Authority isn't a setting. It's a ledger of decisions.

Most systems store authority as current state — a row you can overwrite and never explain. Authority Sourcing™ stores it the way ledgers store money: as an append-only log of events. Every grant, delegation, revocation and decision is a sealed event, so an entity's authority at any instant is a fold over that log — and you can replay the exact decision on an Authority Timeline™ and walk the Authority Graph™ behind it.

Start a governed pilot See a sealed decision

Event sourcing, applied to authority

If you have built an event-sourced system, you already understand Authority Sourcing™ — KYE Protocol™ applies the same discipline to the one piece of state a regulator asks about, and emits it as a fixed family of 7 signed JSON schemas that map to the EU AI Act™ Article 12 logging duty, NIST AI RMF and ISO/IEC 42001™.

The log is the source of truth. Authority is never overwritten in place; every change is a new, Ed25519-signed event appended to a write-once store under a retention policy — not a row you can edit.
Current authority is a projection. "Can this agent pay this invoice right now?" is answered by folding the log — exactly as an account balance is a fold over transactions, never a number someone typed.
Every decision is itself an event. Each consequential action emits a Decision Map™ (its inputs, the rules it hit, the outcome), sealed into an Evidence Pack™ and made Replay-Proof™ — verifiable offline from published keys alone, without trusting KYE Protocol™.
Nothing is lost. Because state is derived, you can reconstruct authority as it stood at any past moment — what you need for an incident today, and an auditor needs for the same action next quarter.

This is not a new engine. Authority Sourcing™ is the name for what KYE Protocol™ already does — the Evidence Pack™ chain, write-once audit retention, and replay verification — framed as the event-sourcing pattern teams already know.

The Authority Timeline™ — replay one decision

When an action is questioned, you do not reconstruct intent from logs and memory — you open the action's timeline and read the sealed events in order. Worked example: a treasury agent proposes a supplier payment.

The Authority Timeline™ is a projection of the locked Evidence Timeline contract (the operator widget defined in the KYE GovernedUI™ rail). The schema names are the canonical event family every consequential action emits.

The Authority Graph™ — walk the authority behind it

A timeline answers what happened, in order. The Authority Graph™ answers on whose authority — it is the typed graph of principals, delegations, scopes and decisions that the Decision Engine™ walks to admit or block each action.

The same decision, as a graph. Authority Sourcing™ keeps the timeline and the graph in lock-step: every edge here is backed by an event on the timeline above, and every event resolves to nodes on this graph.

Why a CISO, an auditor and a builder all want this

One log, three audiences — because event-sourced authority serves the question each of them actually asks.

For a CISO — when an agent does something it should not have, you replay the Authority Timeline™ and see the exact failed control, not a guess. Authority Finality™ lets you revoke mid-flight, and the revocation is itself an event.

For an auditor or regulator — the EU AI Act™ Article 12 logging duty and NIST AI RMF’s govern function bind per action; a folded, Replay-Proof™ log discharges them as evidence, mapped across 170 frameworks including ISO/IEC 42001™.

For a builder — you emit the event family from your runtime and get the timeline, the graph and the proofs for free. KYE Protocol™ sits above whatever agent runtime you choose; it does not replace it.

For everyone — because authority is derived from the log, “what could this agent do last March?” is a query, not an archaeology project.

Start a governed pilot Explore the Authority Graph™