AI Safety & Governance

Approve a 3am request from your phone,
in twelve seconds, without opening a laptop

QR Approval is the mobile signing path for approvals that need to happen now. The page (Slack message, email, PagerDuty alert) carries a QR. Scan with your phone camera. Review the diff, blast, and rollback plan. Sign with your fingerprint. The action commits. The whole loop usually takes under 15 seconds.

Get Started Talk to Sales
app.novaaiops.com / qr-approval
● LIVE
< 15s
Median approval time
Single
use per QR
5min
TTL
Biometric
on phone
Single-Use Signed Tokens

A leaked QR is harmless

Every QR carries a single-use signed token. The token is bound to the request id, the approver's user id, and a 5-minute window. After scanning, the token is consumed; replaying it (from a screenshot, a forwarded message, anywhere) does not work. Replay Guard guarantees this. Nobody has to worry about screenshotting an approval QR for context.

  • Single-use: consumed on first scan; second scan rejects
  • 5-minute window: expired tokens reject even on first scan
  • Bound to user id: a different user scanning the QR cannot approve; the token only validates for the assigned approver
app.novaaiops.com / qr-approval · token
Biometric Sign-Off

Your phone is the second factor

Signing requires a biometric (fingerprint or Face ID) on the phone. No passwords typed at 3am. The biometric prompt comes from the phone OS, not from a Nova-controlled UI, so platform-level security guarantees apply. The signature is a WebAuthn credential signed by the phone's secure enclave.

  • WebAuthn-backed: platform-grade public-key auth from the phone secure enclave
  • No password entry: biometrics replace any text-based credential at signing time
  • Per-device enrollment: each phone enrolls a unique credential; lost phones can be deauthorized without affecting other devices
app.novaaiops.com / qr-approval · biometric
Review Before Sign

You see what you are signing

After scanning, the phone shows the same review surface as the desktop Approval Queue: the proposed diff, the blast radius, the rollback plan, the agent's reasoning. Sign only after the review. The page is designed to look the same on phone and desktop so a partial review on one finishes naturally on the other.

  • Same fields as desktop: diff, blast, rollback, reasoning, phone shows everything desktop does
  • Resumeable across devices: partial review on phone, finish on desktop (or vice versa); state syncs
  • No "approve all": each request is its own review; QR Approval never bundles multiple actions into one signature
app.novaaiops.com / qr-approval · review
Audit

Every scan, every sign, every reject

Every QR scan is logged: scanned, expired, replayed, rejected, signed. The Decision Bundle for the action carries the QR audit row directly so the post-incident review sees the full mobile flow without a separate query. Lost-device events (a phone marked deauthorized) are also logged so audit can verify nothing was approved from a stolen device.

  • Per-scan audit: every scan recorded; replays and rejects shown loudly in the report
  • Bundle inclusion: mobile-signed approvals show up in Decision Bundles like any other approval
  • Lost-device events: deauthorize a phone in seconds; subsequent scans from that device fail
app.novaaiops.com / qr-approval · audit
Video walkthrough coming soon

Subscribe to Nova AI Ops on YouTube for demos, tutorials, and feature deep-dives.

No VPN, no SSH, no laptop

A 3am critical request should not require booting a workstation. QR Approval makes the response time match the urgency.

Get Started Request a Demo