GOVERNED OPERATIONS PILOT · FINANCIAL CONTROLS
Authority you can run out of
A finance desk, modelled on a real operating environment. An approved run by the Finance Director authorizes an Operations Controller agent, which delegates a bounded refund authority to a Treasurer agent: capability refund.issue, pinned to the ops-refunds account at a $25 ceiling, with a signed budget of 3 refunds. The Treasurer issues its three refunds — each re-verified at the boundary, each with evidence written before the money moves. On the fourth — identical and in-policy in every other way — the boundary blocks it because the budget is spent: budget exhausted: 3/3 under executing edge. The agent literally no longer holds the authority. Nothing here is animated for show — it runs through the same governed boundary that runs in production, signed with an ephemeral key (never the production key), no database.
Watch the budget drain — live
Three refunds execute. The fourth is blocked at the boundary — SW-5, authority as a consumable resource. Watch the BLOCK line: it reads budget exhausted, not denied.
Replay proof — rewind & verify
The same run as an authority graph. Each executed refund is a VERIFIED side-effect node; click one and its lineage rewinds to the Finance Director. Hit Verify lineage and every edge re-derives green from the signed receipts. The delegation edge is drawn at a width proportional to its signed budget — authority is a quantity on the edge. The over-budget refund sits off to the side as a red blocked branch; click it to read budget exhausted: 3/3. Governance working, not a failure.
Loading graph…
Why budget exhaustion is the buyer's story
Most controls answer “was this action allowed?” This answers a harder one: “did the agent still have the authorityto do it?” The fourth refund was a perfectly valid action — the Treasurer simply had no authority left to spend. The block is a real SWARM_AMPLIFICATION verdict with a budget-exhaustion reason, and the side effect provably never ran. Every executed refund is independently re-derivable offline with npx @strixgov/verifier swarm swarm_treasury_demo.
Sibling demos: the deal-pipeline demo room (allowed + blocked amplification) and the live Observatory.