Keon is governed execution infrastructure for operational AI. AI systems propose actions; nothing reaches the real world until it crosses the execution boundary, is authorized under policy, and mints a signed Decision Receipt.
Thought is free. Effects are governed.
Keon is not a guardrail bolted onto an agent. It is a governed execution substrate — persistent roles, adversarial challenge, temporal branching, deterministic memory, no-bypass execution, and receipt-bound proof.
Agents come and go. Roles remember. Cortex holds the lineage. Gateway blocks every side channel. Runtime decides before effect. Control shows the whole chain.
Persistent roles that deliberate, challenge, and dream — and propose, never execute.
Append-only lineage that replays deterministically to a single Merkle root.
MCP traffic crosses the governed boundary or it does not cross at all.
No action executes without a verified Decision Receipt. Uncertainty fails closed.
The whole causal chain — branch to receipt — inspectable in real time.
Living cognition and provability, in one system.
Cognition branches, challenges, and collapses to a single intent — then crosses the execution boundary. Keon Spine becomes the causal record that binds decisions, receipts, outcomes, and supporting evidence into an inspectable chain. Select any step to see what it is and how it shows up in a governed action.
The same chain can be projected into governed memory later, but receipts and spine events remain the source of truth.
A signed record stating whether the intent is authorized, under which policy, and by whom.
keon:decision:retention:00041, authorized under FIN-RETENTION-4.2.
Constitutional AI Execution Standard — an independent, complementary standard for authorizing consequential AI actions before effect.
Constitutional Policy Protocol — defines how policy decisions are determined deterministically.
Keon Systems is a CAES v0.2.0 reference implementation; reference designation does not imply commercial endorsement, and other implementations may independently conform. This is a draft standard. No external validation, blanket scope alignment, or final-standards status is implied.
Thoughts are free; effects are governed. Logs tell you what happened after the fact. Guardrails try to steer behavior without authority. Keon decides whether the action is allowed before it happens, and the receipt proves what was decided, under which policy, and with what authority.
Keon Runtime is model-agnostic and platform-agnostic. Upstream systems can propose intent, but effects cross the governed boundary through Runtime: authorization is proved before execution, and receipts bind the outcome after execution.
AI proposes. Runtime decides. Execution waits.
Frameworks like LangGraph, CrewAI, and OpenClaw make autonomous agents easier to deploy. Keon exists for the boundary those systems still need: Runtime authorization before effect.
MCP is the primary integration. Any AI or tool path can route through the MCP Gateway and inherit Keon's authorization, receipts, and fail-closed enforcement.
No side door. No silent bypass.
If it routes through the boundary, it is governed.
Standard governance boundary. Route MCP traffic through Keon.
For services, platforms, and remote agents.
For local and agent-side processes.
For local development and agent workflows.
Lightweight Python, TypeScript, and C# helpers. SDK is not required to govern AI.
See the decision, policy hash, receipt chain, and evidence pack behind a deterministic governed-action example — the three proofs of authority, causation, and viability.
Govern the reasoning-to-action chain and produce audit-ready evidence for every consequential action. Authorization, receipts, and fail-closed enforcement — from the first branch to the final receipt.