From Slack Approvals to Signed Proof: Why We Built SignedApproval

We built SignedApproval because we needed it ourselves. At Floyd Media, we run a portfolio of AI-powered products — a news aggregation platform, a daily briefing service, an agent marketplace, and Clevername, our central AI orchestration hub. Every one of these products has AI agents that sometimes need to do things that should require human sign-off.

For months, we used Slack buttons. Then we tried email confirmations. Then we built a custom webhook system. Every approach failed in the same fundamental way: none of them could produce proof that withstood real scrutiny.

The Slack problem

Our first approach was the same one everyone tries: a Slack bot. Agent wants to deploy? Send a message to the #deployments channel with an “Approve” button. Someone clicks it. Deploy proceeds.

This broke in predictable ways. The wrong person would click “Approve” — someone who didn’t have the context, or wasn’t authorized for that action. People would approve without reading. On one occasion, a team member approved a staging deployment that was actually labeled as production because they were scrolling through Slack on their phone and saw the green button.

But the deeper problem wasn’t user error. It was that Slack buttons provide zero identity verification. When you click “Approve” in Slack, all the system records is “a click happened.” It records a Slack user ID, but Slack user IDs aren’t tied to cryptographic identity. Anyone with access to the channel can click. There’s no second factor, no biometric check, no hardware-bound credential.

And the record itself — a row in Slack’s database — is mutable. If someone compromises the Slack workspace, they can delete or alter approval records. There’s no independent, verifiable proof that an approval ever happened.

The email problem

After Slack, we tried email-based approvals. Send an email with a unique link. Click the link to approve. At least this way we could target a specific person.

The problems were different but equally fatal. Links can be forwarded — the authorized person forwards to a colleague who clicks without context. Links can be phished — replace the real approval link with a malicious one. Links don’t require authentication — whoever has the URL has the power to approve.

This is actually the same problem our sister product, SignedInbox, addresses for email: how do you prove a specific human authored a specific message? The answer in both cases is cryptographic signatures. But we realized the approval problem was distinct enough from the email problem to warrant its own product.

The webhook problem

Our third attempt was more sophisticated: a custom approval UI with webhook callbacks. Agent sends a request, our system shows a web page, the user authenticates with a password, clicks approve, and a webhook fires back to the agent.

This was better. At least there was authentication. But the proof was still just a flag in our database. If someone compromised the database, they could forge approvals. If someone intercepted the webhook, they could replay it. And passwords are weak authentication — they can be phished, reused, or brute-forced.

We kept circling back to the same question: what if the approval itself was the proof? Not a record that an approval happened, but a cryptographic artifact that could not exist unless a specific human authorized a specific action at a specific time?

What we built instead

SignedApproval solves each of these problems at the cryptographic layer:

The “Signed” brand family

SignedApproval is the second product in what we call the “Signed” brand family. The first was SignedInbox, which provides cryptographic proof that a human authored an email. Both products share the same core primitive — Ed25519 signatures tied to verified human identity — but applied to different problems:

Both products use separate Ed25519 key pairs — compromise of one does not affect the other. They share infrastructure (Supabase, Cloudflare Turnstile) but maintain strict cryptographic isolation.

How we use it internally

Today, SignedApproval is wired into every high-risk action across our portfolio. CleverAgent — our browser automation system — requires a signed approval before executing any action that touches external services or moves money. Our CI/CD pipelines use the GitHub integration to gate production deployments with commit status checks. Even our content publishing pipeline requires approval before going live.

The workflow is simple. My phone buzzes. I see what the agent wants to do. I authenticate with Face ID. The agent proceeds. The entire flow takes about three seconds, and at the end there is a mathematical proof that I authorized it. Not a Slack click. Not an email link. A signature.

Why we made it a product

We realized two things. First, every team building AI agents faces this exact problem. The agent needs to do something risky, and you need a human gate that isn’t theater. Second, no existing solution provides cryptographic proof. They provide convenience — Slack notifications, email links, webhook callbacks — but not evidence.

SignedApproval is an open API. Any agent framework can call it. The free tier includes 200 approvals per month, one approver, and one API key — enough to instrument your most critical workflows without paying anything.

If your AI agents are doing things that matter, the approval should matter too. It should be authenticated, signed, and verifiable. That is what we built. And now it is available to everyone.

Get your API key and try it today, or read the integration guide to see it in action with your framework of choice.