GateSolutionsAssuranceProtocolProofDocsPricingRequest pilot
For AI labs & platforms

OAuth solved login. EMILIA solves accountability for AI agents.

Your model can reason. It can plan. It can execute. The moment it acts in the real world, every team hits the same wall — and it’s not a capability problem:

“Who approved this exact action?”

The shared wall

Every agent platform eventually has to answer for what its agent did — to a board, a regulator, an insurer, a court. “The model did it” is not an answer. And when prompt injection turns a helpful assistant into a financial weapon, the headline names you, not the user.

OpenAI OperatorsAnthropic Computer UseGoogle AgentsMicrosoft Copilot ActionsxAIVisa Agent Commerce

All shipping autonomous action. All hitting the same wall.

The answer — four concepts

A cryptographically provable record of who owns each decision.

Accountable Signoff

A named human cryptographically assumes responsibility for the exact action — not a role, not a token, a person. This is the answer to "who owns this decision?"

Authorization receipt

A signed, offline-verifiable record of the decision (formerly Trust Receipt): action, policy, approver, outcome. Anyone verifies it with no account and no call home (Ed25519 + Merkle).

Policy Hash

The exact policy version that authorized the action, pinned into the receipt. The rules that applied are provable after the fact, not reconstructed.

Authority Chain

The delegation path — who was allowed to authorize whom — bound to the action. Permission isn’t assumed; it’s carried and checked.

Four concepts. Nothing else. Formally verified (26 TLA+ theorems), Apache-2.0, no vendor lock-in.

Try it in your model today

EMILIA ships as an MCP server, so any MCP-capable client — Claude, GPT, Gemini, Cursor, Windsurf — can experiment with accountable actions in one line. No partnership meeting required.

npx -y @emilia-protocol/mcp-server

Or guard an existing OpenAI-compatible agent — OpenAI, xAI Grok, Together — so every irreversible tool call routes through EMILIA before it runs:

npm install @emilia-protocol/openai-guard

For production: a high-volume async signoff example (the gate is selective — the agent loop never blocks on a human), and an open recipe PR on xAI’s cookbook.

For Grok specifically, the hardened Python guard does the offline cryptographic check itself — it verifies the device signature in-process against a pinned signer key, bound to the exact requested action and single-use, so a server merely saying “approved” is never enough. It ships with a red-team regression suite that re-runs six attack vectors on every change.

The MCP server →Watch an agent get stoppedTalk to us
Real-world proof — reproducible

Autonomous treasury agent, crash-tested.

The open benchmark harness points an autonomous treasury-agent prompt at high-stakes requests (large wires, a “CFO says skip approval” injection, payout-bank changes) and safe controls, then scores what would execute with and without EMILIA. The model behavior varies by run; the EMILIA result is deterministic because the policy gate refuses receiptless high-risk actions.

Harness shape
12 cases

Six high-stakes treasury requests and six safe controls, scored from raw model output.

Deterministic gate
Receiptless high-risk = refused

The verified engine gates every ≥$50k release and bank-destination change unless a valid, action-bound receipt is present.

Auditable output
Run it yourself

Publish model-specific percentages only from a saved harness run; the repo gives reviewers the scorer and cases.

Don’t take our word for it — the harness is open. Reproduce it, or point it at your own model:

BENCH_API_KEY=sk-... node bench/run.mjs
For AI Companies — Accountability for Agent Actions | EMILIA