One endpoint governs. The rest prove it.

Send an event, get a verdict in ~28ms, and the decision is already sealed into a tamper-evident SHA-256 chain before your response arrives — carrying its own proof of inclusion. 100 free decisions, no card. Base URL: https://sebbi.pro

Quickstart/api/governReceiptsChallengesVerificationMonitoringSovereignErrors

Quickstart

1. Get a key at sebbi.pro/#signup — instant, free tier included. 2. Send your first event:

curl -X POST https://sebbi.pro/api/govern \
  -H "Authorization: Bearer YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "user_id":    "user_123",
    "action":     "payment",
    "amount":     49.99,
    "country":    "UK",
    "device_id":  "dev_abc",
    "anomaly":    0.1,
    "device_risk":0.05
  }'
{
  "decision":     "ALLOW",
  "score":        0.21,
  "trust":        0.505,
  "reasons":      [],
  "ruleset":      "sealed regulation-map version",
  "audit_hash":   "43ac8582…",   // this decision's sealed block
  "block_index":  1042,
  "receipt_seq":  47             // gapless — your 47th decision, provably
}

POST /api/govern POSTBearer key

All seven fields are required. The engine is deterministic — identical inputs always produce identical outputs.

FieldTypeMeaning
user_idstringYour stable identifier for the acting user. Trust is learned per user_id.
actionstringWhat they're doing — payment, login, message, anything.
amountnumberMonetary value if relevant, else 0. Log-scaled internally.
countrystringISO-style code. Country changes and off-allowlist jurisdictions raise score.
device_idstringDevice identifier for velocity correlation.
anomaly0–1Your behavioural-anomaly signal, if you have one. 0 if not.
device_risk0–1Your device-risk signal, if you have one. 0 if not.

Verdicts: score < 0.35 → ALLOW · < 0.70 → CHALLENGE · else BLOCK. Every verdict carries plain-language reasons. Trust moves per decision: earned slowly on ALLOW, lost 8× faster on BLOCK — burst attacks self-amplify.

Receipts — omission is countable

Every response includes receipt_seq: a per-key sequence issued in the same transaction as the chain write. Sequences are gapless by construction. Store them: if you ever hold receipts 46 and 48 with no 47, a record has been omitted — provable by arithmetic. Edited records break the chain. Missing records break the sequence.

Challenges — the workflow's built in v6.4

When the verdict is CHALLENGE, the response includes a hosted resolution flow — you don't build exception UX:

{
  "decision": "CHALLENGE",
  "challenge_url":        "https://sebbi.pro/verify-challenge?token=…",
  "challenge_status_url": "https://sebbi.pro/api/challenge/status?token=…",
  "challenge_expires_in": 900
}

Show challenge_url to your user (link, redirect, or iframe). They confirm or deny on our hosted page; the resolution is sealed into the chain as its own block; you poll challenge_status_url until resolved: true. Tokens are stateless and HMAC-signed — nothing to store, and the flow runs identically on sovereign installs.

Three-line integration: if decision == CHALLENGE → surface challenge_url → poll status. That's the whole exception workflow.

Verification — public, unauthenticated

EndpointReturns
GET /api/verify-chainWhole-chain integrity: {"valid":true,"blocks":N,"tip":…}. Anyone can run it — auditors, regulators, your customers.
GET /api/inclusion?hash=Whether a full 64-char receipt hash is sealed, with its block index and sequence. Hand a receipt to anyone; they verify without an account.
GET /api/regulation-mapVersioned, hash-sealed mapping of engine features → legal obligations (EU AI Act Arts. 9/12/13/14, OSA, Children's Code). Map changes are themselves sealed as chain blocks.
GET /api/partner/status?badge=Partner account standing and platform status as separate fields — independently attributable.
GET /api/specThis API, describing itself — machine-readable.

Monitoring — see it while it happens

GETBearer key /api/pulse — your last hour at a glance:

{ "last_hour": { "ALLOW": 412, "CHALLENGE": 9, "BLOCK": 3 },
  "recent": [ { "ts":…, "action":"transfer", "decision":"BLOCK",
               "score":0.87, "reasons":["velocity_spike","low_trust"],
               "sealed":"8db26b04…" }, … ],
  "chain_tip": "bf9257ab…" }

GETBearer key /api/coverage — reconciliation in one call: receipts issued vs blocks sealed, complete: true/false.

Real-time alerts: the moment the engine BLOCKs on your traffic, the account email receives the sealed evidence — user, action, score, reasons, audit hash. Throttled to one per hour so a burst attack can't flood your inbox.

Sovereign deployment

The engine runs entirely inside your network — decisions, chain and database on your hardware; nothing leaves your building. Licensing is offline: HMAC-signed 365-day tokens validated with pure cryptography, no phone-home. Ask for the Sebdog engine via /contact. Paid plans can mint air-gap tokens at POST /api/generate-airgap-token.

Errors

StatusBodyMeaning
400Missing fields: {…}All seven event fields are required.
401api_key_required / invalid_api_keySend Authorization: Bearer YOUR_KEY.
403account_inactiveAccount disabled — contact us.
429quota_exceeded / rate_limit_minute / rate_limit_hourFree tier spent (upgrade at /#pricing) or per-key limits: 60/min, 1000/hr.
500internalLogged server-side; detail is never leaked to callers.
Kick the tyres without writing code: the homepage seals your visit into a live chain in your browser and has a button daring you to tamper with it — sebbi.pro. Same maths, same catch.