Agent Authorization Authority

Who authorized this agent
and can you prove it later?

Portable proof of who authorized which agent to act. Signed at the source, verifiable offline, without SSX360 in the trust path.

Notary, not watchtower

Inventory is not authorization. Dashboards that attest to themselves are not proof.

NHI inventories what exists. SSX360 produces the authorization record they don't: portable, offline-verifiable, yours to keep.

Before action

Sign declared actor, tool, scope, and changed surface before merge or tool drift is accepted.

Offline proof

Verify the record in CLI, browser, or CI with the same RFC 8032 bytes. No SaaS lookup required.

Governs agents, not people

We record what an autonomous agent was authorized to do and did. Never keystrokes or developer productivity.

Complements NHI

Keep your NHI inventory, vault, and ITDR stack. Add the authorization record they do not produce.

Enterprise trust infrastructure

How authority becomes evidence

Local signing, CI enforcement, offline verify. Keys never leave your machine.

Signed at commit time

Ed25519 envelopes bind actor, tool, and scope before merge. Keys never leave the machine.

pip install "matrixscroll==0.6.0"

Scroll Gate on protected branches

Block unsigned or tampered agent activity in CI — warn-mode first, then enforce.

ssx360 check --hosted

Offline evidence packs

Export ssx360.evidence-pack.v1 JSON. Auditors verify years later with no vendor in the loop.

ssx360 evidence export

Defense against rug-pull attacks

AI agent tools can change even after you approve them.

Snapshot at approval. One changed character trips verification before the agent runs.

  1. 1

    Approve a tool

    Matrix Scroll takes a cryptographic snapshot of the tool definition at authorization time.

  2. 2

    Quiet edit

    Someone changes the tool description — the classic rug-pull / tool-poisoning path.

  3. 3

    Verification fails loudly

    One changed character trips the hash. Drift exits with code 2 and fails CI — the agent never runs the altered tool.

Try the MCP Trust Scannerpip install "matrixscroll==0.6.0"
tool pin · verify

Built to scale

Built for regulated environments.

01

Customer environment

Developer laptops, USB-C hardware keys, GitHub / GitLab on protected branches. Signing stays local.

02

Management platform

Fleet enrollment, identity, policy engine, audit logging — the control plane, not the trust path.

03

Monitoring stack

Prometheus, Grafana, SIEM export. Evidence remains offline-verifiable without SSX360 in the loop.

Active R&D

What we are working on

Software signing ships today. Hardware and post-quantum paths are in validation.

SE050 secure-element integration

Transitioning from software-emulated keys to on-device NXP SE050 root-of-trust signing. Bench-validated PoC (Jul 2026) — firmware validation / pilot, not GA.

Post-quantum overlays

Optional FIPS 204/205 (ML-DSA / SLH-DSA) for software signers — future-proof agent signatures while hardware remains Ed25519.

SIEM / enterprise monitoring

Direct SIEM logs and compliance dashboarding for fleet health, revocation, and incident response.

SOC 2 Type I readiness

Actively building toward audit windows targeted Q3–Q4 2026. Readiness and alignment language only — never “SOC 2 certified.”

Authorization Pilot

Request a pilot consultation

Scoped engagement for teams running agents in payments, credit, AML, or KYC. Scroll Gate, MCP baselines, evidence export — we fit it to your environment.

Read the docs · matrixscroll.com

Repo contents never leave your machine — see exactly what's hosted →

They receipt the model call. We receipt everything the machine does.