Who authorized it?
Security admin minted authority for Dean finance automation.
Issuer key: satgate-mint-demo-2026-05
Evidence Pack Demo Artifact
Who authorized what?
This is the visible SatGate Evidence Pack: a canonical JSON artifact and buyer-readable viewer proving the agent, policy, budget, delegation, paid-rail context, receipts, and export integrity behind one workflow.
Executive summary
- Evidence Pack
- ep_demo_2026_05_10_001
- Subject
- Invoice reconciler worker
- agent:invoice-reconciler-worker
- Budget
- 0.78 / 3.00 USD spent
- Remaining shown as 0.00 after the budget denial event.
- Verification
- 10 linked receipts
- sha256:0fbd3a9a2a686c4a7c9ec9d061d64d1c69d94c50adc674567bacfec647bc74d9
Prospect comprehension check
The artifact answers the buyer's core questions.
Which agent acted?
Invoice reconciler worker acted as agent:invoice-reconciler-worker.
Tenant: Acme Finance
Under which policy?
Invoice reconciliation worker policy 2026-05-10.7 enforced authority before execution.
Policy ID: pol_invoice_reconciliation; mode: Control; digest: sha256:demo_policy_digest_v7
Under which budget?
bud_FIN_AP_042 delegated 3.00 USD; 0.78 spent before denials.
Cost center: FIN-AP-042; exhausted: yes
Was it delegated?
Dean finance automation delegated a narrower capability to Invoice reconciler worker.
Scope, budget, depth, and expiry are all attenuated in the child grant.
Was a paid rail involved?
2 payment-context events are preserved across enterprise_ledger and optional paid rails.
External rails: x402, l402, api_key_billing, enterprise_contract
Authority chain
Root grant → attenuated worker capability.
The child capability is narrower than the parent: less scope, a smaller budget, no customer-data export, and no additional delegation depth.
Step 1: root_grant
Dean finance automation
Effective scope
invoices:read, invoices:search, mcp:invoice-tools, mcp:document-ai
Budget limit
25.00 USD
Step 2: delegation
Invoice reconciler worker
Effective scope
invoices:read, invoices:search, mcp:document-ai.ocr
Budget limit
3.00 USD
Receipt timeline
Every allow, deny, revoke, paid call, and export leaves a receipt.
#1 · 14:22:31
mint
mint_capability
agent:dean-finance-automation
root_capability_issued
issued
#2 · 14:23:04
delegation
delegate_capability
agent:invoice-reconciler-worker
scope_budget_and_depth_attenuated
attenuated
#3 · 14:23:18
spend
call_mcp_tool
mcp:invoices.search
dec_demo_invoice_policy_v7
allowed
#4 · 14:24:02
spend
call_api_route
/v1/invoices/compare
dec_demo_invoice_policy_v7
allowed
#5 · 14:24:44
spend
call_paid_tool
mcp:document_ai.ocr
dec_demo_invoice_policy_v7
allowed
#6 · 14:25:08
denial
call_api_route
/v1/invoices/export
scope_violation:no_customer_data_export
blocked
#7 · 14:25:33
denial
call_api_route
/v1/invoices/reconcile
budget_exhausted
blocked
#8 · 14:26:11
revocation
revoke_capability
agent:invoice-reconciler-worker
incident_review_stop_worker
revoked
#9 · 14:26:16
post_revoke_denial
call_mcp_tool
mcp:invoices.search
capability_revoked
blocked
#10 · 14:26:31
export
export_evidence_pack
evidence_pack:ep_demo_2026_05_10_001
auditor_request
evidence_pack_issued
Paid-rail context
Rail-neutral by design.
The pack records internal enterprise ledger spend and the x402 paid document-AI call without making the payment rail the product. Payment proves value moved. SatGate proves the worker had authority to move it.
enterprise_ledgerx402l402api_key_billingenterprise_contract
Verification block
Machine-readable export.
- Canonicalization
- RFC8785-JCS
- Hash algorithm
- sha256
- Signature
- ed25519:REDACTED_DEMO_SAMPLE_DO_NOT_VERIFY
- Demo caveat
- Public demo fixture uses deterministic demo hashes and placeholder signature. Production exports sign the canonical Evidence Pack envelope and receipt chain root.
Buyer takeaway