I just open-sourced a public-safe demo of something I think the AI industry is going to need more of:
Execution-boundary governance.
Most AI agent systems today focus on what the model can do.
This demo focuses on what the model is allowed to propose before any consequence-binding action exists.
The repo demonstrates a deterministic governance chain for external coding agents like Claude or Codex:
Claude/Codex intent
→ intent receipt
→ preflight governance receipt
→ replay verification
→ dangerous command denial
The important part is that the receipts are replay-verifiable. The system independently recomputes governance decisions from raw inputs and detects semantic tampering — not just hash mismatches.
The entire repo is advisory/simulation-only:
- no shell execution
- no Git push authority
- no deployment
- no network calls
- no credential access
- no real execution authority
It also includes:
- deterministic SHA-256 receipt hashing
- replay verification
- receipt expiry/freshness checks
- explicit threat model documentation
- explicit security limitations
- 73 passing tests
One thing I intentionally documented clearly:
the regex deny-list is a demo guard, not a production sandbox. A real deployment would require process isolation, capability-scoped execution, trusted clocks, signed verifier keys, and hardened runtime controls.
The goal here is not “AI autonomy.”
The goal is making governance replayable, inspectable, and independently verifiable before reality changes.
Top comments (0)