Thought is free. Effects are governed.
Keon governs the reasoning-to-action chain for AI agents operating in production environments where actions carry legal, financial, and operational consequence — and produces audit-ready evidence for every consequential action. In BYOAI mode, any AI is governed by the Keon enforcement layer; in Full Keon mode, the Keon Collective provides the cognitive layer. Both modes share an identical governed boundary, and the enforcement substrate beneath it is the floor, not the headline.
A quick reader map.
Operational AI creates liability the moment it can trigger real-world effects across an Effect Boundary.
Keon governs the whole reasoning-to-action chain — intent, alternatives considered, authorization, execution, and outcome — not just the tool boundary.
Every consequential action produces audit-ready evidence answering three questions: was it allowed, what happened and why, and what did it cost.
Authority and causation anchor to the CAES/CPP standard; deliberation depth and viability telemetry are product-only and buyer-reproducible.
Evaluate authorization proof before AI actions touch sensitive systems.
Understand how governed execution fits existing agents and tools.
Evaluate evidence trails and conformance claims.
Understand how operational AI failures can be reconstructed.
Get the source PDF.
Unlock Governed Execution for Operational AI (v1.0) with your company and business email. The ungated CAES standards preview remains public below.
PDF: Keon_Governed_Execution_Whitepaper_v1.0.pdf
Standards preview: CAES-Constitutional-AI-Execution-Standard-v0.2.0-Draft.pdf
The hard assertion.
Keon governs the reasoning-to-action chain for autonomous AI systems and produces audit-ready evidence for consequential action. [P] Within five years, deploying autonomous AI in regulated industries without an audit-ready account of that chain may become difficult to defend operationally, legally, and commercially.
The legal, insurance, and regulatory frameworks enforcing this are already in motion. The EU AI Act establishes traceability requirements for high-risk AI systems. Insurance underwriters are developing AI-specific operational risk riders. Signed receipts, PolicyHash binding, and append-only records remain the substrate that makes the account provable — necessary, but no longer the headline.
Falsification: exhibit a Keon-governed consequential action for which no offline-verifiable account of authority, causation, and outcome can be produced. One such case falsifies the thesis.
Why existing patterns fail.
When AI agents commit transactions, deploy infrastructure, and trigger automation, the failure mode shifts from embarrassment to legal exposure. Existing controls — logs, RBAC, monitoring — were built for deterministic systems operated by humans.
Logs record what happened, usually after the fact. They rarely capture the authorization logic that permitted the event. A log shows a crash; it does not prove the brakes were applied.
Observability platforms alert after a threshold is breached. Governance requires active, blocking interception before the action occurs.
The problem is not that AI systems are malicious. The problem is that they are architecturally incapable of proving they were not. Ungoverned AI is a structural condition, not a product category.
BYOAI and Full Keon share one enforcement boundary.
Bring your own AI — any model, any agent framework. Keon governs every effect request regardless of which model produced it. The intelligence is yours. The accountability substrate is Keon's.
The Keon Collective provides the cognitive layer: councils, guilds, and workers that decompose goals, simulate futures, and challenge their own proposals — all while remaining fully governed at the Reality Boundary.
Three planes. One law each.
The only plane permitted to cross an Effect Boundary. The MCP Gateway enforces the non-bypassable tool boundary and routes to the Runtime, which owns the authority decision, execution, and receipt emission. Nothing may touch external reality except through both.
Where intelligence operates. BYOAI or the Keon Collective. May be parallel, speculative, recursive, and emergent. May not directly cause effects.
Makes the system legible. Contains Witness Narratives, chronicles, and lineage records. Never contradicts the Reality Plane. Narrative must stay anchored to causal truth.
Separation is not a design preference. It is the physics that makes autonomous scale acceptable. A system that can think freely and act directly is ungoverned by definition.
Cognition proposes. Governance decides.
Models, agents, or councils generate intent, but they do not gain execution authority by generating it.
The Gateway admits the request at the boundary; the Runtime owns the policy decision against the active policy and records the decision context. The Gateway does not own the decision.
Only the effect path permitted by the decision result may proceed, and fail-closed posture blocks uncertainty.
Decision and outcome artifacts preserve the evidence required to review what was attempted, allowed, denied, or omitted.
Narrative and interpretation sit downstream of evidence so explanation stays anchored to the governed reality plane.
The three proofs.
Audit-ready evidence is not one artifact. A consequential action satisfies the thesis only when three independent proofs hold — each answering a different question with a different mix of standard and product.
Tag legend: [S] standards-backed (CAES / CPP — referenced, not authored) · [P] product-only (real, falsifiable, not a standards claim).
Was it allowed?
Decision Receipt · PolicyHash · fail-closed — CAES L1/L2, CPP [S]
What happened, why, and what else was considered?
Causal spine + Evidence Pack [S]; deliberation evidence [P]
What did it cost? Did it stay up?
Buyer-reproducible telemetry [P]; chaos / degraded attestation partial [S] (CAES L3)
Viability is buyer-reproducible: Keon publishes metric definitions and a verification harness so you can measure the overhead yourself — no hero numbers. See the telemetry posture →
If it crossed a governed boundary, the evidence should survive review.
The properties below describe the target governed execution model and high-assurance deployment posture. Public examples should be read according to the verifier material and evidence artifacts attached to them.
Every governed effect path should bind authorization context, original input, policy version, PolicyHash, Decision Receipt, and outcome evidence according to the decision result.
An expert can independently recompute the PolicyHash and verify that the policy snapshot has not been altered since evaluation.
High-assurance deployments should verify required receipt persistence before execution proceeds. Where configured as fail-closed, missing or unverifiable receipt anchors block the effect path.
The spine is append-only, partition-scoped, and strictly ordered. Events cannot be retroactively inserted without detection.
Evidence Packs are designed to be verifier-bound artifacts. When trust material and signatures are present, byte changes should invalidate verification, and review should not require live system access.
Denied actions should preserve enough decision and outcome evidence to show that a constraint blocked the effect path. In a fail-closed path, denial is not an error condition; it is governance working.
A denied action may intentionally omit execution while preserving directive, intent, decision, and outcome evidence.
In Full Keon mode, the considered-but-rejected alternatives are preserved in Cortex / the Evidence Pack as deliberation evidence. This is a product capability, not a standards claim — it is never tagged standards-backed.
Read the normative specification behind governed execution.
Inspect the standard, the proof, and the governed ingress path.
Review the canonical CAES v0.2.0 surface and its public conformance boundaries.
Inspect the proof posture, verifier expectations, and evidence artifacts that sit under the whitepaper thesis.
See the governed ingress path where tool calls meet authorization, denial, and receipt capture.
Start a scoped conversation when you want governed execution evaluated against your actual environment.