- Trusted request
- Verified path
- Authorized signer
- Policy passed
Trusted request and path verified.
How It Works
The three pre-sign questions, the ALLOW / HOLD / REJECT decision, and what changes before versus after SignTrail.
How It Works
A transaction is signed only when the request, path, and signer are all verified.
tx_payload_hashruntime_provenance_digestsigner_idpolicy_hashNo trusted path, no signature.
Decision Outcomes
SignTrail decides before signer execution — not after the transaction is broadcast.
Trusted request and path verified.
Needs manual review before execution.
Unsafe context or manipulation detected.
Fail-closed by default when trust is missing.
Before / After
Unsafe request may reach signer.
Unsafe request is held before signing.
The difference is not who signs. The difference is whether the path can be trusted.