Objective
Prevent unauthorized or partial execution by making commitment, policy enforcement, and evidence generation non-optional.
Every value movement must pass through the same guarded state machine and emit signed evidence.
Objective
Prevent unauthorized or partial execution by making commitment, policy enforcement, and evidence generation non-optional.
Intent validates request semantics, Prepare locks funds, Commit marks point-of-no-return, Execute mutates core state, and Receipt finalizes signed evidence.
Failures before commit are cleanly reversible. Failures after commit trigger deterministic recovery semantics and explicit incident visibility.
Permits apply budget ceilings, recipient scope, time windows, and usage boundaries. They are evaluated as first-class constraints in the transfer pipeline.
Agent and delegated execution paths are required to present permit context for spend-capable operations.
Receipts are Ed25519 signed over canonical payloads and anchored into WorldLine hash-chain events.
Verification can be performed independently, making audit and dispute workflows portable outside the runtime.
Issue permit, update limits, revoke permit, inspect usage
Fetch receipt by ID, verify signature, export audit card
Continue exploring