the authority layer
for the agent economy.
Compliance teams won't sign off on AI agents that take real authority. OAuth bearer tokens carry no scope semantics. Service-account audit trails stop at the platform's logs. Auth0 and Okta were not designed for agents at all. OrangeCheck Console is the managed tier of an open-protocol stack that replaces every layer of that gap.
{
"v": 1,
"kind": "agent-delegation",
"id": "9f3e7b21…1aa2",
"principal": { "address": "bc1q8m…f4a2", "alg": "bip322" },
"agent": { "name": "invoice-writer.prod" },
"scopes": [
{ "verb": "invoice.create", "limits": { "max_amount": 100, "rate_per_h": 20 } },
{ "verb": "invoice.refund", "limits": { "max_amount": 50 } }
],
"expires_at": { "block_height": 905600 },
"stamp": {
"id": "8c14d702…aa9f",
"status": "confirmed",
"block_height": 904122,
"calendars": ["alice", "bob", "finney"]
},
"publication": { "nostr_kind": 30083, "d_tag": "oc-agent-del:<id>" },
"sig": { "alg": "bip322", "value": "…" }
}every action a console-managed agent takes is bound to this envelope. verifiers reproduce the audit deterministically against bitcoin headers.
every enterprise agent rollout
stalls in the same place.
It is not the model. It is not the tool integration. It is the moment legal asks: what exactly is this agent allowed to do, who can prove it took only those actions, and what happens when we revoke? The existing answer stack has structural holes.
oauth has no scope semantics agents need.
Bearer tokens carry an opaque scope string. There is no time-ordering of scope grants against revocations that two parties can deterministically agree on. Compliance can't reconstruct what authority was active at what moment. Every per-platform issuer is a separate trust assumption.
service accounts have no cryptographic action audit.
The only audit trail is the platform's logs. If the platform disappears, mutates the log, or simply has a buggy retention window, the receipt is gone. Auditors cannot independently verify that a given action was authorized at the time it happened.
auth0, okta, workos solve human sso, not agent authority.
They are centralized issuers, not Bitcoin-anchored. Verification requires their service to be online and trusted. Sessions don't survive their disappearance. The threat model — agent acts autonomously, decision must replay later — was not in scope.
bitcoin-anchored authority,
managed for you.
OrangeCheck Console runs a managed deployment of oc agent and oc pledge — open protocols whose specs and reference implementations are public goods. We operate the signing service, the OC Stamp anchor pipeline (built on OpenTimestamps), the Nostr relay redundancy, and the audit-export bundling. You get four primitives that fix what the existing stack can't.
bip-322 delegation
Every agent runs under a Bitcoin-bound delegation envelope. Scope grammar is enforced before action, not after. The principal is a Bitcoin address — not a service account that can be silently rotated.
oc·stamp anchor pipeline
Every action receipt is an OC Agent action envelope reusing OC Stamp's envelope structure (BIP-322 + canonical content hash + OTS proof). Two auditors compute the same envelope id and the same Bitcoin block ordering. No third-party clock to trust.
content-addressed audit
Action receipts are content-addressed JSON. The audit bundle is a signed tarball. Compliance can verify it offline forever, without any console.ochk.io endpoint being reachable. The protocol is the API.
bonded reputation (premium)
Optional: agents accrue OC Pledge bonds against delivery commitments. Reputation is a public, stake-backed history attached to the Bitcoin-bound principal — not a proprietary score.
a console compliance can use directly —
not a deck.
Real surfaces from the design-partner build. Filter, export, replay offline. Compliance teams sign off on what they can audit themselves.
| agent | btc address | status | · |
|---|---|---|---|
| support-bot · prod | bc1q8m…f4a2 | active | |
| invoice-writer · prod | bc1qkz…9c11 | active | |
| lead-router · staging | bc1qd9…7b08 | paused | |
| scheduler · prod | bc1q3p…1ee9 | active | |
| researcher-v2 · dev | bc1qrr…aa01 | revoked |
@orangecheck/stamp-core · no console.ochk.io required- actionactioninvoice-writer · POST /v1/invoices · 14.20 USDblk 904,122stamp ✓
- actionactionsupport-bot · refund(order_8814, 22.50 USD)blk 904,122stamp ✓
- scope·Δscope·Δinvoice-writer · scope.invoice.max_amount: 50 → 100 USDblk 904,120stamp ✓
- actionactionscheduler · enqueue(job_4471, priority=normal)blk 904,111stamp ✓
- revokerevokeresearcher-v2 · revoked (operator)blk 904,109stamp ✓
- delegatedelegateresearcher-v2 · delegation issued (3 scopes, expires +14d)blk 904,108stamp pending
wire it into the stack you already ship.
Drop-in support for the agent stacks the rest of the ecosystem is converging on. v1 ships MCP. The rest land through Q3 — or sooner if you're a design partner asking for them.
first cohort forming now.
We are accepting a small number of AI-agent platform companies into the v1 design-partner program. Heavy involvement from the OrangeCheck team, priority on the integrations you need, no ratecard until your team is confident the audit story actually unblocks your enterprise pipeline.
open protocols. one managed product.
sat-denominated economics.
Six composable open protocols beneath. One managed enterprise product above. Verifies offline, against Bitcoin, forever. No token. No custody.