Protocols & Rails — AI Work OS Safety

Irreversible agent actions need verifiable proof.

No Stamp → No Ship for irreversible agent actions.

When agents can touch your files, inbox, approvals, payments, and access controls, "we logged it" is not a gate. Good Proof makes high-impact agent execution verifiable, scope-bound, expiry-aware, and revocable by link.

Gate execution by Status Link: not VALID → no execute
Counterparties verify by link: scope • expiry • signer • status
Evidence Pack (IDA format): time-stamped snapshot you can forward, file, and cite

Fail-closed•Append-only•Scope-bounded

Book an AI Work OS Stamp Sprint See stamped specimens

What's proven What gets stamped How it works Procurement clause

Not a certification. Scope-limited verification. Acceptance depends on counterparty/programme requirements.

Why AI Work OS buyers are moving now

Agent execution surface is expanding. Governance expectations are accelerating.

Irreversible actions without portable proof

File exports, role grants, and payment approvals execute without evidence that travels outside your perimeter.

Connector/OAuth scope drift

Silent scope expansion invalidates prior approvals. Nobody discovers the mismatch until an incident.

Logs don't travel

Auditors, insurers, and partners can't verify decisions from internal logs they can't access.

Privilege expansion increases blast radius

Token misuse, role escalation, and session hijacking widen the impact of a single compromised agent.

Cross-system dispute archaeology

Reconstructing what was permitted across tools, tenants, and policy versions is manual, slow, and fragile.

Revocation must propagate instantly

When compromise is suspected, stop-rely must reach every enforcement point — not wait for a meeting.

No-login external verification needed

Counterparties need to verify scope, expiry, and validity without VPN, portal, or NDA.

Screenshot-driven review is expensive

Static screenshots and PDF exports are expensive to produce, easy to challenge, and impossible to revoke.

Good Proof provides scope-limited verification evidence and stop-rely semantics. It is not a certification.

What a Stamp proves (and what it doesn't)

Proves (within lane scope)

Action class + outcome
Decision/execution timestamp
Signer/authority reference
Scope boundaries + expiry window
Validity state (VALID / NEEDS_REFRESH / WITHDRAWN / NOT_VERIFIED)
Evidence window for disputes/audit

Does not prove

Underlying data correctness
Agent reasoning quality
Model or policy correctness
Raw prompts/logs/PII by default
Certification or regulatory compliance

In disputes: Status Link = reliance state now. IDA Evidence Pack = fileable snapshot for decision-time record.

Not a certification. Scope-limited verification. Acceptance depends on counterparty/programme requirements.

Why this lane exists

In AI Work OS, disputes are authority disputes.

Not "did it happen?" but: was it permitted, within which scope/version, and is reliance still valid now?

Agent logs don't satisfy procurement, insurers, auditors, or partners — because logs don't travel and aren't revocable.

Good Proof turns high-impact execution into a contract-referenceable gate.

Real-world pain points:

•Who approved this access change?
•Was the connector scope expanded after approval?
•Did the policy/ruleset change since last verification?
•Can a partner verify this without logging into our systems?
•If compromise is suspected, can we stop reliance instantly?

The AI Work OS execution surface

Stamp the surface before execution. If it changes → NEEDS_REFRESH.

Workspace/tool connector inventory + boundaries

File/data movement permissions

Inbox/send/automation permissions

Approval workflow definitions + thresholds

Payment/refund/payout handler context (if connected)

IAM/role/OAuth scope boundaries

Delegation/session authority objects (scope/expiry/revocation)

Material surface changeNEEDS_REFRESH

Compromise / integrity failureWITHDRAWN

What gets stamped in AI Work OS lanes

High-impact action classes (define per programme):

Files & data movement

File export / external share / bulk delete
Sensitive folder access grants
Data exfil paths (download, sync, API extraction)

Inbox & communications

Outbound external email sends
Mailbox rule creation / auto-replies
Ticket closure with customer or financial impact

Approvals & workflow controls

Approval unlocks for payment / shipment / access
Policy exception approvals

Payments & commercial actions

Invoice / payout / refund approval
Dispute closure (if connected)

Identity & access management

Admin / finance / security role grants
OAuth scope expansion / API key policy changes
Identity recovery lockouts / delegated authority updates

If it can't be safely reversed, it must be verifiable and revocable before execution.

Integration in 3 touchpoints

Issue

At high-impact action (file export, role grant, payment approval) → require a Stamp.

Communicate

Include Status Link in API/webhook/ticket/audit trail.

Rely

At execute → verify Status Link (fail-closed).

High-impact gating only. Everything else runs normally.

If it gets challenged, does it survive?

PDFs are great for filing. Status Links keep them current.

VALID

Decision stands. Rely on it.

NEEDS REFRESH

Policy/scope changed. Re-verify.

WITHDRAWN

Stop relying immediately.

NOT VERIFIED

No proof exists.

If it's not VALID, it doesn't execute.

Fail-closed: unreachable verification returns NOT_VERIFIED. Block or escalate — never assume validity.

VALID = valid within scope (not a guarantee of outcome correctness).

When status changes — and what it means

Status triggers define when a Status Link moves to NEEDS_REFRESH or WITHDRAWN. Understanding these ensures fail-closed enforcement at execution time.

NEEDS_REFRESH

When any of these occur, re-verify before you rely.

Connector/tool surface changed (new tools enabled, new endpoints)

OAuth scopes expanded / permission set changed

Policy version change (approval rules, thresholds, escalation policy)

New data domain added (new drive, inbox, project, tenant)

Workflow definition changed (approval step altered, routing changed)

Agent runtime or orchestrator version change affecting semantics

Identity provider changes (role mapping, group policy)

Evidence window expired (time-based refresh)

Vendor integration version update that changes capability semantics

Related incident declares posture change requiring refresh

NEEDS_REFRESH means "re-verify before you rely," not "defer."

WITHDRAWN

Stop-rely signal. Execution must not proceed.

Token leakage / credential misuse suspected

Confirmed uncontrolled scope expansion

Unauthorized workflow modification detected

Critical tenant/workspace/role misconfiguration

High-severity incident impacts approval integrity

Tool/provider breach affecting trust boundary (programme-scoped)

Verified out-of-scope execution pattern

Fail-closed: Wherever the Status Link is checked, if WITHDRAWN → block or escalate.

How it works (simple and enforceable)

Stamp the surface

Workspace + tools + policy version + identity boundaries. If it changes → NEEDS_REFRESH.

Gate high-impact execution

Pre-execution Status Link check on defined action classes. No Stamp / NOT_VERIFIED / NEEDS_REFRESH / WITHDRAWN → block or escalate.

This is No Stamp → No Ship for irreversible agent actions.

Revoke fast

Set WITHDRAWN on compromise/invalidation. Stop-rely propagates wherever the Status Link is checked.

Make the gate machine-checkable, not meeting-checkable.

What you get (two artefacts, one standard)

Status Link (authoritative now)

A counterparty-verifiable link that returns current validity within scope.

Returns: status, scope, expiry, verified_at, signer, verify_url
Fail-closed: unreachable = NOT_VERIFIED
Built for contracts, runbooks, tickets, and automated gates

IDA Evidence Pack (snapshot then)

View full details →

A time-stamped snapshot you can forward, file, and cite.

Built for committees, audits, disputes, and procurement
Append-only history; withdrawal ≠ erasure
Excludes prompts, logs, PII by default

One Stamp produces both. PDFs are great for filing. Status Links keep them current.

What's inside the IDA Evidence Pack

Programme-configured. Minimal disclosure by default.

Action summary + lane scope boundary

Decision-time timestamp + evidence window

Workspace/tool surface identifier + version references

Approval/policy identifiers

Identity/permission boundary ref (OAuth scopes, role mappings)

Verification transcript + timestamps

Redaction matrix (what's excluded by design)

Proof ≠ payloads. Raw prompts/logs/PII are not required by default.

What partners, auditors, and buyers can verify

(without your systems)

Current validity: VALID / NEEDS_REFRESH / WITHDRAWN / NOT_VERIFIED
Scope boundaries: action class + workspace/tool surface
Expiry window + verified_at timestamp
Signer authority reference (system or Guardian panel when required)
Forwardable IDA pack for filing, disputes, and procurement
Canonical verification route and optional signed responses (programme-scoped)

Minimal disclosure by default: prompts/logs/PII excluded. Programme-gated access when required.

Global Coverage

Regulatory reality

No hype, no compliance claims — portable proof for AI governance and third-party risk.

EU

DORA operational resilience + third-party scrutiny; AI Act governance direction for high-risk systems.

UK

Operational resilience accountability + impact tolerances; AI governance expectations increasing.

US

Vendor due diligence, third-party risk, and AI governance expectations; evidence that travels.

Canada

OSFI third-party risk expectations; defensible records for high-impact automated decisions.

Australia

APRA CPS 230 operational risk; portable proof reduces escalation friction.

Asia

MAS/HKMA AI governance and safeguarding expectations across leading hubs.

Middle East

Digital governance frameworks expanding; defensible records for cross-border AI operations.

Africa

Data protection and AI governance frameworks emerging; portable verification supports cross-border reliance.

Good Proof doesn't certify compliance. It makes high-impact execution verifiable, refreshable, and withdrawable by link.

Jurisdictional Configuration

Country overlays can be configured per programme

Examples include programme-specific mapping for UAE, Saudi Arabia, South Africa, Kenya, Nigeria, and other jurisdictions where disclosure, retention, appeal handling, language support, and verifier-access requirements differ.

Not legal advice. Final legal mapping is owned by programme counsel.

AI-Agent Era

AI-agent era controls

Prompts can drift. Reliance controls must not.

Material change in connector/tool/vendor/configNEEDS_REFRESH

Integrity or boundary breachWITHDRAWN

Timeout/unreachable verification routeNOT_VERIFIED (fail-closed)

Exception lane requiring human finalityGuardian path (optional)

Good Proof does not decide outcomes; it controls whether high-impact actions are safe to rely on.

Who buys this in AI Work OS

Commercial buyers and external verifiers with high-impact decision accountability.

Security / CISO

Pain: Agents create new exfil paths and privilege drift that logs can't contain.

Outcome: Hard gates + revocation that propagates instantly across enforcement points.

Book a Stamp Sprint

IT Ops / Workspace Admin

Pain: Changes happen through connectors and nobody can prove what was approved.

Outcome: Scope + policy version becomes verifiable by link without portal access.

Book a Stamp Sprint

IAM / Identity Engineering

Pain: OAuth scope expansion and role drift silently invalidate prior approvals.

Outcome: Delegation objects become stamped with expiry + revocation semantics.

Book a Stamp Sprint

Risk / Internal Audit

Pain: Evidence retrieval for audits is slow, system-bound, and policy-version-dependent.

Outcome: Fileable Evidence Pack snapshots with append-only history and redaction matrix.

Book a Stamp Sprint

Legal / Compliance / Privacy

Pain: Cross-system disputes require manual reconstruction of what was permitted and when.

Outcome: Decision-time snapshot + live status make authority disputes defensible.

Book a Stamp Sprint

Procurement / Vendor Risk

Pain: "Show me your controls" turns into portals, screenshots, and meetings.

Outcome: Contract-referenceable Status Link + IDA Evidence Pack for audits.

Book a Stamp Sprint

Finance Ops (if payment-connected)

Pain: Approval unlocks for payments/refunds lack portable verification.

Outcome: Scope-bounded verification for invoice, payout, and refund approval lanes.

Book a Stamp Sprint

External verifiers

Pain: Partners, auditors, insurers, regulators need proof without internal accounts.

Outcome: Verify by link; cite the IDA snapshot in audits and disputes.

Includes: customers, auditors, insurers, regulators (programme-scoped).

Book a Stamp Sprint

Where budget comes from

Usually funded from existing security, risk, and governance lines — not new category spend.

Identity governance & privileged access

Trigger: OAuth drift finding, token misuse incident, or IAM audit gap

Why it fits: Scope-bound delegation objects with expiry + revocation reduce blast radius.

SOC / security incident reduction

Trigger: Agent-related exfil alert, privilege escalation, or tool misuse event

Why it fits: Hard gates at execution points + WITHDRAWN propagation reduce mean time to containment.

GRC / audit evidence operations

Trigger: Internal audit finding, regulatory review, or insurer questionnaire

Why it fits: Portable Evidence Pack + live Status Link reduce evidence reconstruction effort.

Procurement / vendor risk assurance

Trigger: Enterprise customer or partner asks "show me your controls"

Why it fits: Contract-referenceable Status Link + Schedule A template for procurement teams.

Legal defensibility & complaints

Trigger: Cross-system dispute, regulatory complaint, or litigation hold

Why it fits: Decision-time snapshot + append-only history make authority disputes defensible.

Finance operations control integrity

Trigger: Payment approval audit finding or refund/dispute closure challenge

Why it fits: Scope-bounded verification for payment-connected lanes with fail-closed enforcement.

Enterprise automation governance

Trigger: Board-level AI governance mandate or insurer requirement for agent controls

Why it fits: Lane-scoped gate at high-impact execution points; minimal integration footprint.

Start with one high-impact lane and prove audit/incident friction reduction before expansion.

Procurement Ready

Procurement-ready clause

Template language for your legal team.

"For [High-Impact Action Classes], Supplier shall issue a Good Proof Stamp prior to action. Buyer may verify status via the Status Link. Stamps returning NOT_VERIFIED, NEEDS_REFRESH, or WITHDRAWN shall block or escalate per programme rules."

Schedule A — AI Work OS Verification Requirements

Definitions + operating rules procurement teams can copy/paste.

1. Definitions

"High-Impact Action Class" means any action class defined in the programme scope that cannot be safely reversed (e.g., file export, role grant, payment approval).

"Status Link" means the canonical URL returning current verification status, scope boundaries, expiry, and signer reference.

"Evidence Window" means the time period during which supporting materials are retained for audit/dispute.

"Evidence Pack" means time-stamped snapshot for filing and disputes (IDA format).

"Scope Boundary" means the defined limits of what a Stamp covers (action class, workspace, tool surface, expiry, programme).

2. Required states

VALID→ may proceed within scope.
NEEDS_REFRESH/ NOT_VERIFIED / WITHDRAWN → must block or escalate per lane rules.
Fail-closed:timeout/unreachable ⇒ NOT_VERIFIED.

3. Withdrawal / stop-rely semantics

WITHDRAWN is returned wherever the Status Link is checked.
No execution may proceed on WITHDRAWN.
Optional: programme hooks/notifications for stop-rely distribution.

4. Technical safeguards

HTTPS-only verifier endpoint.
verify_url host MUST match official verifier allowlist.
Redirects forbidden. Domain mismatch ⇒ NOT_VERIFIED.
Timeout/unreachable ⇒ NOT_VERIFIED.

5. SLA placeholders (complete per programme)

Verifier availability target: [___]%. p99 response-time target: [___] ms. Evidence Pack export SLA: [___] hours. Status propagation target: [___] seconds.

6. Evidence retention defaults

Default evidence window: [90] days (configurable 30–365). Retention policy owned by programme counsel.

Not legal advice. Template language for your legal team. Bracketed variables to be completed by the parties.

Procurement pack available: architecture summary, data handling overview, subprocessors, retention options.

Mind Chill Guardians - A global network of diverse human reviewers

A Global Human Layer

Our Mind Chill Guardian Story

A global human layer that software can't fake.

When liability lands on a person, the sign-off should too.

Conflict-checked · Rotation-based · Audit-traceable · Programme-scoped

When Guardians are used (only when required)

Most decisions remain automated. Humans step in only where human finality is required: exception approvals, disputes, high-risk overrides, or post-incident outcomes with human liability.

Mind Chill Guardians provide programme-scoped human finality for exception lanes only, with anti-rubber-stamp controls: conflict checks, rotation, sampling audits, and multi-review thresholds for high-risk lanes. Minimal disclosure by default.

From calming minds to defending outcomes

Mind Chill began in 2017 as immersive art built to reduce anxiety and create calm at scale. Then the same feeds that buried calm and rewarded outrage started training the systems that now make real decisions. We didn't want more rhetoric. We wanted receipts.

The moment it clicked

A message arrived: someone's child felt safer because of what they experienced. Around the same time, lived experience inside our own community made one thing obvious: the nuance that matters in high-impact decisions can't be reliably reduced to a prompt. So we designed a human layer for the edge cases—structured, scope-bound, and auditable.

Guardians are not a "panel." They're a network.

Mind Chill Guardians come from different countries, backgrounds, and lived realities. That diversity is not branding—it's risk reduction. It makes decisions harder to game, easier to challenge, and more credible under scrutiny. Guardians do not "run the system." They review only what the lane requires humans to own.

Receipts over rhetoric

Operational Guardians plug into Good Proof lanes as a controlled finality mechanism: conflict checks, rotation, multi-review where required, and an audit trace tied to a Status Link. Minimal disclosure by default. If a decision is appealed months later, you can show what happened, within scope, without dumping sensitive payloads.

Why buyers choose Guardians

Lived experience at the edge cases

Conflict-checked + rotation-based

Multi-review on high-risk lanes

Audit-traceable outcomes

Minimal disclosure by default

Add Guardian Desk to a Stamp Sprint See how escalation works

30-day AI Work OS Stamp Sprint outcome

What ships in 30 days:

One irreversible action class defined (e.g., file export or role grant)
Scope surface documented (workspace + tools + identities + policy versions)
Pre-execution gate integrated
Refresh/withdraw triggers configured
Counterparty verification route tested end-to-end
One redacted IDA Evidence Pack specimen generated
Go/no-go rollout recommendation

Book an AI Work OS Stamp Sprint See Verify API View Specimens

Due Diligence FAQs

Make irreversible agent execution shippable.

Define your high-impact action classes. Require the Stamp. Let the Status Link do the rest.

Book an AI Work OS Stamp Sprint See stamped specimens

Not a certification. Scope-limited verification. Acceptance depends on counterparty/programme requirements.

Protocols & Rails — AI Work OS Safety

Irreversible agent actions need verifiable proof.

No Stamp → No Ship for irreversible agent actions.

Gate execution by Status Link: not VALID → no execute
Counterparties verify by link: scope • expiry • signer • status
Evidence Pack (IDA format): time-stamped snapshot you can forward, file, and cite

Fail-closed•Append-only•Scope-bounded

Book an AI Work OS Stamp Sprint See stamped specimens

What's proven What gets stamped How it works Procurement clause

Not a certification. Scope-limited verification. Acceptance depends on counterparty/programme requirements.

Why AI Work OS buyers are moving now

Agent execution surface is expanding. Governance expectations are accelerating.

Irreversible actions without portable proof

File exports, role grants, and payment approvals execute without evidence that travels outside your perimeter.

Connector/OAuth scope drift

Silent scope expansion invalidates prior approvals. Nobody discovers the mismatch until an incident.

Logs don't travel

Auditors, insurers, and partners can't verify decisions from internal logs they can't access.

Privilege expansion increases blast radius

Token misuse, role escalation, and session hijacking widen the impact of a single compromised agent.

Cross-system dispute archaeology

Reconstructing what was permitted across tools, tenants, and policy versions is manual, slow, and fragile.

Revocation must propagate instantly

When compromise is suspected, stop-rely must reach every enforcement point — not wait for a meeting.

No-login external verification needed

Counterparties need to verify scope, expiry, and validity without VPN, portal, or NDA.

Screenshot-driven review is expensive

Static screenshots and PDF exports are expensive to produce, easy to challenge, and impossible to revoke.

Good Proof provides scope-limited verification evidence and stop-rely semantics. It is not a certification.

What a Stamp proves (and what it doesn't)

Proves (within lane scope)

Action class + outcome
Decision/execution timestamp
Signer/authority reference
Scope boundaries + expiry window
Validity state (VALID / NEEDS_REFRESH / WITHDRAWN / NOT_VERIFIED)
Evidence window for disputes/audit

Does not prove

Underlying data correctness
Agent reasoning quality
Model or policy correctness
Raw prompts/logs/PII by default
Certification or regulatory compliance

In disputes: Status Link = reliance state now. IDA Evidence Pack = fileable snapshot for decision-time record.

Not a certification. Scope-limited verification. Acceptance depends on counterparty/programme requirements.

Why this lane exists

In AI Work OS, disputes are authority disputes.

Not "did it happen?" but: was it permitted, within which scope/version, and is reliance still valid now?

Agent logs don't satisfy procurement, insurers, auditors, or partners — because logs don't travel and aren't revocable.

Good Proof turns high-impact execution into a contract-referenceable gate.

Real-world pain points:

•Who approved this access change?
•Was the connector scope expanded after approval?
•Did the policy/ruleset change since last verification?
•Can a partner verify this without logging into our systems?
•If compromise is suspected, can we stop reliance instantly?

The AI Work OS execution surface

Stamp the surface before execution. If it changes → NEEDS_REFRESH.

Workspace/tool connector inventory + boundaries

File/data movement permissions

Inbox/send/automation permissions

Approval workflow definitions + thresholds

Payment/refund/payout handler context (if connected)

IAM/role/OAuth scope boundaries

Delegation/session authority objects (scope/expiry/revocation)

Material surface changeNEEDS_REFRESH

Compromise / integrity failureWITHDRAWN

What gets stamped in AI Work OS lanes

High-impact action classes (define per programme):

Files & data movement

File export / external share / bulk delete
Sensitive folder access grants
Data exfil paths (download, sync, API extraction)

Inbox & communications

Outbound external email sends
Mailbox rule creation / auto-replies
Ticket closure with customer or financial impact

Approvals & workflow controls

Approval unlocks for payment / shipment / access
Policy exception approvals

Payments & commercial actions

Invoice / payout / refund approval
Dispute closure (if connected)

Identity & access management

Admin / finance / security role grants
OAuth scope expansion / API key policy changes
Identity recovery lockouts / delegated authority updates

If it can't be safely reversed, it must be verifiable and revocable before execution.

Integration in 3 touchpoints

Issue

At high-impact action (file export, role grant, payment approval) → require a Stamp.

Communicate

Include Status Link in API/webhook/ticket/audit trail.

Rely

At execute → verify Status Link (fail-closed).

High-impact gating only. Everything else runs normally.

If it gets challenged, does it survive?

PDFs are great for filing. Status Links keep them current.

VALID

Decision stands. Rely on it.

NEEDS REFRESH

Policy/scope changed. Re-verify.

WITHDRAWN

Stop relying immediately.

NOT VERIFIED

No proof exists.

If it's not VALID, it doesn't execute.

Fail-closed: unreachable verification returns NOT_VERIFIED. Block or escalate — never assume validity.

VALID = valid within scope (not a guarantee of outcome correctness).

When status changes — and what it means

Status triggers define when a Status Link moves to NEEDS_REFRESH or WITHDRAWN. Understanding these ensures fail-closed enforcement at execution time.

NEEDS_REFRESH

When any of these occur, re-verify before you rely.

Connector/tool surface changed (new tools enabled, new endpoints)

OAuth scopes expanded / permission set changed

Policy version change (approval rules, thresholds, escalation policy)

New data domain added (new drive, inbox, project, tenant)

Workflow definition changed (approval step altered, routing changed)

Agent runtime or orchestrator version change affecting semantics

Identity provider changes (role mapping, group policy)

Evidence window expired (time-based refresh)

Vendor integration version update that changes capability semantics

Related incident declares posture change requiring refresh

NEEDS_REFRESH means "re-verify before you rely," not "defer."

WITHDRAWN

Stop-rely signal. Execution must not proceed.

Token leakage / credential misuse suspected

Confirmed uncontrolled scope expansion

Unauthorized workflow modification detected

Critical tenant/workspace/role misconfiguration

High-severity incident impacts approval integrity

Tool/provider breach affecting trust boundary (programme-scoped)

Verified out-of-scope execution pattern

Fail-closed: Wherever the Status Link is checked, if WITHDRAWN → block or escalate.

How it works (simple and enforceable)

Stamp the surface

Workspace + tools + policy version + identity boundaries. If it changes → NEEDS_REFRESH.

Gate high-impact execution

Pre-execution Status Link check on defined action classes. No Stamp / NOT_VERIFIED / NEEDS_REFRESH / WITHDRAWN → block or escalate.

This is No Stamp → No Ship for irreversible agent actions.

Revoke fast

Set WITHDRAWN on compromise/invalidation. Stop-rely propagates wherever the Status Link is checked.

Make the gate machine-checkable, not meeting-checkable.

What you get (two artefacts, one standard)

Status Link (authoritative now)

A counterparty-verifiable link that returns current validity within scope.

Returns: status, scope, expiry, verified_at, signer, verify_url
Fail-closed: unreachable = NOT_VERIFIED
Built for contracts, runbooks, tickets, and automated gates

IDA Evidence Pack (snapshot then)

View full details →

A time-stamped snapshot you can forward, file, and cite.

Built for committees, audits, disputes, and procurement
Append-only history; withdrawal ≠ erasure
Excludes prompts, logs, PII by default

One Stamp produces both. PDFs are great for filing. Status Links keep them current.

What's inside the IDA Evidence Pack

Programme-configured. Minimal disclosure by default.

Action summary + lane scope boundary

Decision-time timestamp + evidence window

Workspace/tool surface identifier + version references

Approval/policy identifiers

Identity/permission boundary ref (OAuth scopes, role mappings)

Verification transcript + timestamps

Redaction matrix (what's excluded by design)

Proof ≠ payloads. Raw prompts/logs/PII are not required by default.

What partners, auditors, and buyers can verify

(without your systems)

Current validity: VALID / NEEDS_REFRESH / WITHDRAWN / NOT_VERIFIED
Scope boundaries: action class + workspace/tool surface
Expiry window + verified_at timestamp
Signer authority reference (system or Guardian panel when required)
Forwardable IDA pack for filing, disputes, and procurement
Canonical verification route and optional signed responses (programme-scoped)

Minimal disclosure by default: prompts/logs/PII excluded. Programme-gated access when required.

Global Coverage

Regulatory reality

No hype, no compliance claims — portable proof for AI governance and third-party risk.

EU

DORA operational resilience + third-party scrutiny; AI Act governance direction for high-risk systems.

UK

Operational resilience accountability + impact tolerances; AI governance expectations increasing.

US

Vendor due diligence, third-party risk, and AI governance expectations; evidence that travels.

Canada

OSFI third-party risk expectations; defensible records for high-impact automated decisions.

Australia

APRA CPS 230 operational risk; portable proof reduces escalation friction.

Asia

MAS/HKMA AI governance and safeguarding expectations across leading hubs.

Middle East

Digital governance frameworks expanding; defensible records for cross-border AI operations.

Africa

Data protection and AI governance frameworks emerging; portable verification supports cross-border reliance.

Good Proof doesn't certify compliance. It makes high-impact execution verifiable, refreshable, and withdrawable by link.

Jurisdictional Configuration

Country overlays can be configured per programme

Not legal advice. Final legal mapping is owned by programme counsel.

AI-Agent Era

AI-agent era controls

Prompts can drift. Reliance controls must not.

Material change in connector/tool/vendor/configNEEDS_REFRESH

Integrity or boundary breachWITHDRAWN

Timeout/unreachable verification routeNOT_VERIFIED (fail-closed)

Exception lane requiring human finalityGuardian path (optional)

Good Proof does not decide outcomes; it controls whether high-impact actions are safe to rely on.

Who buys this in AI Work OS

Commercial buyers and external verifiers with high-impact decision accountability.

Security / CISO

Pain: Agents create new exfil paths and privilege drift that logs can't contain.

Outcome: Hard gates + revocation that propagates instantly across enforcement points.

Book a Stamp Sprint

IT Ops / Workspace Admin

Pain: Changes happen through connectors and nobody can prove what was approved.

Outcome: Scope + policy version becomes verifiable by link without portal access.

Book a Stamp Sprint

IAM / Identity Engineering

Pain: OAuth scope expansion and role drift silently invalidate prior approvals.

Outcome: Delegation objects become stamped with expiry + revocation semantics.

Book a Stamp Sprint

Risk / Internal Audit

Pain: Evidence retrieval for audits is slow, system-bound, and policy-version-dependent.

Outcome: Fileable Evidence Pack snapshots with append-only history and redaction matrix.

Book a Stamp Sprint

Legal / Compliance / Privacy

Pain: Cross-system disputes require manual reconstruction of what was permitted and when.

Outcome: Decision-time snapshot + live status make authority disputes defensible.

Book a Stamp Sprint

Procurement / Vendor Risk

Pain: "Show me your controls" turns into portals, screenshots, and meetings.

Outcome: Contract-referenceable Status Link + IDA Evidence Pack for audits.

Book a Stamp Sprint

Finance Ops (if payment-connected)

Pain: Approval unlocks for payments/refunds lack portable verification.

Outcome: Scope-bounded verification for invoice, payout, and refund approval lanes.

Book a Stamp Sprint

External verifiers

Pain: Partners, auditors, insurers, regulators need proof without internal accounts.

Outcome: Verify by link; cite the IDA snapshot in audits and disputes.

Includes: customers, auditors, insurers, regulators (programme-scoped).

Book a Stamp Sprint

Where budget comes from

Usually funded from existing security, risk, and governance lines — not new category spend.

Identity governance & privileged access

Trigger: OAuth drift finding, token misuse incident, or IAM audit gap

Why it fits: Scope-bound delegation objects with expiry + revocation reduce blast radius.

SOC / security incident reduction

Trigger: Agent-related exfil alert, privilege escalation, or tool misuse event

Why it fits: Hard gates at execution points + WITHDRAWN propagation reduce mean time to containment.

GRC / audit evidence operations

Trigger: Internal audit finding, regulatory review, or insurer questionnaire

Why it fits: Portable Evidence Pack + live Status Link reduce evidence reconstruction effort.

Procurement / vendor risk assurance

Trigger: Enterprise customer or partner asks "show me your controls"

Why it fits: Contract-referenceable Status Link + Schedule A template for procurement teams.

Legal defensibility & complaints

Trigger: Cross-system dispute, regulatory complaint, or litigation hold

Why it fits: Decision-time snapshot + append-only history make authority disputes defensible.

Finance operations control integrity

Trigger: Payment approval audit finding or refund/dispute closure challenge

Why it fits: Scope-bounded verification for payment-connected lanes with fail-closed enforcement.

Enterprise automation governance

Trigger: Board-level AI governance mandate or insurer requirement for agent controls

Why it fits: Lane-scoped gate at high-impact execution points; minimal integration footprint.

Start with one high-impact lane and prove audit/incident friction reduction before expansion.

Procurement Ready

Procurement-ready clause

Template language for your legal team.

Schedule A — AI Work OS Verification Requirements

Definitions + operating rules procurement teams can copy/paste.

1. Definitions

"High-Impact Action Class" means any action class defined in the programme scope that cannot be safely reversed (e.g., file export, role grant, payment approval).

"Status Link" means the canonical URL returning current verification status, scope boundaries, expiry, and signer reference.

"Evidence Window" means the time period during which supporting materials are retained for audit/dispute.

"Evidence Pack" means time-stamped snapshot for filing and disputes (IDA format).

"Scope Boundary" means the defined limits of what a Stamp covers (action class, workspace, tool surface, expiry, programme).

2. Required states

VALID→ may proceed within scope.
NEEDS_REFRESH/ NOT_VERIFIED / WITHDRAWN → must block or escalate per lane rules.
Fail-closed:timeout/unreachable ⇒ NOT_VERIFIED.

3. Withdrawal / stop-rely semantics

WITHDRAWN is returned wherever the Status Link is checked.
No execution may proceed on WITHDRAWN.
Optional: programme hooks/notifications for stop-rely distribution.

4. Technical safeguards

HTTPS-only verifier endpoint.
verify_url host MUST match official verifier allowlist.
Redirects forbidden. Domain mismatch ⇒ NOT_VERIFIED.
Timeout/unreachable ⇒ NOT_VERIFIED.

5. SLA placeholders (complete per programme)

Verifier availability target: [___]%. p99 response-time target: [___] ms. Evidence Pack export SLA: [___] hours. Status propagation target: [___] seconds.

6. Evidence retention defaults

Default evidence window: [90] days (configurable 30–365). Retention policy owned by programme counsel.

Not legal advice. Template language for your legal team. Bracketed variables to be completed by the parties.

Procurement pack available: architecture summary, data handling overview, subprocessors, retention options.

A Global Human Layer

Our Mind Chill Guardian Story

A global human layer that software can't fake.

When liability lands on a person, the sign-off should too.

Conflict-checked · Rotation-based · Audit-traceable · Programme-scoped

When Guardians are used (only when required)

Most decisions remain automated. Humans step in only where human finality is required: exception approvals, disputes, high-risk overrides, or post-incident outcomes with human liability.

From calming minds to defending outcomes

The moment it clicked

Guardians are not a "panel." They're a network.

Receipts over rhetoric

Why buyers choose Guardians

Lived experience at the edge cases

Conflict-checked + rotation-based

Multi-review on high-risk lanes

Audit-traceable outcomes

Minimal disclosure by default

Add Guardian Desk to a Stamp Sprint See how escalation works

30-day AI Work OS Stamp Sprint outcome

What ships in 30 days:

One irreversible action class defined (e.g., file export or role grant)
Scope surface documented (workspace + tools + identities + policy versions)
Pre-execution gate integrated
Refresh/withdraw triggers configured
Counterparty verification route tested end-to-end
One redacted IDA Evidence Pack specimen generated
Go/no-go rollout recommendation

Book an AI Work OS Stamp Sprint See Verify API View Specimens

Due Diligence FAQs

Make irreversible agent execution shippable.

Define your high-impact action classes. Require the Stamp. Let the Status Link do the rest.

Book an AI Work OS Stamp Sprint See stamped specimens

Not a certification. Scope-limited verification. Acceptance depends on counterparty/programme requirements.