OpenApprove

v0.1.0 — Sovereign Authority Mint

Mint signed execution approvals for your workflows. OpenApprove generates cryptographically signed authorization artifacts that allow deterministic execution inside OpenExec.

OpenApprove defines a portable approval artifact format for deterministic execution systems.
Deterministic Execution Compatible

Request API Access

Instant Early Access

Save these now. The API key cannot be retrieved later.

What It Does

Create signed approval artifacts (Ed25519)
Bind authorization to payload hash
Prevent unauthorized execution

What It Does Not Do

Does not execute code
Does not make policy decisions
Does not call external services

Flow

You → OpenApprove → Signed Approval → OpenExec executes

Quick Start

POST /mint-approval
X-API-Key: YOUR_API_KEY

{
  "tenant_id": "your_tenant",
  "action": "echo",
  "payload_hash": "e3b0c44298fc1c14...64_char_hex",
  "nonce": "unique_request_id",
  "ttl_seconds": 60
}

payload_hash must be the SHA-256 hash of the exact execution payload that OpenExec will later execute. The hash binds approval to payload.

curl Example

curl -X POST https://openapprove.forgerun.ai/mint-approval \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "tenant_id": "your_tenant",
    "action": "echo",
    "payload_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
    "nonce": "unique_request_id",
    "ttl_seconds": 60
  }'

Verification

Artifacts are independently verifiable. No callback to OpenApprove required.

Public verification key (Ed25519):
key_id: openapprove-main-v1

from nacl.signing import VerifyKey
import base64

public_key = base64.b64decode("QBFsxwPovcDxTD35QuemRdWepeR2wgJL3KjXo6aHDK8=")
verify_key = VerifyKey(public_key)
verify_key.verify(canonical_artifact_bytes, base64.b64decode(signature))

If your system needs to prove that something was approved before execution, OpenApprove provides the cryptographic authorization layer.

API Docs Health Version Request Access