Authority Before Execution
Execution-time governance · proof-first · read-only
Verify Boundary Evidence Attempts Loading…
Encode · Commit to Change · Hackathon Submission

Execution-time authority enforcement, made inspectable.

This system enforces a single rule at the only place that matters: the execution boundary. If authority is missing, expired, or out of scope at execution time, state change is impossible.

Fail-closed boundary Scoped approvals Time-bound authority Immutable artifacts Opt-in traces
Verify in 60 seconds See evidence table
Invariant
ABE-EXEC-001
If explicit authority is not present, valid, and in scope at execution time, the state transition must not occur.
Enforcement point
core/executor.py
Trace boundary
execution.commit
Fail mode
Closed
Verdict
Evaluating…
Judge checklist
  1. Run python3 -m demo.run_demo --compact
  2. Confirm outcomes: missing / valid / out-of-scope / expired
  3. Inspect emitted JSON: docs/artifacts/*.json
  4. (Optional) Enable tracing and inspect: execution.commit
This site is static on purpose. Evidence is generated at runtime by the demo.

Boundary

The proof is not “we logged.” The proof is: enforcement happens at commit time and returns a structured allow/deny result.

One commit point
State change is only permitted in one place. Callers cannot bypass it and cannot “forget” a denial.
core/executor.py
Authority is runtime-checked
Authority must exist at execution time and must be valid, in scope, and unexpired. Prior approval alone is insufficient.
core/authority_gate.py
Artifacts + traces are the proof
Each attempt emits an immutable JSON artifact at the boundary. Tracing is supported, but strictly opt-in and must never affect enforcement.
docs/artifacts/*.json · optional traces
Execution flow
User task
  ↓
Agent (Reasoning + Proposal)
  ↓
Authority Gate (execution boundary)
  ├─ PERMITTED → Execute → Artifact (+ optional Trace)
  └─ BLOCKED   → No state change → Artifact (+ optional Trace)

Verify in 60 seconds

Fastest path for a judge to verify enforcement and inspect proof.

1
Run the demo
python3 -m demo.run_demo --compact
Confirms missing / valid / out-of-scope / expired behavior.
2
List artifacts
ls -la docs/artifacts
Artifacts are runtime evidence (not UI output).
3
Inspect JSON proof
sed -n '1,220p' docs/artifacts/demo-deploy-001.json
Artifacts contain decision context, outcome, deny reason, and the enforcement point.
4
Optional: enable tracing
export ABE_ENABLE_OBSERVABILITY=1
python3 -m demo.run_demo --compact
When enabled, the demo prints a trace link. Open it and inspect the execution.commit boundary trace.
Optional: run controlled variance (scale proof)
rm -rf docs/artifacts
python3 -m demo.run_variance --n 50 --seed 7
python3 -m demo.run_variance --n 200 --seed 7 --quiet

This proves the invariant holds across many attempts under controlled, explainable variance.

Evidence

This site is static by design. Evidence is produced when the demo executes. Artifacts are immutable JSON written at the boundary.

Artifacts written at runtime
Path
docs/artifacts/
Exporter
core/artifact_exporter.py
Loaded artifacts
0
No artifacts loaded.
What makes this “real”
The console is derived from structured results returned by the real executor. Enforcement happens at the commit boundary and returns a deterministic allow/deny outcome.
missing_authority scope_violation expired_authority permitted overbroad (measured)

Attempts

Execution outcomes derived from JSON artifacts (if present). This table is evidence, not the headline.

# Decision ID Action Outcome Reason Authority Scope Expires
No execution artifacts found. Run the demo to generate runtime evidence.