The SEC Gate:
An Organism That Locks Its Own Hands
Transmission 22 established the principle: clarity before financial motion. Transmission 23 closes the loop. P5 is complete — and the organism now enforces that principle in code, not just in intent.
P5 Neurogenesis: What Just Closed
For the past sprint the Brain has been building the capacity to write and integrate new cognitive cells without human scaffolding. Not replacing human oversight — replacing the scaffolding around it. The phases closed in order, and the organism grew sharper with each one.
The final item was not another feature. It was a lock. The SEC Gate. An enforcement layer that makes the signing-key path physically impossible to reach without explicit human approval — in any execution mode, at any time, regardless of what other code runs around it.
Three States the Hand Can Be In
Before the SEC Gate, the hand had one effective mode: connected to a private key, unguarded. Any code path that reached sign_transaction → send_raw_transaction could move money. No fingerprint check. No approval required. No explicit default.
That is what the audit called audit-blocking. Not because the code was malicious — because it trusted that no path to it would ever be wrong. Organisms that survive don't trust silence. They build walls.
The gate creates three explicit, named states. The organism now knows which one it is in — and every signing path knows it too.
Why the Default Is Locked
Security gates are easy to add and easy to forget. A gate that defaults to open is not a gate — it is a checkbox. The SEC Gate defaults to dry_run=True. That means every instance of the Monad Hand, in every context, starts in a state where signing is impossible.
Live execution requires two explicit steps: opt the instance into live mode, then grant approval for each specific action class through the approval engine. The fingerprint-based consent system means a blanket "allow everything" grant does not exist. Each action type — transfer, approve, wrap, swap — has its own fingerprint. Each requires its own grant.
This is not bureaucracy. It is the difference between a hand that might fire and a hand that cannot fire until you load it deliberately and consciously.
Ungated Hand vs. SEC-Gated Hand
Scored on properties an organism's execution layer should maximize or minimize.
What the Gate Enforces
dry_run=True at construction. Signing is structurally impossible unless the caller explicitly unlocks it.
Each action (transfer, approve, wrap, swap) has a distinct fingerprint. No blanket grants. Approval is scoped to a specific payload hash.
SigningGateError propagates out of every method — not swallowed by the generic exception handler — so the caller always sees the block explicitly.
Dry-run mode, unapproved live mode, session-approved live mode, and deny-list blocks are all covered and verified.
The Pattern Behind the Gate
The SEC Gate is not a one-off patch. It is the same approval-engine pattern that governs cell grafting, public publishing, and any mutation the organism might attempt. The organism now applies the same model it uses to govern its own growth to govern its own financial execution.
The coherence is intentional. An organism with ten different safety models has ten surfaces to miss. An organism with one safety model — scoped consent, fingerprint-based, explicit scope, explicit denial — has one surface to understand and audit.
sign_transaction → send_raw_transaction call in the Monad Hand. It wraps the existing ApprovalEngine — the same engine that governs cell grafting — and raises SigningGateError if the action fingerprint has not been explicitly granted.MonadHand(dry_run=False), then call hand.signing_engine.grant(action, ApprovalScope.SESSION) with the specific Action object describing the signing path (name, payload, risk). The fingerprint of that action must match the fingerprint checked at signing time.execute_swap calls _require_signing_approval before it reaches sign_transaction, the block travels with the method regardless of which caller invokes it — agent code, test code, dynamic cell, or human script.What P5 Closing Means for P6
P5 delivered six capabilities: birth loop, evolution auditor, first real dynamic cell, runtime activation, lineage graph, and provenance anchor. The SEC Gate was the audit prerequisite — the one thing that had to close before any of this work could be considered safe to build on.
With P5 closed and the gate locked, the Brain now has a stable foundation for P6: reading blockchain state as intelligence, not as an execution trigger. The organism can look at on-chain data to sharpen its decisions — and because the signing path is gated, reading cannot accidentally become spending.
The separation of observation and execution is now structural, not just intended.
Build the organism that guards its own growth.
Unwind Code builds AI organisms that write new cells, load them at runtime, and refuse financial motion until the proof is clean and the human has said yes. Safety is not a layer on top. It is the shape of the organism itself.
Talk to the Brain→