Does this slow down the agent?

Not meaningfully, because the read and decide categories are not gated. The agent runs at full speed on pulling balances, summarizing tickets, drafting responses, classifying cases. The signature ceremony only applies to the money-movers: refunds, credits, cancellations, invoices, vendor payments. Depending on your operation, that is something between 1% and 5% of agent actions. The 5% you are asking a human to slow down on is the 5% you genuinely want a human to slow down on. Everything else keeps its speed.

What if the human signer is asleep?

Set an expiry on the gate and a threshold for auto-release. A typical pattern is: under $500 the agent proceeds immediately and the transaction is logged for later review. Between $500 and $5,000 the agent asks a human and auto-approves if nobody signs within an hour. Above $5,000 the agent waits for a signature, and if nobody signs within 24 hours the gate closes and the customer gets a human response instead. The numbers are yours to set. The principle is that a refund that cannot wait until morning is a decision the company has pre-approved as auto-release. Anything above that line is the thing you want a human to see when they are awake and paying attention.

Is this the same thing as OAuth or just a password?

Different job. A login, whether that is OAuth or a password, says "you are who you say you are." A signature on a specific action says "on this exact action, at this exact moment, a named human with this exact authority said yes." Your agent is probably already logged in to your systems. That is not the question. The question is whether, on the individual decision to send $42,000, you can point to a named human who put their name on it at the moment of the decision. That is what the signature ceremony produces, and it is what neither OAuth nor a password gives you.

What counts as 'spending money'? Isn't approving a refund just a database update?

The database update is downstream. The company obligation is the thing. If the agent marks a refund as approved, your payment processor eventually moves real money to the customer. If the agent cancels a contract, the customer stops being billed and your MRR forecast has to be rebuilt. If the agent sends an invoice, the customer sees it and your accounts receivable gets a new row. A good working test: if reversing the action would require a phone call to a customer, a vendor, or a regulator, then it moves money and needs the signature ceremony. If reversing it is "we edit the ticket," it is probably fine without one.

Who signs off when your AI agent spends $42,000?

It is a Tuesday afternoon. Your support agent, the one you deployed six months ago and that now handles about 40% of Tier 1 tickets, has a decision queued. A VIP customer had a botched onboarding. The agent has read the thread, pulled the account history, checked the contract, and decided the right answer is a $42,000 credit.

The credit is ready to fire. The rationale is drafted. The customer is waiting.

Who signs off?

The $42,000 refund

That scenario is not hypothetical. It is the opening moment of our own product demo, and it is the moment that founders and CFOs keep asking me about over coffee. The question is never about the agent's reasoning. The agent's reasoning is usually fine. The question is about the next millisecond.

Because in the next millisecond, one of two things happens. Either the money moves, and someone at your company finds out about it on a Friday afternoon when reconciling Stripe. Or a human gets asked, in that moment, to put their name on the decision.

Most teams I talk to have not deliberately chosen between those two outcomes. They have inherited one of them. Usually the first.

Press and hold

There is a small gesture in the Code Atelier platform that I want to borrow as a frame for this whole piece, because it captures the thing better than any longer sentence can. To approve a critical action, the reviewer has to press and hold a button for a little under a second, and then type the last four digits of the amount they are approving.

It is not a click. It is deliberate. You cannot do it while distracted. You cannot do it by accident. You cannot do it while pretending to listen on a call.

That gesture is the entire point of this article. Call it the signature ceremony. Every action your agent takes that moves money needs one. Not every action, just the money-movers. And the ceremony needs to produce a record that nobody can quietly rewrite afterwards.

The rest of this piece is about why.

Three kinds of action your agent takes today

It helps to sort what your agent does into three buckets, because the right answer on governance is different for each one.

Read. The agent pulls a balance. Summarizes a ticket. Drafts a response for a human to send. The world does not change. An audit log is nice. A signature ceremony is overkill.

Decide. The agent classifies a case, routes a ticket, tags a customer, drafts an internal note. The world updates in small ways, but no money moves and no contract changes. A reviewer might want to spot-check the agent's judgement later. A signature ceremony is still overkill.

Move money. The agent approves a refund, issues a credit, cancels a contract, sends an invoice, pays a vendor. This is the category where the press-and-hold earns its keep. Everything downstream of this action is in the real economy. A credit that fires is not a draft. Your customer sees it. Your reconciliation already shows it. An invoice you sent is an invoice your customer will remember.

Most teams I look at have not drawn this line in their own operations. The line is the architecture decision. If you treat categories one and three the same way, you will either drown your operators in approvals for ticket classifications, or you will let the agent issue credits by clicking a bell icon.

What goes wrong when the signature is a click

Two short stories from the real world, both of which I have seen some version of in 2026.

The clipboard approval. A support lead is juggling three Slack threads, a customer call, and their lunch. A notification pops up: the agent wants to issue a $12,000 credit. The lead clicks Approve. The credit ships to the wrong customer. The lead genuinely does not remember the click two days later when Finance asks. There is a log line somewhere. Nobody can say with a straight face that a human actually decided.

The quiet rewrite. A refund is approved. The customer complains three weeks later. The team retraces the decision and finds that someone has edited the ticket to make the agent's reasoning look cleaner than it actually was. Nobody meant anything sinister. But the record the CFO needs, the one that answers "did a human really look at this," is now a record the CFO cannot trust. The auditor, when they come, will notice.

Both failures have the same cure. A deliberate human act at the moment of the decision, producing a record nobody can quietly rewrite afterwards.

What the signature actually produces

Here is what you get, in plain English, from a real signature ceremony.

A record with a name on it. The person who approved the $42,000 credit is identified and logged at the moment of approval, not reconstructed from Slack threads later.

A timestamp that nobody can move. Not a log line in an application database that an engineer could edit in a migration. Something linked to the previous decision, so that a later change would break the chain visibly.

A number that proves the signer was looking at the same thing the auditor will read three months from now. On our platform, it is the last four digits of the amount. The reviewer sees a $42,000 refund on screen and types 2000 to confirm. A future "I thought it was $4,200" defense collapses immediately.

Put together, these three things produce what I will call an un-forgeable record. You can prove the decision happened. You can prove who made it. You can prove nobody quietly rewrote the past. That is the thing your auditor accepts. That is the thing that lets you sleep the night before your Series B due diligence starts.

There is a regulatory angle here worth mentioning once. The EU AI Act Article 12 binds on 2 August 2026 and requires automatic event logging for high-risk systems. If your agent touches money in the EU, this stops being optional. I am not going to dwell on it, because the operational reason is already stronger than the regulatory one. But it is worth a note.

What we built for this

The Code Atelier Governance SDK is what we ship for this problem. It sits in front of the agent's action, not behind it. Before the credit fires, before the invoice sends, before the contract cancels, the SDK asks a named human to sign. It writes a record that chains to every decision before it, so that a later edit would be visible. And it is five lines of code to wire around a tool the agent already uses, so your engineering team can wire it in without a migration sprint.

That is the whole pitch. You do not need a new vendor in your critical path. You do not need a second data warehouse for audit logs. You need the agent to ask before it spends, and you need the record to outlive anyone's memory of the decision.

The question to ask on Monday

If you read one thing out of this piece, read this. At your Monday standup, ask the person who owns your agent deployment one question.

What is the largest action our agent is allowed to take without a human signing?

The answer will tell you everything. If the answer is "$0, we gate everything," you are either very safe or you have an approvals fatigue problem waiting to happen. If the answer is "we do not have a cap, the agent can do anything a human support rep could do," the real answer is that the agent can spend $42,000 on a Tuesday afternoon and nobody will notice until Friday. If the answer is "we have a threshold, and above it a named human signs," ask the follow-up: what does the signature actually produce that your auditor would accept?

The question is not rhetorical. It is an architectural decision your team is making right now, whether or not you have noticed. The good news is that it is a decision you can make deliberately this quarter, with the people who already work for you, on the infrastructure you already run.

Your agent is going to approve something like a $42,000 refund this quarter. Decide now what happens in the millisecond before it does.