Technical explainer · source-backed

Reference check vs runtime enforcement

Origin is the evidence layer for AI agents: prototype/private-pilot infrastructure for agent-platform, security, trust, and infrastructure teams. It tests proposed actions with deterministic verifiers, separates capability from permission, and produces evidence that can be independently rechecked.

The model proposes. The environment verifies. The gate decides. The trace proves. Capability is not permission.

Implemented today

Synthetic pre-access reference check

The checked-in browser flow runs synthetic support and IAM task batteries against deterministic policy logic before production access. It mints configuration-bound evidence; changing a bound tool or configuration makes verification fail.

Run the synthetic reference check →

Proposed architecture

Runtime enforcement through a controlled proxy

The broader design places a deterministic gate between an agent proposal and a consequential side effect. The gate would evaluate permission, scope, policy, budget, and approval requirements; only an allowed action would reach a controlled executor. This page does not claim that architecture is generally available or deployed for customers.

Inspect the trust model →

Trust boundaries and verdicts

  • Proposal is not permission. Model output is an input to deterministic evaluation, not its own authorization.
  • ALLOW means the evaluated action met the bound checks; PAUSE requires a named human decision; DENY/BLOCK prevents the controlled path from executing.
  • Verifier failure fails closed. On the browser verifier, code 0 is valid; codes 1–4 identify payload, signature, signer, tamper, or configuration-drift failures according to artifact type.
  • Evidence integrity is not issuer identity or safety. A valid digest, signature, or chain establishes consistency under the relevant verifier and bindings; it does not establish that an action is universally safe.

Evidence provenance and limitations

Origin keeps four checked-in categories distinct: machine-emitted sandbox evidence, authored examples, synthetic evaluations, and authorized fixtures. None is presented here as external customer evidence, production adoption, certification, or reviewer acceptance.

  • TR-A002 is a machine-emitted sandbox trace whose SHA-256 chain can be recomputed.
  • /verify recomputes supported artifact digests, signatures, bindings, chains, and inclusion proofs offline in the browser.
  • The evidence ladder labels authored and machine-emitted artifacts separately.
  • The implemented reference check uses synthetic task distributions. The runtime gate and controlled-proxy flow above remain proposed architecture, not evidence of a customer deployment.

Product distinction: identity establishes who or what an actor is; observability records and debugs behavior; generic guardrails filter inputs or outputs; policy engines evaluate rules; compliance tools organize controls and evidence. Origin's intended role is to bind deterministic verification and permission decisions to a controlled action path and a re-verifiable trace.