Under the Hood: How Two-Gate Enforcement Works

Security marketing is full of buzzwords. At PolicyLayer, we believe in "Provable Security."

Our core architecture is based on a concept called Two-Gate Enforcement. This post explains the cryptography behind how we secure agent transactions without ever holding your private keys.

The Challenge

We need to validate a transaction against a policy (e.g., "Max $100") before it is broadcast to the blockchain, but we (PolicyLayer) do not have the private key to sign it.

Gate 1: Intent Validation

1. The Agent constructs a transaction object (The Intent).
   • To: 0xBob
   • Value: 50 USDC
2. The SDK sends this Intent to the PolicyLayer API.
3. The API checks the database:
   • Does this violate the Daily Limit? No.
   • Is 0xBob whitelisted? Yes.
4. The API creates a fingerprint of the Intent using SHA-256.
   • Hash = SHA256(To + Value + Data + Nonce)
5. The API returns a signed Auth Token containing this hash.

Gate 2: Verification & Signing

1. The Agent receives the Auth Token.
2. The Agent sends the Intent + Auth Token to the Policy Validator (a local or remote verification step depending on configuration).
3. The Validator re-calculates the hash of the current transaction.
4. The Check: If (CurrentHash === AuthToken.Hash) -> APPROVE.

The Security Guarantee

If the Agent (or a hacker) tries to modify the transaction after getting approval (e.g., changing the value from 50 USDC to 5000 USDC), the Hash will change.

NewHash != AuthToken.Hash

The transaction is rejected instantly.

This creates a Cryptographic Link between the Policy Check and the Transaction Signature. One cannot exist without the other.