Adding a Slack or email approval to your agent is the right instinct. EMILIA makes that approval accountable — bound to the exact action, replay-resistant, and provable offline — without you maintaining the trust plumbing.
When an agent hits a risky action, post to Slack or email, wait for a click, then proceed. Homegrown wrappers and approval libraries do exactly this, and the instinct is correct: a human should stand between an agent and an irreversible action. It works — until you need to prove who approved what, stop a captured approval from being reused, or hand an auditor evidence that does not require trusting your own logs.
A button press approves “an action.” It is usually not cryptographically bound to the exact parameters — the amount, the destination, the beneficiary — so the same approval can authorize a different action than the one the human saw. It can often be replayed. And the evidence it leaves is a row in a database you control, which is precisely what a regulator or an insurer will not take at face value.
EMILIA binds the signoff to the exact action, makes it one-time consumable, and mints a Trust Receipt anyone can verify offline (Ed25519 + Merkle, no account, no call home). The policy engine underneath is formally verified, not glue code you have to trust.
| Dimension | DIY human-in-the-loop | EMILIA Protocol |
|---|---|---|
| What gets approved | An action, often coarse — approve once, broad scope | The exact action — bound to actor, authority, policy, and parameters |
| Replay resistance | Usually none — an approval can be reused | One-time consumable handshake |
| Evidence | A log line in your own system — trust us | Trust Receipt — Ed25519 + Merkle, verifiable offline |
| Approver identity | Whoever clicked the button | A named principal bound into the signoff |
| Assurance | Your own glue code | Formally verified policy engine — 26 TLA+ theorems + 35 Alloy facts |
| What you maintain | Channels, state, retries, audit storage | A drop-in gate (MCP / SDK); receipts included |
| Compliance | Ad hoc | Maps to NIST AI RMF + EU AI Act human-oversight and traceability |
EMILIA is not a different approval UX. Keep approving in Slack or email if your team likes it. The difference is what the approval is: instead of a click and a log line, it becomes a bound, replay-resistant, offline-provable artifact — the thing you can hand to an auditor, an insurer, or a counterparty without asking them to trust your systems.