Cryptographic governance. · v0.3 · Phase 1 · Building
OrgForge is a deterministic authorization protocol that makes organizational governance mechanically enforceable. Actors (human, software, or autonomous AI agent) submit cryptographically signed intents describing proposed actions. OrgForge evaluates each intent against an OrgSpec: a machine-readable organizational constitution. If the intent satisfies every constraint, OrgForge issues a signed authorization artifact. Execution systems verify that artifact before acting. Without a valid artifact, execution does not proceed.
This paper introduces one primitive: deterministic authorization of actions against a cryptographically committed governance specification. We define the formal objects, specify the protocol algorithms, formalize the security model with game-based proofs, and reduce unauthorized execution to standard cryptographic hardness assumptions. Phase 0 is complete. Phase 1 is underway.
| Γ : 𝕀 × ℂ → (𝔸 × ℂ) ∪ ({⊥} × ℂ) | |
| (A, C') = Γ(I, C) | // AUTH RULE |
| Execute(I) ⟺ Verify(A, I, R) | // EXEC GATE |
| Rejection Inertia: A = ⊥ ⟹ C' = C | |
Every action, before it executes, must carry a signed proof that it satisfies the organization's rules as of the current OrgSpec version. Execution systems verify the proof. The proof cannot be fabricated, transferred to a different intent, or reused under a different policy.
Five stages: the actor constructs and signs an intent. OrgForge evaluates the intent against the OrgSpec. If authorized, a threshold-signed artifact is issued. The execution system verifies the artifact. Only on successful verification does the action execute.
Without a valid artifact, execution is rejected. Deterministically. Every time. No override path.
Organizational rules exist outside the systems that execute actions. A policy document cannot block a payment. A Slack thread cannot halt a deploy. A governance vote cannot stop a trade.
The structural failure is precise: execution systems enforce access, not governance. They verify whether an actor has credentials. Not whether using those credentials satisfies the organization's actual rules at that moment. Governance and execution are separate systems with no cryptographic connection between them.
The AI forcing function makes this urgent. Once an agent has credentials, it becomes an operator. It executes at machine speed. The assistant and the operator are the same entity. The governance layer that was already missing for human processes is now absent for systems that can execute thousands of actions per minute.
An OrgSpec is a machine-readable organizational constitution. It encodes the rules under which actions are permitted. Current v0 capabilities include:
| spending limits | // per-transaction + daily notional |
| multi-approval thresholds | // human sign-off above threshold |
| role-based permissions | // actor → role → allowed_action_types |
| rate limits | // max_calls_per_minute, max_trades_per_minute |
| allowed markets / tools | // scoped per role |
| operational states | // freeze / audit / incident modes |
| agent-specific restrictions | // autonomous agent guardrails |