Back to Glossary
VEX

VEX Protocol

governed executioncryptographic evidenceautonomous AI

The VEX Protocol is a governed execution and evidence system that separates proposed action from authorized execution, revalidates state before consequence, and preserves cryptographically verifiable records of what crossed the boundary.

THE GOVERNANCE GAP

Autonomous agents currently operate without formal boundaries or verifiable records. When an agent executes a tool call, there is no standardized record of who authorized it, what goal it was pursuing, or what actually happened. Post-incident investigations are reduced to log analysis and speculation. VEX closes this accountability gap by governing execution at the boundary.

PROTOCOL CONTEXT (GOVERNED EXECUTION)

The VEX Protocol provides governed execution for high-risk agent actions. Its architecture separates proposal from authorization, validates state before consequence, and preserves cryptographically verifiable evidence:

Proposal vs Authorization

Proposed actions are separated from authorized execution. The model proposes; the governance layer authorizes before consequence-bearing governed actions proceed.

State Revalidation

Execution state is revalidated before consequence. Pre-commit rebind ensures the target context matches what was authorized.

Fail-Closed Progression

If any validation fails, execution halts. The default is deny, not allow. Failed paths produce reviewable evidence.

Cryptographic Evidence

What crossed the boundary is preserved in tamper-evident form. The evidence is verifiable and auditable for compliance and incident response.

ProvnAI Mitigation

VEX is implemented through vex-core (the protocol library) and can integrate with McpVanguard (the enforcement proxy). Governed execution is intended to preserve cryptographically verifiable evidence at the execution boundary. Hardware-backed identity and TEE-backed deployment are being explored in pilot and research configurations as the stack matures.