Send an event, get a verdict in ~28ms, and the decision is already sealed into a tamper-evident SHA-256 chain before your response arrives — carrying its own proof of inclusion. 100 free decisions, no card. Base URL: https://sebbi.pro
1. Get a key at sebbi.pro/#signup — instant, free tier included. 2. Send your first event:
curl -X POST https://sebbi.pro/api/govern \
-H "Authorization: Bearer YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"user_id": "user_123",
"action": "payment",
"amount": 49.99,
"country": "UK",
"device_id": "dev_abc",
"anomaly": 0.1,
"device_risk":0.05
}'
{
"decision": "ALLOW",
"score": 0.21,
"trust": 0.505,
"reasons": [],
"ruleset": "sealed regulation-map version",
"audit_hash": "43ac8582…", // this decision's sealed block
"block_index": 1042,
"receipt_seq": 47 // gapless — your 47th decision, provably
}
All seven fields are required. The engine is deterministic — identical inputs always produce identical outputs.
| Field | Type | Meaning |
|---|---|---|
| user_id | string | Your stable identifier for the acting user. Trust is learned per user_id. |
| action | string | What they're doing — payment, login, message, anything. |
| amount | number | Monetary value if relevant, else 0. Log-scaled internally. |
| country | string | ISO-style code. Country changes and off-allowlist jurisdictions raise score. |
| device_id | string | Device identifier for velocity correlation. |
| anomaly | 0–1 | Your behavioural-anomaly signal, if you have one. 0 if not. |
| device_risk | 0–1 | Your device-risk signal, if you have one. 0 if not. |
Verdicts: score < 0.35 → ALLOW · < 0.70 → CHALLENGE · else BLOCK. Every verdict carries plain-language reasons. Trust moves per decision: earned slowly on ALLOW, lost 8× faster on BLOCK — burst attacks self-amplify.
Every response includes receipt_seq: a per-key sequence issued in the same transaction as the chain write. Sequences are gapless by construction. Store them: if you ever hold receipts 46 and 48 with no 47, a record has been omitted — provable by arithmetic. Edited records break the chain. Missing records break the sequence.
When the verdict is CHALLENGE, the response includes a hosted resolution flow — you don't build exception UX:
{
"decision": "CHALLENGE",
"challenge_url": "https://sebbi.pro/verify-challenge?token=…",
"challenge_status_url": "https://sebbi.pro/api/challenge/status?token=…",
"challenge_expires_in": 900
}
Show challenge_url to your user (link, redirect, or iframe). They confirm or deny on our hosted page; the resolution is sealed into the chain as its own block; you poll challenge_status_url until resolved: true. Tokens are stateless and HMAC-signed — nothing to store, and the flow runs identically on sovereign installs.
| Endpoint | Returns |
|---|---|
| GET /api/verify-chain | Whole-chain integrity: {"valid":true,"blocks":N,"tip":…}. Anyone can run it — auditors, regulators, your customers. |
| GET /api/inclusion?hash= | Whether a full 64-char receipt hash is sealed, with its block index and sequence. Hand a receipt to anyone; they verify without an account. |
| GET /api/regulation-map | Versioned, hash-sealed mapping of engine features → legal obligations (EU AI Act Arts. 9/12/13/14, OSA, Children's Code). Map changes are themselves sealed as chain blocks. |
| GET /api/partner/status?badge= | Partner account standing and platform status as separate fields — independently attributable. |
| GET /api/spec | This API, describing itself — machine-readable. |
GETBearer key /api/pulse — your last hour at a glance:
{ "last_hour": { "ALLOW": 412, "CHALLENGE": 9, "BLOCK": 3 },
"recent": [ { "ts":…, "action":"transfer", "decision":"BLOCK",
"score":0.87, "reasons":["velocity_spike","low_trust"],
"sealed":"8db26b04…" }, … ],
"chain_tip": "bf9257ab…" }
GETBearer key /api/coverage — reconciliation in one call: receipts issued vs blocks sealed, complete: true/false.
Real-time alerts: the moment the engine BLOCKs on your traffic, the account email receives the sealed evidence — user, action, score, reasons, audit hash. Throttled to one per hour so a burst attack can't flood your inbox.
The engine runs entirely inside your network — decisions, chain and database on your hardware; nothing leaves your building. Licensing is offline: HMAC-signed 365-day tokens validated with pure cryptography, no phone-home. Ask for the Sebdog engine via /contact. Paid plans can mint air-gap tokens at POST /api/generate-airgap-token.
| Status | Body | Meaning |
|---|---|---|
| 400 | Missing fields: {…} | All seven event fields are required. |
| 401 | api_key_required / invalid_api_key | Send Authorization: Bearer YOUR_KEY. |
| 403 | account_inactive | Account disabled — contact us. |
| 429 | quota_exceeded / rate_limit_minute / rate_limit_hour | Free tier spent (upgrade at /#pricing) or per-key limits: 60/min, 1000/hr. |
| 500 | internal | Logged server-side; detail is never leaked to callers. |