Enterprise · Compliance · Legal

Full Multi-Agent Action Ancestry

Every AI action your enterprise takes is traceable to its root human authorization , biometrically confirmed, cryptographically signed, and independently verifiable.

Book Enterprise Demo →Yebo Authorization Certificate

Full chain

Root to tool call

12 checks

Sentinel invariants

CSV export

Compliance report

Tamper-evident

Hash-linked ledger

Every action traces back to a human

When an AI agent executes a multi-step workflow, Yebo records the full delegation chain. Auditors can walk from any tool call back to the original biometric authorization.

👤

Human

Face ID / Touch ID in Secure Enclave

📜

PAI Token

Hardware-attested hardware-bound cryptographic signature

🔒

AP2 Mandate

Immutable authorization primitive + policy hash

🤖

Orchestrator Agent

Root delegation point

🤖

Sub-Agent

Delegated scope enforced by Sentinel

🔧

Tool Call

Final execution, tracked as action_id

Compliance API Reference

Three endpoints give compliance and legal teams everything they need.

1. Full action ancestry

GET /chain-of-trust/ancestry/:action_id

GET https://gateway.yebo.dev/chain-of-trust/ancestry/{action_id}

// Response
{
  "action_id": "act_7f3a2b9c1234",
  "root_agent_id": "agent_claude_enterprise_orchestrator",
  "root_identity_id": "did:yebo:sha256:a4f2c8b3d1e9...",
  "root_mandate_id": "MND-7F3A2B9C1234ABCDEF012345",
  "total_depth": 3,
  "contains_violation": false,
  "ancestry_chain": [
    {
      "depth": 0,
      "agent_id": "agent_claude_enterprise_orchestrator",
      "action_type": "workflow_start",
      "mandate_id": "MND-7F3A2B9C1234ABCDEF012345",
      "authorized_by": "did:yebo:sha256:a4f2c8b3...",
      "timestamp": "2026-03-26T10:00:00.000Z"
    },
    {
      "depth": 1,
      "agent_id": "agent_gpt4_procurement_sub",
      "action_type": "vendor_lookup",
      "mandate_id": "MND-DELEGATED001",
      "authorized_by": "did:yebo:sha256:a4f2c8b3...",
      "delegated_from": "MND-7F3A2B9C1234ABCDEF012345",
      "timestamp": "2026-03-26T10:01:14.000Z"
    },
    {
      "depth": 2,
      "agent_id": "agent_stripe_payment_executor",
      "action_type": "payment",
      "mandate_id": "MND-PAYMENT001",
      "authorized_by": "did:yebo:sha256:a4f2c8b3...",
      "delegated_from": "MND-DELEGATED001",
      "amount": 5000.00,
      "timestamp": "2026-03-26T10:03:47.000Z"
    }
  ],
  "root_yac": { "...": "full YAC/1.0 certificate for root mandate" }
}

2. Exportable compliance report

GET /audit/compliance-report

GET https://gateway.yebo.dev/audit/compliance-report?enterprise_id=acme&from=2026-01-01&to=2026-03-31

// Response
{
  "enterprise_id": "acme_corp",
  "report_period": { "from": "2026-01-01", "to": "2026-03-31" },
  "generated_at": "2026-03-31T23:59:59.000Z",
  "summary": {
    "total_mandates": 1847,
    "authorized": 1832,
    "denied": 12,
    "sentinel_violations": 3,
    "total_amount_authorized_usd": 2847293.50,
    "top_capabilities": ["payment", "data_access", "approval"]
  },
  "violation_details": [
    {
      "mandate_id": "MND-...",
      "sentinel_check": "policy_integrity",
      "description": "Policy hash mismatch, action attempted under expired policy",
      "timestamp": "2026-02-14T08:23:11.000Z"
    }
  ],
  "policy_versions_active": ["policy_v3.2", "policy_v3.3"],
  "yac_export_url": "https://gateway.yebo.dev/audit/compliance-report/export?enterprise_id=acme&format=csv"
}

3. Single mandate, auditor view

GET /authorization-receipt/:mandate_id/auditor

GET https://gateway.yebo.dev/authorization-receipt/{mandate_id}/auditor

// Response, includes sensitivity-redacted fields for third-party sharing
{
  "receipt_id": "yac_7f3a2b9c-1234",
  "mandate_id": "MND-7F3A2B9C1234ABCDEF012345",
  "capability": "payment",
  "authorization_status": "authorized",
  "execution_status": "executed",
  "authorized_by_redacted": "did:yebo:sha256:a4f2c8**REDACTED**",
  "policy_hash": "a4f2c8b3d1e9f0a1b2c3d4e5f6a7b8...",
  "timestamp": "2026-03-26T10:05:32.000Z",
  "protocol_version": "YAC/1.0",
  "signature": "3045022100a4f2c8...",
  "sentinel_passed": true,
  "sentinel_checks_passed": 12,
  "sentinel_checks_total": 12,
  "sentinel_detail": "All 12 system invariants verified. Results available on request."
}

Regulatory alignment

EU AI Act

High-risk AI systems must maintain logs of inputs, outputs, and human oversight decisions.

✓

YAC provides cryptographic proof of human oversight. Audit reports are exportable for regulatory submission.

SOX (Sarbanes-Oxley)

Financial controls must demonstrate that material transactions were authorized by appropriate personnel.

✓

Every payment mandate is tied to a biometrically-authorized identity. Full ancestry trace from wire transfer to root human approval.

HIPAA AI Governance

Access to protected health information by AI systems must be authorized and auditable.

✓

data_access and healthcare capabilities enforce biometric authorization. YAC provides HIPAA-compliant audit artifacts.

SOC 2 Type II

Continuous evidence that logical access controls are operating effectively.

✓

Compliance report API provides machine-readable authorization logs. Sentinel violation log is tamper-evident.

Yebo does not provide legal advice. Consult your compliance counsel to map these capabilities to your specific regulatory obligations.

Ready to build an auditable AI stack?

Our enterprise team will walk you through integration, custom policy setup, and compliance report configuration.

Book Enterprise Demo Developer Docs