Skip to content

Authority Tokens

Proof That Authorization Happened —
Not Just a Log Entry

Every Intended decision produces a cryptographically signed token that proves exactly what was authorized, when, by which policy, and for which agent. Tamper-proof by design.

Inspect a Token

Inside an authority token

Click each section to expand. Every field is verifiable. The signature ensures no byte has been altered.

eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2F1dGhvcml0eS....M2E4ZjJjLi4uZTdiMWQ5
{
  "alg": "RS256",
  "typ": "AT+jwt",
  "kid": "meritt-authority-2026-03"
}
{
  "iss": "https://authority.intended.so",
  "sub": "agent:ci-bot-7f3a",
  "aud": "execution-gateway",
  "iat": 1711195387,
  "exp": 1711195687,
  "jti": "nonce_a4f8c2e1b9d3",
  "intentId": "sdlc.deploy.production",
  "decision": "ALLOW",
  "riskScore": 42,
  "confidence": 0.94,
  "tenant": "org_acme_corp",
  "policyTrace": ["pack:sdlc-v3", "rule:deploy-requires-review"],
  "escalation": false
}
RSA-SHA256: 3a8f2c...e7b1d9 (256 bytes)

The Problem

Audit logs can be tampered with

Traditional Audit Log

2026-03-23T14:23:07Z – agent-1 deployed to production
2026-03-23T14:25:00Z – agent-1 deleted user table
MODIFIED
2026-03-23T14:30:00Z – agent-1 sent notification

Text logs in a database can be edited, deleted, or backdated. There is no way to prove they haven't been altered.

Intended Authority Token

eyJhbGciOiJSUzI1NiJ9.eyJpbnRlbn...
Signature valid
Payload unmodified
Nonce unused

Alter a single byte and the signature fails. Replay the token and the nonce check fails. Mathematically provable integrity.

Join the waitlist

How It Works

From decision to cryptographic proof

01

Decision made

Authority Engine evaluates the intent against tenant policies.

02

Token minted

RS256-signed JWT containing the decision, risk score, nonce, and expiry.

03

Token attached

The token travels with the action to the target execution system.

04

Target verifies

Execution gateway verifies signature before allowing the action.

Token Lifecycle

300-second TTL + single-use nonce

Authority tokens are ephemeral by design. A 5-minute window and a single-use nonce ensure tokens cannot be replayed or hoarded.

0s — Minted300s — Expired
0s elapsedACTIVE
Token minted with nonce a4f8c2e1b9d3
Token presented to execution gateway — waiting...
Replay attempt with same nonce — n/a
TTL expired — pending...

Zero-Dependency Verification

Verify without database access

Any system with the public key can verify an authority token offline. No network calls. No shared database.

// Verify an authority token anywhere
import  { verifyAuthorityToken } from "@intended/verify";

const  result = await  verifyAuthorityToken(token, publicKey);

if (result.valid) {
  console.log(result.intent);  // sdlc.deploy.production
  console.log(result.decision); // ALLOW
  console.log(result.riskScore);// 42
}

Every decision. Cryptographically proven.

Start with open source or join the waitlist for hosted verification.

Join the waitlistBook a demo