Thought is free. Effects are governed.
Keon provides the enforcement substrate for AI agents operating in production environments where actions carry legal, financial, and operational consequence. In BYOAI mode, any AI is governed by the Keon enforcement layer. In Full Keon mode, the Keon Collective provides the cognitive layer. Both modes share an identical enforcement boundary at the governed effect path.
A quick reader map.
Operational AI creates liability when it can trigger real-world effects.
Logs and monitoring are insufficient because they usually observe after the fact.
Keon inserts a governed execution boundary before effects occur.
Receipts and evidence packs make authorization decisions reviewable after the fact.
Evaluate authorization proof before AI actions touch sensitive systems.
Understand how governed execution fits existing agents and tools.
Evaluate evidence trails and conformance claims.
Understand how operational AI failures can be reconstructed.
The hard assertion.
Within five years, deploying autonomous AI systems in regulated industries without verifiable decision receipts may become difficult to defend operationally, legally, and commercially.
The legal, insurance, and regulatory frameworks enforcing this are already in motion. The EU AI Act establishes traceability requirements for high-risk AI systems. Insurance underwriters are developing AI-specific operational risk riders. The first major AI liability lawsuit will make the absence of decision receipts a front-page event.
Why existing patterns fail.
When AI agents commit transactions, deploy infrastructure, and trigger automation, the failure mode shifts from embarrassment to legal exposure. Existing controls — logs, RBAC, monitoring — were built for deterministic systems operated by humans.
Logs record what happened, usually after the fact. They rarely capture the authorization logic that permitted the event. A log shows a crash; it does not prove the brakes were applied.
Observability platforms alert after a threshold is breached. Governance requires active, blocking interception before the action occurs.
The problem is not that AI systems are malicious. The problem is that they are architecturally incapable of proving they were not. Ungoverned AI is a structural condition, not a product category.
BYOAI and Full Keon share one enforcement boundary.
Bring your own AI — any model, any agent framework. Keon governs every effect request regardless of which model produced it. The intelligence is yours. The accountability substrate is Keon's.
The Keon Collective provides the cognitive layer: councils, guilds, and workers that decompose goals, simulate futures, and challenge their own proposals — all while remaining fully governed at the Reality Boundary.
Three planes. One law each.
The only plane permitted to cross an Effect Boundary. Contains governed execution, MCP Gateway, receipt capture, and evidence linkage. Nothing may touch external reality except through governed execution.
Where intelligence operates. BYOAI or the Keon Collective. May be parallel, speculative, recursive, and emergent. May not directly cause effects.
Makes the system legible. Contains Witness Narratives, chronicles, and lineage records. Never contradicts the Reality Plane. Narrative must stay anchored to causal truth.
Separation is not a design preference. It is the physics that makes autonomous scale acceptable. A system that can think freely and act directly is ungoverned by definition.
Cognition proposes. Governance decides.
Models, agents, or councils generate intent, but they do not gain execution authority by generating it.
The governed boundary evaluates the requested effect against the active policy and records the decision context.
Only the effect path permitted by the decision result may proceed, and fail-closed posture blocks uncertainty.
Decision and outcome artifacts preserve the evidence required to review what was attempted, allowed, denied, or omitted.
Narrative and interpretation sit downstream of evidence so explanation stays anchored to the governed reality plane.
If it crossed a governed boundary, the evidence should survive review.
The properties below describe the target governed execution model and high-assurance deployment posture. Public examples should be read according to the verifier material and evidence artifacts attached to them.
Every governed effect path should bind authorization context, original input, policy version, PolicyHash, Decision Receipt, and outcome evidence according to the decision result.
An expert can independently recompute the PolicyHash and verify that the policy snapshot has not been altered since evaluation.
High-assurance deployments should verify required receipt persistence before execution proceeds. Where configured as fail-closed, missing or unverifiable receipt anchors block the effect path.
The spine is append-only, partition-scoped, and strictly ordered. Events cannot be retroactively inserted without detection.
Evidence Packs are designed to be verifier-bound artifacts. When trust material and signatures are present, byte changes should invalidate verification, and review should not require live system access.
Denied actions should preserve enough decision and outcome evidence to show that a constraint blocked the effect path. In a fail-closed path, denial is not an error condition; it is governance working.
A denied action may intentionally omit execution while preserving directive, intent, decision, and outcome evidence.
Read the normative specification behind governed execution.
Inspect the standard, the proof, and the governed ingress path.
Review the canonical CAES v0.2.0 surface and its public conformance boundaries.
Inspect the proof posture, verifier expectations, and evidence artifacts that sit under the whitepaper thesis.
See the governed ingress path where tool calls meet authorization, denial, and receipt capture.
Start a scoped conversation when you want governed execution evaluated against your actual environment.