Execution authorization — deployment & integration

Subtitle: Runtime verification, fail-closed enforcement, and signed runtime proof before operational state changes run.

Executive summary

AI systems are moving from generating text to triggering operational actions. BiDigest inserts a deterministic authorization checkpoint between AI workflows and systems of record. Before payments, CRM updates, claims actions, or outbound communications execute, the orchestration layer calls the authorization verify API and receives a hard runtime verdict plus a verification receipt.

Product category: execution authorization. Stable v1 path: POST /api/v1/admissibility/verify — a versioned alias (e.g. /api/v1/authorize/verify) may ship later without breaking this contract.

The authorization gateway is a strict, fail-closed checkpoint for agentic workflows at the orchestration layer.

Phase 1 — Provision approved authority

Before production traffic, register the domain and regulatory identifiers your agents must respect.

Map verified corporate domain + regulatory IDs (e.g. SEC, FINRA, NPI, LEI) to your tenant
Produces a machine-readable approved authority source (provisioned allow-list) agents verify against

Phase 2 — Route workflows through verify

The authorization gateway is a strict, fail-closed checkpoint for agentic workflows.

Integrate LangChain, Copilot Studio, AWS Bedrock, n8n, Make, or custom orchestration
Call POST /api/v1/admissibility/verify before CRM writes, payments, refunds, or outbound sends
Structured payload only — not a full chat transcript

Phase 3 — Branch on verdict and record proof

Resolution is deterministic at this layer — no generative step in the gateway.

APPROVED — proceed to the downstream system with receipt_id attached
REVIEW_REQUIRED — pause automation; route to human approval (Slack, email, ticketing)
REJECTED / fail-closed — stop the binding action; signed execution record documents the denial

APPROVED — proceed with receipt_id attached. REVIEW_REQUIRED — pause for human approval. REJECTED or fail-closed — stop the binding action; signed execution record documents the denial (e.g. execution drift — unverified sources vs provisioned authority; API reason codes are stable machine identifiers).

Payload architecture

Endpoint: POST https://bidigest.com/api/v1/admissibility/verify

Authentication: API key via existing v1 middleware (Authorization: Bearer …).

Request body (example)

{
  "entity_anchor": {
    "domain": "client-domain.com",
    "regulatory_id": "SEC-801-12345"
  },
  "agent_context": {
    "orchestration_id": "prod-langchain-01",
    "proposed_action": "transmit_client_advisory",
    "prompt_hash": "a1b2c3d4e5f6g7h8i9j0"
  },
  "payload_to_verify": {
    "synthesized_claims": [
      "Our firm manages $500M in assets."
    ],
    "shadow_citations": [
      "https://client-domain.com/q3-report.pdf"
    ]
  },
  "jurisdiction_context": {
    "region_code": "eu-central",
    "skb_profile_ids": ["eu-ai-act"]
  }
}

JSON uses stable v1 wire names. Operational mapping: shadow_citations → proposed sources pending execution; decision_receipt → signed verification record (compact JWS); admissibility_status → runtime authorization verdict. Reason codes (e.g. GROUND_TRUTH_VERIFIED) are machine identifiers — explain them as authority / execution drift in runbooks.

Optional — multi-region routing: jurisdiction_context.region_code binds the request to your regional partition (example eu-central); skb_profile_ids stacks regulatory profiles (e.g. EU AI Act slice).

Response — fail-closed (403)

{
  "admissibility_status": "DENIED",
  "reason_code": "NARRATIVE_DRIFT_DETECTED",
  "failed_citations": ["internal_doc_id_9921"],
  "decision_receipt": {
    "timestamp": "2026-03-23T10:40:27Z",
    "receipt_id": "rec_fail_8847xyz",
    "signature": "<compact JWS>"
  }
}

Response — approved (200)

{
  "admissibility_status": "APPROVED",
  "reason_code": "GROUND_TRUTH_VERIFIED",
  "decision_receipt": {
    "timestamp": "2026-03-23T10:40:27Z",
    "receipt_id": "rec_pass_1122abc",
    "evidence_hash": "<sha256>",
    "signature": "<compact JWS>"
  }
}

Integration FAQ & security posture

1. Latency overhead

The gateway does not generate tokens or ingest the full context window; it performs deterministic authorization checks against your provisioned authority source. Overhead is typically single-digit milliseconds plus network — similar to a JWT validation round-trip.

2. Data privacy / PII

The contract is structural: entity anchor, cryptographic hash of the prompt (receipt binding), and the action context pending execution — not full conversational history. Final handling is covered under your enterprise DPA.

3. Availability & fail-closed behavior

If no signed verification record returns within your orchestration timeout, route to a deterministic fallback (static approved response, degraded mode, or human-in-the-loop). You control uptime without inheriting unverified AI liability.

Next step

To provision staging and receive API credentials, request a scoped authorization assessment at https://bidigest.com/governance/admissibility-vault/intake