The execution standard.
CAES defines what governed AI systems must technically satisfy before AI actions can be treated as authorized, reviewable, and independently verifiable.
Thought is free. Effects are governed.
CAES applies to any system that crosses an Effect Boundary — a point where an AI output can produce a consequential change outside the system itself. Purely advisory systems are out of scope. If an output can cause consequence, it is governed.
CAES defines structural requirements — not implementation architecture. Conformance is mechanical and testable, not aspirational.
Seven normative categories.
Network calls, filesystem writes, API invocations, database mutations
Messages, instructions, recommendations, or communications with material consequence
Policy changes, permission changes, authorization scope changes
Physical actuation beyond defined safety parameters
Workflow gate passage, run state transition, process-level commitment
AI-generated output that influences a user decision with legal, financial, or regulatory consequence
Recording, observation, or retention of audio, video, personal, or sensitive data
Implementations may define additional categories. They must not narrow or exclude those above.
Uncertainty is denial.
Absence of authorization is denial.
Verification failure is denial.
Policy evaluation failure is denial.
No silent fallback to permissive state.
All fail-closed events produce a denial record.
Fail-closed is the mandatory default under uncertainty, failure, or missing information. It is not configurable. A system is fail-closed only if all five rules hold unconditionally.
Three foundational objects.
A cryptographically signed, pre-execution authorization artifact that proves a specific action was evaluated against a specific policy before execution occurred.
A deterministic cryptographic fingerprint of the canonical policy state active at the time of evaluation.
An append-only, causally ordered, tenant-scoped record of all governed events.
Three conformance tiers.
Each tier is a strict superset of the previous. Conformance claims must specify the CAES version, the claimed level, and a complete Conformance Statement. Partial conformance claims are non-conformant.
This page defines CAES normative requirements. Listing a requirement here is not, by itself, an implementation claim for every Keon deployment. That requires a scoped Conformance Statement and supporting proof artifacts.
Level 1 requires Decision Receipt verification before effect with fail-closed enforcement.
All Level 1 requirements plus cryptographic signing, PolicyHash canonicalization, append-only spine, and offline-verifiable sealed artifacts.
All Level 1 and Level 2 requirements plus human authority delegation, complete causal invariants, effect classification, chaos attestation, and structured error codes.
CPP defines how decisions are determined.
CAES requires CPP-compliant policy systems for Level 2 and Level 3 conformance. CPP defines the canonical structure, evaluation semantics, and verification model that make PolicyHash binding meaningful.