Most systems check who you are. VAC governs what a verified human — or an agent acting under their authority — is allowed to do, decides how much proof each action needs, gates it, and writes a signed, independently-verifiable record of every decision.
Verified live human → the system decides the assurance each action needs → the action is gated → a signed, auditable record is written — for the action and for every refusal.
BUILT · LIVEBUILT · MERGINGPLANNED
Every capability below carries an honest status. We'd rather be defensible than impressive.
THE FLOW, IN ORDER
1
Verified human rootBUILT · LIVE
A live, consistent human is proven by several signals bound together in a single act — face liveness, certified passive liveness, a spoken-and-shown challenge, and gesture. Binding the signals in one act is what resists deepfakes and injected media, which a single-detector check doesn't cover.
A real human — not (yet) a legal identityBUILT · LIVE
Be precise: the biometric proves a real, same, live human. It does not, by itself, prove a legal identity. Legal-identity binding is a pluggable higher tier: biometric → SSO / OIDC → government ID (PIV/CAC, RealMe, myGovID) → KYC provider. You bind identity as strongly as the use-case demands.
Assurance proportional to the action — decided, not hardcodedBUILT · LIVE
This is the differentiator. The system reads the action and its context, assesses the risk, and decides how much proof to require — continuously. Viewing a credential might need a fast one-digit bound re-auth (seconds). Releasing money or minting authority requires the full check. The level is an output of a risk controller, not a fixed if-then rule.
THE CONTROLLER LOOP — assurance is decided per action, then the outcome trains the next decision
4
The action is gated — and the decision is auditedBUILT · LIVE
A sensitive action is refused unless a fresh, sufficiently-strong, owner-bound re-auth is proven. And every action and every refusal is written to an immutable Action Attestation Record: what was attempted, by whose authority, at what assurance level, with what result. Auditing the denials — not just the successes — is what an auditor or a court actually needs.
Live in production and adversarially reviewed (independent code-gate passed). A critical action with no fresh re-auth is refused at the gate, and the refusal is written as an auditable record. This is the gate+audit layer.
5
Bounded agent delegationBUILT · MERGING
An agent can act for a human, but its authority is derived from and bounded by that verified human — scope, expiry, and revocation are signed into the chain. Nothing acts in someone's name without tracing back to them. Revoke the human, and every downstream agent stops.
Authority-chain primitives live; the per-action attestation that binds an agent action to a fresh human authorisation is in the merging gate+audit layer.
6
Signed, independently-verifiable receiptsBUILT · LIVE
Each authority decision is a genuinely signed token (Ed25519) that anyone can verify against the backend — no trust in us required. The chain of who-authorised-what is auditable end to end.
Live: per-authorise token mint and independent verification.
WHAT'S REAL TODAY VS. THE FORWARD BUILD
The cryptographic authority primitive — verified live human, proportional re-auth, signed and verifiable tokens — is live today. You can walk it.
The action gate-and-audit layer is built and independently code-reviewed, merging to production now.
What's a forward build is encoding a specific industry's rules — for legal matters, the release conditions, statutory triggers, prescribed-witness requirements and trust-money handling. That work is scoped and built with the relevant authority (for legal, the Law Society and Fair Trading), not asserted in a demo. The platform is general; the domain rules are the partnership.