§ why console

The agent-authority gap, made concrete.

The promise of an enterprise AI agent is autonomy. The blocker is that nobody in the existing identity stack designed for autonomy. Here is a row-by-row comparison your compliance reviewer can falsify on their own infrastructure — not a marketing matrix.

property-by-property comparison

✓ = the system natively provides this. ~ = a partial / unenforceable approximation. ✗ = absent. None of the cells below are matters of opinion; each is a verifiable claim about the relevant spec.

property	oauth 2.0	svc account	auth0/okta/workos	oc console
principal is bitcoin-bound	✗	✗	✗	✓bip-322 address
scope grammar is structured + enforceable pre-action	~ string	~ role	~ policy	✓typed json
every action receipt is content-addressed	✗	✗	✗	✓sha256
audit ordering is deterministic across two verifiers	✗	✗	✗	✓oc-stamp → btc
survives the issuer disappearing	✗	✗	✗	✓protocol = api
verifies offline, no api required	✗	✗	✗	✓forever
revocation is timestamped against a public clock	~ wall	~ wall	~ wall	✓btc block
no centralized issuer required	✗	✗	✗	✓self-host ok
reputation is bonded + publicly verifiable	✗	✗	✗	✓oc pledge

§ scope is structured, not stringly

grammar a verifier can replay.

OAuth scope is an opaque string with no enforcement story beyond “trust the resource server”. OC Agent scope is typed JSON with explicit verbs, limits, and constraints — and a canonical serialization that two verifiers reduce identically.

scope.json · invoice-writer · v3

{
  "agent":     "invoice-writer.prod",
  "principal": "bc1q8m…f4a2",
  "scopes": [
    {
      "verb":   "invoice.create",
      "limits": {
        "max_amount":  { "currency": "USD", "value": 100 },
        "rate_per_h":  20
      },
      "constraints": {
        "customer.kyc_state": "verified",
        "ip_country":         "US|CA|GB"
      }
    },
    {
      "verb":   "invoice.refund",
      "limits": { "max_amount": { "currency": "USD", "value": 50 } },
      "constraints": {
        "invoice.age_days": "<= 30",
        "approver.ref":     "human"
      }
    }
  ],
  "expires_at": "block_height >= 905600",
  "anchored":   true,
  "verifies":   "offline · @orangecheck/agent-core@^0.4"
}

/agents/invoice-writer · scope timeline · btc-anchored

[01]
invoice-writer · v1liveblk 903 940 → 904 002
scope.invoice.max_amount: 50 USD · created at delegation
[02]
invoice-writer · v2limitedblk 904 002 → 904 120
scope.invoice.refund: removed (compliance Δ ticket #4419)
[03]
invoice-writer · v3liveblk 904 120 → present
scope.invoice.max_amount: 50 → 100 USD · approver=human required

deterministic. any verifier orders these against bitcoin headers identically.

§ revocation has a public clock

two auditors, one timeline.

Every scope mutation and revocation is wrapped in an OC Stamp envelope and anchored to a Bitcoin block (OC Stamp's underlying rail is OpenTimestamps). Two auditors looking at the same bundle compute the same active-scope-set for any block height. There is no “wait, but the IdP's clock said…” argument left to have.

what the protocol layer gives us that a SaaS layer can't

Console is a managed product, not a fork. The wire format, the scope grammar, the audit-bundle structure, and the Bitcoin-anchoring rules are all defined by the open oc-agent-protocol spec. The verifier is @orangecheck/agent-core on npm. If we disappear tomorrow, every receipt we ever issued continues to verify, on any laptop, against the Bitcoin headers.

That is the property most enterprise compliance reviewers actually want and almost no SaaS vendor can offer. We sell operations, not lock-in.

Want to walk through this against your specific compliance language? Book a design-partner call — we'll bring an engineer and a lawyer.

book a call →