

Proof, not story

Receipt, not narrative.

No scoped approval consumed at the intended receiver—no handler.

Read the Docs

Same substrate

Ship fast. Prove it.

Same rails as proof: limits at the edge, receipts after.

Authorized or refused. Nothing in between.

Check authority before your handler.

Enforcement

Check authority before your handler.

Outcomes

Artifacts reviewers can reopen.

Limits

Explicit scope, legible grants.

Three roles

Issue. Enforce. Witness.

Issue at the API, enforce on the receiver, read truth in the console.

Handshakeenforcement gate

Handshake API· issuer

Scoped LimitsAuthority Recovery

Receiver Middleware· enforcer

ExpressNext.jsFastify

Audit Dashboard· observer

Durable ReceiptsLive Traces

Start here

Set the boundary.
Before consequence.

Publish limits once, verify at your receiver, ship with receipts.

Read the Briefing View Documentation

Delegate consequence, not control.

01·Intent

02·Expansion

03·Attempts

Automation needs power. Power needs a ceiling.

What the attempts look like

Intent to receipt. Four beats.

01LimitsCap

02ControlIntercept

03EnforcementCheck

04AccountabilityRecord

Cap

Intercept

Check

Record

Shrink the blast radius.

Payments & refundsProtected

Code deploymentsProtected

CounterexampleData operationsNo mandate

Payments & refunds

Code deployments

Data operations

Receipt, not narrative.

Ship fast. Prove it.

01Enforcement

02Outcomes

03Limits

Enforcement

Outcomes

Limits

Issue. Enforce. Witness.

Set the boundary.Before consequence.

Set the boundary.
Before consequence.