Whitepaper: AT1C Protocol Specification (v1.0)
AT1C establishes a civilization-grade standard for digital identity sovereignty.
Own Your Identity. Prove Your Intent.AI agents can act for you.
AT1C makes sure they only act with your permission.The first cryptographic authorization layer for AI.[ Get Started ] [ View GitHub ]Problem Section
AI Can Act. But Who’s Accountable?AI systems are already:Moving money
Making decisions
Accessing sensitive dataBut today:There is no proof of what you actually approved.When something goes wrong:You say: “I didn’t authorize that.”
The company says: “Our logs say you did.”Logs aren’t proof. Buttons aren’t proof.Solution Section
Turn Consent Into Cryptographic ProofAT1C replaces vague approvals with signed, enforceable permissions.Instead of:“Approve transfer”You sign:“Allow up to $5,000 to this address for 24 hours”Every action becomes:✅ Explicit
🔒 Bound by limits
📜 Cryptographically provable
How It Works
Simple. Secure. Enforceable.1. Define Policy
Set exactly what your AI is allowed to do2. Sign It
Approve with FaceID / passkey3. Execute Safely
Agent acts only within those limits4. Get Proof
Every action generates a verifiable receiptKey Value Props
🛑 Stops Bad Actions Before They HappenPolicy violations are blocked before execution
—not logged after the damage is done📜 Proof You Can Take to CourtEvery action is backed by a cryptographic signature👤 Identity You Actually OwnBuilt on the QRL blockchain:Not controlled by any company
Not revocable
Quantum-resistant
🤖 Built for AI AgentsWorks with:Trading bots
AI assistants
Autonomous systems
Regulatory Section
Built for the New AI LawsThe EU AI Act requires:Human oversight
Auditability
Control over AI decisionsAT1C delivers all three—by design.Requirement AT1C
Human control Signed policies
Oversight Pre-execution enforcement
Audit trail Cryptographic receipts
Use Cases
💸 FinanceAuthorize transfers with strict limits🤖 AI AgentsControl exactly what your AI can do🔐 IdentityOne identity across all platforms📜 Digital InheritanceYour identity and assets don’t die with your deviceThe Big Idea Section
AI Needs Permissioning, Not Just IntelligenceWe’ve spent a decade making AI smarter.Now we need to make it accountable.AT1C is to AI what HTTPS is to the web.Invisible. Essential. Everywhere.Social Proof / Future Vision
Designed for a World of Autonomous AgentsSoon, AI will:Manage finances
Run businesses
Act continuously on your behalfAT1C ensures:You stay in control.Start Building Accountable AIGive your agents:
Limits
Proof
Trust[ Get Started ]
[ View Documentation ]AT1C
One Human. One Identity. Infinite Agents.IDocument 2:
AT1C SDK — API Specification (v1.0)
Cryptographic Authorization for AI Agents
Design Goals
Minimal surface area
Hard to misuse
Policy-first (not action-first)
Local enforcement by default
Explicit over implicit
1. Core Concepts
AgentRepresents an AI system acting on behalf of a user.PolicyDefines what is allowed.Authorization (Auth)A signed policy from the user.ReceiptProof that an action was executed under authorization.2. Initialization
import at1csdkagent = at1csdk.Agent(
at1cid="AT1C:qrl:0xabc123...",
agentname="tradingbot",
agentversion="1.0.0",
network="qrl"
)
3. Policy DefinitionPolicies must be explicit and bounded.policy = at1csdk.Policy(
actions={
"transfer": {
"maxamount": 5000,
"currency": "USD",
"recipientwhitelist": ["0xabc123"],
"requireapprovalabove": 2500
}
},
validity={
"duration": "24h",
"timewindow": "09:00-17:00 UTC"
},
constraints={
"maxtransactionsperday": 10,
"cooldownseconds": 300
},
version="1.0"
)
4. Request Authorization
auth = agent.requestscope(policy)if not auth.issigned:
raise Exception("User denied authorization")
Auth Object
auth.issigned # bool
auth.receipt # Signed authorization
auth.expiresat # datetime
auth.policyhash # hash of policy
auth.signer # user identity
5. Execute Action
result = agent.execute(
action="transfer",
params={
"amount": 1000,
"recipient": "0xabc123"
},
auth=auth.receipt
)
Execution GuaranteesBefore execution:Policy is verified
Parameters are validated
Signature is checkedIf invalid → ❌ Blocked locallyResult Object
result.status # "success" | "failed"
result.receipthash # cryptographic proof
result.timestamp
result.policyversion
6. Errors
PolicyViolationError
try:
agent.execute(...)
except at1csdk.PolicyViolationError as e:
print(e.reason)
print(e.attempted)
print(e.allowed)
AuthorizationError
except at1csdk.AuthorizationError as e:
print(e.reason)
NetworkError
except at1csdk.NetworkError:
# fallback or retry
7. Policy Updates
newpolicy = policy.copywith(
actions={
"transfer": {
"maxamount": 10000
}
},
version="1.1",
supersedes="1.0"
)auth = agent.requestscope(newpolicy)if auth.issigned:
agent.updatepolicy(newpolicy)
8. Revocation
agent.revoke(auth.receipt)
Guarantees:
Immediate invalidation
Future executions blocked
9. Multi-Signature (Advanced)
policy = at1csdk.Policy(
actions={
"transfer": {
"maxamount": 100000,
"multisig": {
"signers": ["[email protected]", "[email protected]"],
"threshold": 2
}
}
}
)auth = agent.collectsignatures(policy)if auth.signaturecount >= 2:
agent.execute(...)
10. Offline Mode
if agent.canexecuteoffline(policy):
result = agent.executeoffline(action, auth.receipt)
agent.queueforsync(result)
11. Compliance Logging (Required)
log.record({
"event": "execution",
"userid": agent.at1cid,
"action": "transfer",
"amount": 1000,
"receipthash": result.receipthash,
"policyversion": result.policyversion,
"timestamp": result.timestamp
})
12. Security Model
Enforced Guarantees:
❌ No unsigned action executes
❌ No out-of-policy parameters execute
❌ No silent escalation
Assumptions:
User controls signing device
Cryptography remains secure
SDK runs in trusted environment
13. Minimal JS Version
const agent = new AT1C.Agent({
at1cid: "AT1C:qrl:0xabc123"
})const policy = {
action: "transfer",
maxamount: 5000,
recipient: "0xabc123"
}const auth = await agent.requestScope(policy)if (auth.signed) {
await agent.execute({
action: "transfer",
amount: 1000,
recipient: "0xabc123",
auth: auth.receipt
})
}
14. Golden Rule (SDK Philosophy)If it’s not signed, it doesn’t happen.If it’s not within policy, it’s invalid.The AT1C Protocol is live
The standard is set
Build the future of accountable Sovereign Identity with AT1C
Agents Made Inheiritable
AT1C The Missing Layer for AI Accountability
We make AI actions provable.
The Problem
AI agents are starting to act on behalf of users:
Moving money
Making decisions
Accessing sensitive dataBut there’s a fatal flaw:There is no way to prove what a user actually authorized.Today’s systems rely on:Logs (editable)
“Approve” buttons (ambiguous)
Terms of service (irrelevant in real time)When something goes wrong:Users say: “I didn’t approve that.”
Companies say: “Our logs say you did.”
Regulators step in.Result: liability, fines, and zero trust.The Shift (Why Now)The EU AI Act (2026) changes everything.It requires:Human oversight
Auditability
Proof of control over AI decisionsNot “best effort.”
Proof.No existing system provides this cryptographically.The Solution: AT1CAT1C is a cryptographic authorization layer for AI.We turn vague consent into mathematically provable permission.Instead of:“User approved transfer”You get:“User signed: transfer up to $5,000 to this address, valid for 24h”Every action becomes:Explicit
Bounded
Verifiable
How It Works (Simple)
User defines a policy
User signs it (biometric / passkey)
AI agent can only act within that policy
Every action produces a cryptographic receiptIf the AI tries to exceed limits:It is blocked before execution.No ambiguity. No “interpretation.”What Makes This Different
1. Prevention, Not DetectionWe don’t log bad actions—we make them impossible.2. Proof, Not PromisesEvery action is backed by a user signature tied to parameters.3. User-Owned IdentityIdentity lives on the QRL blockchain:Not controlled by platforms
Not revocable by companies
Secure against future quantum threats
4. AI-Ready by DesignBuilt specifically for:Autonomous agents
Financial actions
High-risk decision systems
Why This Wins
For Developers
Built-in compliance layer
Reduced liability
Works with any AI (wrapper model)
For Users
Full control over what AI can do
Transparent permissions
Identity they actually own
For Regulators
Cryptographic proof of human oversight
Clear audit trail
Enforceable boundaries
The InsightAI doesn’t need better intelligence.It needs better permissioning.AT1C is to AI what HTTPS is to the web.Invisible, but essential.Market DirectionEvery AI system that:Moves money
Makes decisions
Acts autonomously…will require:Provable authorizationAT1C becomes the default layer for:AI agents
Fintech
Identity systems
Enterprise compliance
The VisionOne human. One identity.Used across:Every app
Every agent
Every transactionPersistent. Transferable. Verifiable.ClosingThe question is no longer:“Can AI act for users?”The question is:“Who is accountable when it does?”AT1C answers that with certainty.AT1COwn your identity. Prove your intent.Inheritance and lifecycle management AI agents survive the human.For the World A Decentralized Identity Network
(AT1C) an open, quantum resistant framework for autonomous agent accountability that no government, corporation, or individual can control or corrupt.
*****
Plant a seed in someone's mind together lets make a change.