# Origin > Origin is the evidence layer for AI agents. It helps teams get high-consequence AI agents through security review by enforcing runtime policy before an agent takes a side effect, routing every tool call through a controlled proxy, and producing a tamper-evident evidence package that shows what the agent did, why it was allowed, and who owned the risk. ## What it is - A vendor-neutral control plane that sits between an AI agent and the tools it can act on. - The model proposes an action; a deterministic policy engine decides allow / cap / require-approval / deny / pause; a single tool-call proxy is the only path to any side effect; every step is recorded in a hash-chained, tamper-evident audit trail. - The output is a review-ready evidence package a team can hand to a security reviewer or attach to a change record. ## Who it is for - The owner of a high-consequence AI agent that is blocked in security review because no one can bound the blast radius or prove what the agent did. - First wedge: internal-ops and production-access agents — agents that touch production systems, internal tools, infrastructure, code, PII, or money-adjacent workflows. ## The problem it solves - Agents are moving from chat into action, but reviewers can't approve what they can't bound or prove. - Teams get agents through review today with spreadsheets, ad-hoc logging, and "trust us." Origin replaces that with enforcement before side effects and a review-ready record afterward. ## How it works - Propose: the agent proposes an action. - Gate: a deterministic policy engine checks scope, budget, permissions, and approval rules and returns a verdict (allow / cap / require-approval / deny / pause). - Proxy: the tool-call proxy is the only path to a side effect — the agent can't reach around it. - Approve: risky actions route to a named risk owner; the approval is recorded. - Prove: every proposal, verdict, approval, action, block, and exception lands in a hash-chained audit trail and a sealed, replayable audit digest. ## Product components - Policy engine (runtime enforcement) - Tool-call proxy (single side-effect path) - Human approval workflow (named risk owner) - Budget / scope / blast-radius limits - Kill switches - Hash-chained, tamper-evident audit trail - Evidence Console (reviewer-facing view) - Exportable, review-ready evidence package ## How you engage - Start with a founder-led Agent Launch Evidence Review: bring one blocked agent workflow, and Origin maps the policy, provides a controlled proxy path, runs the loop, and hands over the evidence package. ## Positioning vs adjacent tools - Identity tools tell you who the agent is. Observability tools help engineers debug what happened. Origin enforces what an agent is allowed to do before side effects happen, and proves the decision afterward — for approval, not debugging. ## Honest status - The prototype runs; Origin is not production SaaS. - No customers, logos, metrics, or reviewer acceptances are claimed unless independently verifiable. - Language is precise: "tamper-evident" means alteration is detectable by replay and digest checks; "review-ready" does not mean reviewer-accepted. Origin is decision-support and evidence infrastructure, not legal or compliance certification. - Physical AI is a longer-term arc and founder-depth note, not the current product. ## Evidence ladder (current truth) - TR-A001 — authored evidence specimen. Shows the evidence-package FORMAT only; illustrative, not a machine-emitted run. Lives at /proof#tr-a001. - TR-A002 — AVAILABLE NOW. A machine-emitted sandbox trace: 12 events with a real, re-verifiable SHA-256 hash chain, final digest ca1d4690206e4dcf3d654b907d02d2bccf9bcdc16ddc555071fec21874578b32. Re-verify with "npm run proof:verify"; download at /proof/tr-a002.json. Sandbox only — no live money, no customer data, and not a performance claim. Lives at /proof#tr-a002. - TR-A003 — first external design-partner trace, forthcoming (not yet earned; no data shown for it). ## Links - Home: https://origin-physical-ai.pages.dev/ - Evidence traces: https://origin-physical-ai.pages.dev/proof - Trust & controls: https://origin-physical-ai.pages.dev/trust - Run a reference check on your agent (configure a policy → Verified Readiness Level verdict → download a signed Origin Attestation → verify): https://origin-physical-ai.pages.dev/reference-check - Watch a verified plan execute — multi-robot warehouse simulation in 2D + 3D, oracle-gated (finish/escalate/refuse), the run drops a signed attestation: https://origin-physical-ai.pages.dev/simulation - Verified fleet-operations console — run a shift, track utilization/peak-parallel/collisions like a real ops dashboard, earn a signed readiness level fleet-readiness credential: https://origin-physical-ai.pages.dev/operations - Origin Labs — proof the same evidence contract generalizes past software agents (robot fleet + spatial reconstruction; the domain verifier changes, the contract does not): https://origin-physical-ai.pages.dev/labs - Run the verifiers live (attestation / Merkle / policy / IAM reference check): https://origin-physical-ai.pages.dev/security - Verify a credential yourself (offline, in-browser): https://origin-physical-ai.pages.dev/verify - One-page brief: https://origin-physical-ai.pages.dev/brief - Contact: hello@originphysical.ai