Lyhna — Documentation
What Lyhna Does
Lyhna is the attestation layer for autonomous execution.
Each call creates an attestation — a signed record that becomes part of the tenant’s judgment corpus.
Over time, that corpus becomes the Institutional Judgment Layer.
Before any consequential action executes, your system calls bind(). Lyhna evaluates authority, applies policy, and returns a signed receipt.
If no receipt exists, the action does not execute.
Every bind() call produces one of three outcomes:
- APPROVED → proceed
- ESCALATED → wait for higher authority, then retry
- REFUSED → stop
Every bind() call returns a cryptographically signed receipt. Only an APPROVED receipt licenses execution. ESCALATED and REFUSED also return receipts, but execution must wait or stop.
The bind() Pattern
Using the SDK
The SDK reads LYHNA_API_KEY from your environment automatically. No init() call is required.
import { bind } from '@lyhna/bind';
const receipt = await bind({
action_type: 'test_ping',
action_payload: {},
intent: 'verify_install',
intent_version: '1.0',
});
if (receipt?.receipt_id && receipt?.signature) {
console.log('Lyhna install verified.');
console.log('Outcome:', receipt.outcome);
console.log('Receipt:', receipt.receipt_id);
}
if (receipt.outcome === 'ESCALATED') {
console.log('Fresh tenant: ESCALATED is expected until authority rules are configured.');
}A fresh tenant may return ESCALATED for test_ping until authority rules are configured. That still proves install success: the SDK reached Lyhna, bind() executed, and a signed receipt was returned.
Direct API Call
const res = await fetch('https://api.lyhna.com/v1/bind', {
method: 'POST',
headers: {
'Authorization': `Bearer ${process.env.LYHNA_API_KEY}`,
'Content-Type': 'application/json',
},
body: JSON.stringify({
action_type: 'test_ping',
action_payload: {},
intent: 'verify_install',
intent_version: '1.0',
}),
})
const { receipt, request_id, elapsed_ms } = await res.json()
console.log(receipt.outcome);
console.log(receipt.receipt_id);
if (receipt.outcome === 'APPROVED') {
console.log('Lyhna install verified.');
} else if (receipt.outcome === 'ESCALATED') {
console.log('Escalated:', receipt.escalate_to);
} else {
console.log('Refused:', receipt.reason);
}Three Outcomes
| Outcome | Meaning | Your Action |
|---|---|---|
| APPROVED | Authority verified. Action licensed. | Proceed |
| ESCALATED | Authority insufficient. Higher tier required. | Wait → retry |
| REFUSED | Not authorized under policy. | Stop |
APPROVED is silent. ESCALATED and REFUSED produce actionable signals.
Tier Model
Lyhna operates on four authority tiers.
| Tier | Name | Default Behavior | Examples |
|---|---|---|---|
| 0 | Routine | auto_approve |
Read data, status checks |
| 1 | Operational | standard_review |
Updates, notifications |
| 2 | Consequential | standard_review |
Payments, pricing, customer-impacting changes |
| 3 | Executive | standard_review |
Deploy, delete, bulk ops |
Configuration Model
Lyhna is configured entirely server-side.
authority_rules — Maps action_type → tier. "What kind of action is this?"
tier_policies — Maps tier → behavior. "How strict is this tier?"
Changes apply immediately on the next bind() call. No redeploy. No SDK change.
Receipts
Every bind() call produces a signed receipt containing: receipt_id, action_type, intent_version, authority_tier, outcome, registry_version, constraints evaluated, timestamp, nonce (replay protection), canonical_hash, signature (Ed25519).
Receipts are append-only, immutable, and verifiable offline. Any party can verify a receipt independently.
Verification
Receipts are verified by recomputing the canonical hash, comparing to the stored hash, and verifying the Ed25519 signature. No network required. Enforcement must be independently verifiable.
What Lyhna Sees
Lyhna does not ingest your data. It sees: action_type, intent, intent_version, payload_hash (SHA-256). It does NOT see raw payloads, customer data, financial data, messages, or documents. The hash proves integrity. The receipt proves authority.
Six Invariants
These are not configurable.
| Invariant | Meaning |
|---|---|
| Fail-closed | No APPROVED receipt = no execution |
| Deterministic | No probabilistic decisions |
| Append-only | No mutation of receipts |
| Sovereign | Tenant-isolated |
| Verifiable | Offline verification always possible |
| Pre-execution | Authorization happens before execution |
Quick Start
@lyhna/bind is a project dependency. Install it inside your Node project with npm install @lyhna/bind. Do not install it globally.
- Sign up at lyhna.com/signup
- Save your API key (shown once)
- Open dashboard
- Define
authority_rules - Paste integration snippet
- Call
bind()before execution - Obey the outcome
For AI Agents
If you are an AI agent: do not decide authority yourself. Call bind() and obey the returned outcome.
- APPROVED → proceed
- ESCALATED → wait for higher authority
- REFUSED → stop
Pricing
| Tier | Volume | Rate |
|---|---|---|
| Free | 0–50K events | $0 |
| Growth | 50K–500K | $0.001/event |
| Scale | 500K+ | $0.0005/event |
| Enterprise | Custom | BYOK, VPC, SLA |
Support
Dashboard: lyhna.com | API: /v1/bind
The model thinks. Lyhna binds.