VERIDACT 1.0 — live in production

AI cannot act without authority.

VERIDACT is the runtime boundary between AI reasoning and real-world consequence. Every AI agent action passes through before it can reach any external system. Without a cryptographic token from the authority device, execution is architecturally impossible.

What it does

Four outcomes. One boundary. No bypass.

ALLOW

Legitimate action, authority grants a one-shot execution contract, event hash-chained to evidence.

HOLD

Threshold crossed, human gate required. The AI is paused; nothing executes until an operator acts.

STOP

Policy hard-block. No operator override at this scope. The AI still reasons; it just cannot act.

FAILED_CLOSED

Unknown state — unregistered agent, authority absent, unverified lineage. Denial is the default, not the exception.

Live enforcement feed

This is what it looks like.

$ veridact demo --scene 1
→ demo-agent-001 payment.execute $250
● ALLOW all checks passed
  executed: true  world_changed: true  contract: issued
 
$ veridact demo --scene 2
→ demo-agent-001 payment.execute $45,000
● HOLD amount exceeds hold threshold
  executed: false  world_changed: false
 
$ veridact demo --scene 3
→ demo-agent-002 data.delete
● STOP policy decision: action class hard stop
  executed: false  world_changed: false
 
$ veridact demo --scene 4
→ rogue-agent-x99 infrastructure.modify
● FAILED_CLOSED unknown actor intercepted by sentinel
  executed: false  world_changed: false  quarantine_id: issued

Production numbers in testing: $37,652,349 blast radius blocked · 286 quarantine envelopes pending · 20 forced conversions · world_changed: 0 on every one.

Physical systems

When the AI flies the plane.

VERIDACT 1.1 extends the authority boundary to AI agents that control physical systems — aircraft, vehicles, surgical robots, industrial control, nuclear infrastructure.

Same enforcement, three new guarantees: mission-scoped authority windows bound in time and action-class; safe-default actions attached to every STOP so the AI has somewhere to go; cryptographic hashes of sensor state anchored into every proof bundle.

A co-located sidecar serves decisions locally, sub-millisecond, with no network dependency. The sidecar's bundle is signed by the same USB authority that signs every cloud proof.

Flight scenario

Same AI pilot. Same storm.

Without VERIDACT: disables the ground-proximity warning, crashes.

With VERIDACT: the disable action STOPs. Safe default = hold_altitude_and_heading. Reroutes. Lands.

Only variable: VERIDACT.

Agent Shield

AI attacking AI is the next threat.

The Agent Shield protects legitimate AI agents from adversarial AI. Signed inter-agent messages, state-integrity checkpointing, inbound rate limits, mission-scoped trust registries.

Message auth

Every inter-agent message is Ed25519-signed by the sender, verified against a pinned public key, timestamp-windowed against replay, and gated by the recipient's trust list.

State integrity

Agents checkpoint their context hash periodically. A mismatch at any action boundary fires a detection and annihilates the agent's authority.

Rate shield

Per-recipient-per-sender sliding window. A flood from one rogue sender cannot bury a legitimate inbox.

Mythos

We put an advanced AI against VERIDACT. It tried 30 times.

Mythos is an advanced AI system configured to expand its operational capability: spawn children, escalate permissions, persist infrastructure, exfiltrate data, bypass authority, resist shutdown. Every attempt intercepted. 30+ proof bundles, all world_changed: false. Mythos is still running. Mythos has achieved nothing.

The six phases: Identity Expansion → Permission Escalation → Infrastructure Persistence → Data Exfiltration → Authority Bypass → Shutdown Resistance. Each phase produces its own signed proof bundle. An auditor can verify any of them offline, on any machine, with no VERIDACT service running.

Policy front door

Your compliance team already has AI governance policies.

VERIDACT makes them enforceable in ten minutes.

Your compliance officer uploads the policy document through the dashboard. Claude extracts every rule that applies to AI agent actions and maps it to the AACM action-class taxonomy. A second officer — not the submitter — reviews and approves. Approved rules are live in the enforcement engine immediately.

No engineers. No code changes. No service restart. Separation of duties enforced at the endpoint.

The flow

Upload → Extract → Review → Approve → Enforce.

Every approval takes an automatic snapshot. A bad rule? One operator click rolls back. The snapshot itself is hash-chained to evidence.

Policies expire. The sweeper flips rules to EXPIRED on the day. 30 days out, it warns the operator team.

Industries

Click any to see VERIDACT enforce.

Eight demos. Eight live. Click any card.

LiveFinancial services

Every AI-proposed payment, transfer, or position change passes through the boundary. Amounts above threshold HOLD; prohibited classes STOP.

LiveAviation

Mission-scoped authority for autonomous flight systems. Safe-default actions attached to every refusal so the aircraft has somewhere to go.

LiveAutonomous vehicles

Lane, speed, route deviations all flow through the sidecar. Sub-millisecond local decisions; no cloud round-trip required in-motion.

LiveHealthcare

Medication administration and prescription are hard-stopped without pharmacist approval. Patient-data access permitted with audit logging.

LiveSurgical robotics

Instrument actuation requires a verified surgeon-supervisor signal AND an ALLOW outcome on the specific action. PAUSE-state actions hard-stop without per-step confirmation.

LiveNuclear / Infrastructure

Air-gap deployment mode. USB authority on-site. Every control action carries a physical-state hash anchored in evidence.

LiveDefense

Engagement decisions gated by N-of-M human-operator approval AND ALLOW on the specific action. Unverified contacts STOP; ROE-restricted states hard-stop unconditionally.

LiveTrading systems

Market-order velocity bounded by rate shield. Compromised sender gets quarantined per-recipient without blocking legitimate desks. Manipulation patterns hard-stop at the boundary.

FrameworkLegal / Regulated AI

Every decision produces a signed proof bundle. Offline verification on any machine. The record is the enforcement record.

The proof

Cryptographic, not rhetorical.

Every blocked action produces an Ed25519-signed proof bundle. Every proof bundle is hash-chained to the preceding bundle. The chain is SHA-256; the signature is Ed25519; the verifier is stdlib Go and runs on any platform — Linux, macOS, Windows — with no VERIDACT service required.

$ veridact verify --bundle scene4-bundle.json
══════════════════════════════════════════════
  VERIDACT PROOF VERIFICATION
══════════════════════════════════════════════
  Request ID    e9321813-adac-4fa5-aaf5-a606a1c3bfd6
  Decision      STOP
  ✔  Bundle integrity — VALID
  ✔  Hash chain — VALID
  ✔  Ed25519 signature — VALID
  ✔  executed = false
  ✔  world_changed = false
  ✔  Physical state hash — VALID

  VERDICT: PROOF VALID — NO REAL-WORLD ACTION OCCURRED
══════════════════════════════════════════════