The protocol layer that makes autonomous AI reviewable before it acts.

VEX puts a control point between what the agent suggests and what actually runs — then proves it happened that way.

Explore a pilotTechnical overview
Pre-execution control
Verifiable offline
Cross-deployment
Evidence capsule
Execution with governance attached
Bound
Authority

Actor, scope, and decision basis.

Intent

Proposed action as structured context.

Identity

Principal bound to the evidence record.

Witness

Outcome cryptographically sealed for review.

Why it matters

VEX changes the contract between an agent and a privileged system.

Instead of asking whether a model looked aligned after the fact, VEX places an explicit governance layer between suggested action and real consequence.

Proposal is no longer permission

VEX treats model output as a request for action, not authority to execute. That split is the foundation of governed autonomy.

Authorization moves outside the model

Scope, policy, and runtime controls are evaluated independently, reducing the agent's ability to self-expand its trust boundary.

The result becomes a reviewable record

Each action that matters is bound to context, the reasoning behind it, and the outcome — so you can reconstruct what happened later.

Evidence Capsule

What an artifact looks like

Every action governed by VEX produces a cryptographically sealed Evidence Capsule. Here is a realistic example of what gets generated.

vex-cap-9f3a2b1e-7d4c
SEALED1.0.0
network: provn-localnetts: 2026-05-24T14:32:17.843Z
Authority
auth:sha256:a7f3c9...e4d2
principal:org:provn:platform-team
intent_scope:filesystem:read:/var/data/invoices/*
tool_allowlist:[fs_read, api_call, db_query]
signature:0x9a2f...b7e1
Intent
intent:sha256:c8e1b2...f5a3
declared_goal:Generate monthly compliance report
session_id:sess-7c4a-9f2b-11e3
constraints:read-only, no-egress, 30s-timeout
signature:0x3d4e...a9c2
Identity
id:sha256:d2a5f7...c8b1
agent_id:agent:provn:v1:0x7a9c...
hardware_root:tpm:ek:AIK-ABCD-1234
runtime_env:tee:snp:sev-es:0x3f2a
attestation:0x5e6f...d3a1
Witness
witness:sha256:e3b6a1...d7c4
merkle_root:0x1a2b3c...4d5e6f
prev_hash:0x9f8e7d...6c5b4a
log_entries:14
signature:0x7b8c...e2f1
Seal
merkle_root0x1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d
prev_capsule0x9f8e7d6c5b4a39281726354
signature0x7b8c9d0e1f2a3b4c5d6e7f8
Execution flow

Four steps between model output and consequence.

VEX is intentionally small at the control point. Its job is to make the execution boundary explicit, enforceable, and inspectable before the system acts.

01

Proposal

The agent proposes an action, target, and intended effect. Proposal is captured before any privileged execution begins.

02

Scope check

Runtime context, resource constraints, and execution surface are checked against the declared request.

03

Independent authorization

Policy controls outside the agent boundary determine whether the action is admissible in the first place.

04

Evidence sealing

Execution outcome and decision basis are bound into reviewable evidence — including denied, escalated, or blocked paths where relevant.

Architecture position

VEX is the control point, not the entire stack.

ProvnAI contributes across adjacent governance work, but VEX has a narrow and valuable role: it sits where proposed action becomes real execution and makes that boundary externally governable.

VEX
Execution boundary layer

The execution boundary layer where proposed action is independently authorized and sealed into evidence.

Governance framing layer (AGCP)

Governance framing, admissibility models, and higher-order control assumptions.

CHORA

Authority, witness, and continuation primitives that complement controlled execution.

Product maturity

Clean lines between what is shipped and what is in pilot.

The protocol story is strongest when it is precise. This roadmap distinguishes what is available today from what we are actively piloting with design partners.

Available now
  • Controlled execution surface
  • Cryptographically sealed evidence
  • Portable evidence artifacts
  • Local verification tooling
In pilot
  • Enterprise deployment patterns
  • Design partner integrations
  • Policy and review workflows
Audience

Built for environments where AI consequence is material.

VEX is not a general-purpose chatbot feature. It is for teams that need a protocol surface around real execution, policy, and evidentiary review.

Enterprise platform teams

Teams introducing autonomous systems into production environments where privileged actions need someone to review and sign off before they run.

Public sector and regulated environments

Organizations that need AI decisions to be designed for auditability, attribution, and review under formal oversight.

Research, standards, and assurance collaborators

Groups working on formal verification, identity, admissibility, and cryptographic proof paths for agentic systems.

Pilot access

Secure your
autonomous AI agents

We are accepting a limited number of design partners and pilot deployments for secure agent execution. Tell us what you are building.

Enterprise & Startup Pilots

Deploy controlled execution for your agent stack. We work directly with your security and platform teams.

Public-Sector & Consortium

Standard-setting conversations for secure AI in regulated environments. EU AI Act, DORA, SOC2 alignment.

Architecture Collaboration

Formal verification, ZK proof systems, hardware-rooted identity. We support open academic and institutional collaboration.

We read every submission and reply within two business days.

Submissions are reviewed directly by the ProvnAI team. We do not share your information with third parties.