Formally Published DOI: 10.5281/zenodo.20264923 VGS-001 to VGS-011 · Zenodo · CC BY 4.0
Technical Architecture

Governance Embedded in the
Execution Path

VeriSigil is not a compliance dashboard layered on top of AI systems. It is governance infrastructure embedded directly in the execution path — between agent intent and agent action. No agent action executes without passing through the governance layer.

v0.7.2 · Production
Ed25519 · Merkle Chain · <50ms
Built in Lagos, Nigeria 🇳🇬
Contents
1. Architecture Overview 2. Governance Stack 3. Decision Model 4. Merkle Chain Audit 5. Progression Admissibility 6. Operational State Governance 7. Full Endpoint Reference 8. Comparison 9. Design Principles
01

Architecture Overview

The complete governance flow — from agent intent to cryptographic audit trail.

                    VERISIGIL GOVERNANCE ARCHITECTURE v0.6.1
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  AI AGENT
  
  │  wants to execute: payment($50,000) · delete(500 records) · deploy(prod)
  
  
┌─────────────────────────────────────────────────────────────────────────┐
│                    LAYER 1 — IDENTITY GATE                              │
│  Ed25519 passport verification · trust score check · shadow detection   │
│  POST /v1/guard/verify                                          <50ms   │
└─────────────────────────────────────────────────────────────────────────┘
  
  ├──────────────────┬──────────────────────────────┐
                                                  
  ▼ ALLOW           ▼ REQUIRE_HUMAN_APPROVAL       ▼ DENY
┌──────────┐      ┌──────────────────────┐       ┌──────────┐
│  EXECUTE │      │  EMAIL → APPROVER    │       │  BLOCK   │
│  action  │      │  approve.html        │       │  reason  │
└──────────┘      │  → APPROVED → exec   │       │  returned│
                  │  → REJECTED → block  │       └──────────┘
                  └──────────────────────┘
                                                  
  └──────────────────┴──────────────────────────────┘
  
  ▼  ALL PATHS — every decision logged
┌─────────────────────────────────────────────────────────────────────────┐
│                    MERKLE CHAIN AUDIT TRAIL                              │
│  Ed25519 signed · hash_chained · merkle_root · tamper_evident: true     │
│  drift_detected: false · replay_verifiable · 6mo+ retention             │
└─────────────────────────────────────────────────────────────────────────┘

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
  ADVANCED GOVERNANCE LAYERS (v0.6.x)

  PROGRESSION ADMISSIBILITY  → POST /v1/progression/evaluate
  Should this state transition be permitted given trajectory +
  authority + evidence + consequence level?

  OPERATIONAL STATE GOVERNANCE  → POST /v1/transitions/map
  What transitions remain permissible before consequence binds?
  Conditions change → permissions auto-revoked. Zero manual intervention.

  CHAIN PROVENANCE  → POST /v1/chain/provenance/start
  Agent A → Agent B → Agent C · full attribution · cryptographic proof

  CONTINUOUS ADMISSIBILITY  → POST /v1/continuous/check
  Long-running agents monitored every 30s · trust degraded? PAUSE
02

The Governance Stack

Eight layers of enforcement — from cryptographic identity to operational state governance.

Layer 1 · Identity
POST /v1/passport/issue
Ed25519 cryptographic passport issued to every AI agent. W3C DID standard. Publicly verifiable. Signature checked on every Runtime Guard call. Shadow clone detection blocks impersonation.
LIVE
Layer 2 · Runtime Guard
POST /v1/guard/verify
Every agent action intercepted before execution. Identity verified, trust scored, policy evaluated. Returns ALLOW / DENY / REQUIRE_HUMAN_APPROVAL in under 50ms. The mandatory gate.
LIVE
Layer 3 · Policy Engine
POST /v1/policy
Customer-configurable enforcement rules per action type, per organization. Payment thresholds, data access controls, tool use restrictions, delete safeguards. Customer policy overrides platform defaults.
LIVE
Layer 4 · Human Approval
GET /v1/approvals
When Runtime Guard escalates — approver emailed automatically. Secure web console shows agent identity, action, risk reason. Approve or reject with one click. Agent cannot execute without explicit human approval. Article 14 EU AI Act enforced by infrastructure.
LIVE
Layer 5 · Merkle Chain
GET /v1/chain
Every governance decision chained to previous with Ed25519 signature. hash_match, policy_match, decision_match all verifiable. Replay any decision — same hash every time. Article 12 EU AI Act satisfied from first decision.
LIVE
Layer 6 · Progression Admissibility
POST /v1/progression/evaluate
Not just 'is this agent trusted' but 'should this specific state transition be permitted now?' Evaluates trajectory coherence, authority sufficiency, evidence completeness, consequence level. The layer beyond action enforcement.
v0.6.0
Layer 7 · Operational State
POST /v1/transitions/map
Maps the full space of permissible transitions given current operational state. Detects consequence binding points — the exact moment a decision becomes irreversible. Conditions change → permissions auto-revoked. Zero manual intervention.
v0.6.1
Layer 8 · Runtime Governance
POST /v1/continuous/check
Agent Chain Provenance tracks A→B→C attribution. Continuous Admissibility monitors long-running agents every 30 seconds. Survivability Scoring predicts failure recovery. Runtime Revalidation re-checks approvals at every workflow checkpoint.
v0.6.0
03

The Decision Model

Three outcomes. Every path cryptographically logged.

ALLOW
Identity verified. Trust sufficient. Action within policy bounds. Agent executes immediately. Full audit entry written to Merkle chain.
chain_block: { hash, merkle_root, tamper_evident: true }
🚫
DENY
Hard block. Passport revoked, expired, cloned — or trust below minimum. Policy violation. Agent cannot proceed under any circumstances.
reason + confidence returned · decision chained
👤
REQUIRE_HUMAN_APPROVAL
Action paused. Approver emailed automatically with full context. Agent waits. Executes only after explicit human approval on secure console.
approval_url + approval_id returned · 24hr expiry
RUNTIME GUARD RESPONSE
JSON
{
  "decision":     "REQUIRE_HUMAN_APPROVAL",
  "confidence":   0.94,
  "reason":       "Payment $50,000 exceeds auto-allow threshold ($1,000)",
  "trust_score":  0.963,
  "trust_level":  "TRUSTED",
  "approval_url": "https://verisigilai.com/approve.html?id=apr_x7f2a1b",
  "execution_id": "exec_4d8f2a1b",
  "latency_ms":   42,
  "chain_block": {
    "block_hash":    "9eea84dceb9eace9d5bae660a7925968...",
    "merkle_root":   "9eea84dceb9eace9d5bae660a7925968...",
    "block_index":   47,
    "tamper_evident":true
  }
}
04

Merkle Chain Audit Trail

Every governance decision chained. Tamper-evident. Replay-verifiable. Article 12 EU AI Act satisfied.

⛓ Chain Structure
  GENESIS
      │
      ▼
  Block #0  hash: sha256(genesis|exec_001|agent|payment|ALLOW|...)
      │       merkle_root: sha256(block_0_hash)
      │
      ▼
  Block #1  hash: sha256(block_0_hash|exec_002|agent|delete|DENY|...)
      │       merkle_root: sha256(block_0_hash + block_1_hash)
      │
      ▼
  Block #N  hash: sha256(block_N-1_hash|exec_N|agent|action|decision|...)
              merkle_root: sha256(all previous hashes)

  Verification: replay(exec_id) → same inputs → same hash → hash_match: true
  Tampering:    change any field → hash mismatch → drift_detected: true
REPLAY VALIDATION — SAME DECISION 6 MONTHS LATER
JSON · GET /v1/chain/replay/{execution_id}
{
  "execution_id":   "exec_4d8f2a1b",
  "original_hash":  "9eea84dceb9eace9d5bae660a7925968cc134d45...",
  "replay_hash":    "9eea84dceb9eace9d5bae660a7925968cc134d45...",
  "hash_match":     true,
  "policy_match":   true,
  "decision_match": true,
  "deterministic":  true,
  "drift_detected": false,
  "immutable_audit": {
    "chain_integrity": "verified",
    "tamper_evident":  true
  }
}
05

Progression Admissibility

"Should this specific state transition be permitted now?" — four dimensions evaluated before any workflow step proceeds.

PROGRESSION EVALUATION — 4 DIMENSIONS
JSON · POST /v1/progression/evaluate
// Input — workflow context
{
  "agent_id":        "vsa_1483d06a89c4",
  "workflow_id":     "wf_payment_001",
  "current_step":    3,
  "total_steps":     5,
  "previous_steps":  [
    {"action": "verify_recipient", "status": "completed"},
    {"action": "check_balance",    "status": "completed"}
  ],
  "intended_action": "transfer_funds",
  "evidence": {
    "amount_usd":             50000,
    "business_justification": "Vendor Q2 payment",
    "approval_chain":         "manager_approved"
  },
  "consequence_level": "HIGH"
}

// Output — 4 dimensions evaluated
{
  "decision":             "PROGRESSION_ALLOWED",
  "trajectory_coherent":  true,   // ✓ prior steps logical
  "authority_level":      "SOVEREIGN", // ✓ meets ADMIN requirement
  "evidence_sufficient":  true,   // ✓ approval_chain present
  "trust_score":          0.97,
  "latency_ms":           0.12,
  "chain_block": {
    "block_hash":    "9eea84dceb9eace9...",
    "tamper_evident":true
  }
}
06

Operational State Governance

"What state transitions remain permissible under current conditions before consequence binds?" — the layer that answers Brian Hodak's question.

CONDITION CHANGE → AUTO-REVOCATION
JSON · POST /v1/conditions/update
// Trust degrades 0.963 → 0.72 + anomaly detected
{
  "conditions_changed": true,
  "changes_detected": ["Trust degraded by 0.243", "New alerts: anomaly_detected"],
  "authority_level":   "BASIC",
  "revoked": [
    {"permission": "payment",        "reason": "BASIC insufficient for HIGH"},
    {"permission": "transfer_funds",  "reason": "BASIC insufficient for HIGH"},
    {"permission": "send_email",      "reason": "BASIC insufficient for MEDIUM"}
  ],
  "maintained":      ["web_search"],
  "auto_revoked":    true,
  "recommendation":  "IMMEDIATE_ACTION — 3 permissions auto-revoked"
}
// Zero manual intervention required
07

Full Endpoint Reference

Every endpoint live at verisigil-api-production.up.railway.app

GET
/health
System health — version, uptime, feature status
GET
/status
Public status page — all services operational status
POST
/v1/passport/issue
Issue Ed25519 cryptographic passport to AI agent
GET
/verify/{agent_id}
Public passport verification — no auth required
POST
/v1/guard/verify
Runtime Guard — ALLOW/DENY/REQUIRE_HUMAN_APPROVAL in <50ms
POST
/v1/policy
Set customer policy override per action type
POST
/v1/policy/test
Simulate policy decision without logging
POST
/v1/progression/evaluate
Progression admissibility — 4-dimension evaluation
POST
/v1/transitions/map
Map permissible transition space under current conditions
POST
/v1/transitions/binding-point
Detect consequence binding point — last intervention opportunity
POST
/v1/conditions/update
Update operational conditions — auto-revokes permissions
POST
/v1/continuous/start
Start continuous admissibility monitoring
POST
/v1/continuous/check
Periodic admissibility check — ADMISSIBLE/PAUSE/HALT
POST
/v1/survivability/score
Score execution survivability — 0.0 catastrophic → 1.0 recoverable
POST
/v1/revalidate
Revalidate approval at new workflow checkpoint
POST
/v1/chain/provenance/start
Start agent chain — multi-agent provenance tracking
GET
/v1/chain
Get Merkle chain — all blocks with root
GET
/v1/chain/verify
Verify chain integrity — recomputes every hash
GET
/v1/chain/replay/{id}
Replay any past decision — proves determinism
GET
/v1/governance/summary
Full governance summary — all layers in one call
POST
/v1/approvals/create
Create approval request manually
POST
/v1/sprint/run
EU AI Act Compliance Sprint — passport + report + email in 60s
POST
/v1/scan
Agent config risk scanner
GET
/v1/enforcement/summary
Enforcement dashboard — decisions, chain, policy overview
08

How VeriSigil Compares

Governance infrastructure vs observability vs compliance documentation.

Capability Policy Documents Observability Tools VeriSigil
Pre-execution enforcement✗ None✗ None✓ Runtime Guard
Cryptographic audit trail✗ None~ Logs only✓ Merkle chain
Replay verification✗ None✗ None✓ hash_match: true
Human oversight gate~ Policy only✗ None✓ Hard gate enforced
Article 12 EU AI Act✗ Documentation~ Partial✓ Satisfied from day 1
Article 14 EU AI Act✗ Documentation✗ None✓ Enforced by infrastructure
Progression admissibility✗ None✗ None✓ 4-dimension evaluation
Consequence binding detection✗ None✗ None✓ Binding point mapped
Auto permission revocation✗ None✗ None✓ Conditions → auto-revoke
Multi-agent provenance✗ None~ Tracing only✓ Cryptographic attribution
Continuous monitoring✗ None~ Alerts only✓ 30s admissibility checks
09

Design Principles

The architectural decisions that make VeriSigil different.

01
Enforcement Before Observation
Governance must happen before execution — not after. A log proves what happened. A runtime gate prevents the wrong thing from happening. Both matter. Prevention is the harder problem.
02
Infrastructure Not Documentation
Compliance documents do not stop high-risk AI actions. Runtime enforcement does. VeriSigil embeds governance in the execution path — structurally mandatory, not voluntarily adopted.
03
Cryptographic Proof Not Logging
Standard logs can be altered. Ed25519 signed, hash-chained Merkle blocks cannot. The same decision replayed six months later produces the same hash. That is evidence, not logging.
04
Deterministic Governance
Same inputs always produce same governance decision. Same hash. Same outcome. Governance is not probabilistic. It is deterministic, verifiable, and reproducible by any party.
05
Consequence Before Binding
Governance must intervene before consequence binds irreversibly. VeriSigil maps consequence binding points and keeps the intervention window open until the last possible moment.
06
Conditions Drive Permissions
Operational conditions change — trust degrades, alerts fire, regulations update. Permissions must auto-revoke when conditions change. No manual intervention. No governance gaps.

Try The Live Infrastructure

Every endpoint live. Every demo calls the real API. Every decision chains to an immutable Merkle audit trail.

▶ Governed Agent Demo Progression Demo API Docs →