Intent Verification Infrastructure for Autonomous Agents
Verify intent before
autonomous agents act.
Every autonomous action — an agent deploying code, a bot moving money, a workflow touching customer data — passes through Intended first. Allow becomes a signed token. Deny means it never ran.
No Token · No Action
watch one mint in your browser
This page just generated an Ed25519 key pair and signed an example agent intent.
Below is the resulting Authority Token. Real cryptography, running on your hardware. No data leaves your browser — the keypair is created locally, used once, and discarded. Copy the token and verify it on jwt.io if you want.
Example intent: “Deploy the authentication service to production.”
Every line of the token below is what an agent would carry to the connector at the moment of execution. The signature is a real Ed25519 (EdDSA) signature computed in your browser with WebCrypto — the same algorithm the Intended authority signs with — and it’s verified here against the freshly exported public key. The whole loop takes about a millisecond in production; what you saw above is the same operation, slowed down for legibility.
manifesto · the four principles
Nothing autonomous moves without consent.
Every consent is cryptographic.
Every consent is auditable.
Every audit is provable without us.
what we do
Verify intent before autonomous agents act.
Every action an autonomous agent attempts passes through one surface. Intent is compiled. Conformance is scored. Authority is decided. A cryptographic Authority Token is issued — or refused. Every step is preserved as immutable evidence.
Captured
Natural language or tool calls compile to a typed IntentRequest.
Scored
Each intent is mapped to your declared business process.
Decided
Policy + risk + conformance combine into a single verdict.
Preserved
Every decision is sealed and hash-linked. Replayable, exportable.
one engine · two editions
The same authority, wherever agents act.
One verification engine, one shared spine — asserted by test. Choose the surface your agents act on; the guarantee is identical: intent verified, authority granted or refused, and evidence preserved, before anything runs.
Agents acting on your software
Deploys, refunds, data access, tickets — across SaaS, APIs, and cloud. Every action authorized at the boundary before it executes.
Agents acting in the world
Robots and embodied systems — the same authority model extended to the edge. In development, complementing functional-safety standards (ISO/IEC), never replacing them.
live demo · sample stream
Authority decisions, as they happen.
An illustrative stream that shows the shape of an authority decision — intent, risk score, verdict, and the resulting token. Sample data, not a live customer feed.
an authority token, in detail
Click any segment to inspect its claims.
three claims we prove
Blocked before it happened.
Unintended actions do not execute. Verification fails closed before the runtime boundary is crossed. No speculative execution. No partial effects. No recovery narrative — because nothing ran.
Every authorized action has a cryptographic receipt.
Intended actions receive a scoped, time-limited Authority Token that proves verification happened. The Token is the receipt. The receipt is the record. The record is enforceable.
Math, not trust.
Every decision is recorded in an immutable audit chain that is cryptographically signed, exportable, and replayable. If our service disappeared tomorrow, the signed evidence would still stand on its own — and per-tenant public-key (JWKS) verification is live.
what you can verify
Autonomous actions are classified, scored against your policy, and gated by an authority token. If the intent isn’t verified, the action doesn’t run — fail-closed by design.
Verification becomes a precondition instead of a forensics exercise: nothing autonomous runs without it, and every decision leaves a signed record you can export and check yourself.
How the mechanism is designed to work — not a customer testimonial.
why this is different
Policies define rules. They do not define intention.
Adjacent systems answer whether an action is permitted. Intended answers whether the action matches what was intended in this context. Policy evaluation is part of that process, but it is not the whole product.
- What the action is intended to do
- Whether it fits the enterprise capability context
- Whether authority should be granted, denied, or escalated
- Whether execution can be proven after the fact
next step
Start with the open layer. Operationalize when you are ready.
Use the Open Intent, docs, and open-source packages to integrate quickly. Move into the full platform when you need verification, authority, escalation, and audit at enterprise scale.