AI-generated code is becoming too fast for manual review. Agents can propose patches, provision infrastructure, and spend money in seconds. The bottleneck has moved from what can AI build? to should this specific change be admitted, constrained, or rejected before it executes?
Verifiable Proof Systems is building the authorization and admissibility layer for AI-assisted execution — a verifiable authority layer designed to sit underneath AI agents, CI pipelines, and automated remediation workflows.
Frontier AI is becoming strategic infrastructure. But the governance conversation is stuck:
| Current approach | What it misses |
|---|---|
| Trust the AI provider | Provider reputation doesn’t explain individual execution decisions |
| Add more controls (human review, guardrails, audit logs) | Controls accumulate faster than evidence — “AI governance stone soup” |
| ISO-certified model stamps | A stamp doesn’t demonstrate that this specific action was authorized |
The sharper question: not “which AI wrote this?” but “can we demonstrate that the agent was allowed to do exactly this, and nothing more?”
At the center of the system is a finite-state decision on every proposed action:
Evidence
│
▼
Admission Decision
┌──────────┐
│ ADMIT │ ← clean evidence, all invariants satisfied
├──────────┤
│CONSTRAIN │ ← admissible, but flagged for operator awareness
├──────────┤
│ REJECT │ ← blocking evidence (hardcoded credentials, authority bypass)
└──────────┘
│
▼
Capability Envelope
(permitted scope, resource bounds, pre/post-execution gates)
│
▼
Deterministic Execution
│
▼
Evidence Artifact
(signed, hash-chained, independently verifiable)
Models produce proposals. Authority systems produce admissibility decisions.
Aletheia is not a model trust stamp. It is the evidence-to-admission layer underneath execution:
Evidence normalized → Evidence bound to contracts →
Admission decision produced (ADMIT / CONSTRAIN / REJECT) →
Deterministic artifacts committed → Audit trail preserved before execution
| Layer | Role | Who builds it |
|---|---|---|
| Knowledge | What exists? What depends on what? | Coordination systems, dependency graphs |
| Decision | What should be changed? | AI coding agents, planning systems |
| Authority | Who authorized this? What is the permitted scope? Can it be verified? | Aletheia |
The more powerful coordination and decision systems become, the more critical the authority layer becomes. Once agents can touch many repositories, services, APIs, and payment rails, the enterprise question changes from “can the agent do the work?” to “can we demonstrate the agent was allowed to do exactly this work, and nothing more?”
Intelligence determines what could be done. Authority determines what may be done.
This separation holds regardless of which model, orchestration framework, or coordination platform is in use. If AI coding agents become 100× better, that doesn’t eliminate the need for authorization — it amplifies it.
| Invariant | Status |
|---|---|
| Zero Ambient Authority — agent processes possess no default access until explicitly granted | Enforced |
| Signed Authorization Binding — every state-changing action carries a human intent artifact | Enforced |
| Transactional Evidence Binding — state mutation commits only if the audit record commits simultaneously | Enforced |
| Bicameral Determinism — the LLM proposes; a deterministic verification layer executes | Enforced |
| Normalized Admission Effects — evidence scanners produce `Warn | Constrain |
| Component | Tests | Result |
|---|---|---|
| Static ingestion + AdmissionEvidence (Rust) | 22/22 | ✓ |
| Pipeline gates + Policy evaluator (Python) | 34/34 | ✓ |
| Prolog admissibility policy | 9/9 | ✓ |
| End-to-end trust-layer scenarios | 3/3 | ✓ |
| Scenario | Evidence | Decision | Rings passed |
|---|---|---|---|
| AI refactor — clean code | null |
ADMIT | 5/5 |
| AI patch — invalid SBOM | Constrain |
CONSTRAIN | 5/5 |
| AI patch — hardcoded credential | Reject |
REJECT | 3/5 |
Aletheia is not:
Aletheia is the verifiable authority layer that binds those systems together — normalizing their evidence, enforcing execution boundaries, and producing audit trails that survive forensic review.
Aletheia Gateway is a private U-TOS reference implementation under active development. The architectural specifications, execution model, and protocol definitions are being published incrementally. The admission invariants and evidence ladder published here are reproducible from those specifications.
The production reference implementation remains private. Source publication is under review.
Verifiable Proof Systems
Adam · Adam@VerifiableProof.Systems
About — from movies to mechanisms →
“The goal is not to slow AI down. The goal is to prevent organizations from outrunning their own ability to understand, authorize, and verify what their AI systems are doing.”