CerbaSeal three-headed guardian mark
CERBASEAL

Deterministic execution enforcement for AI-assisted systems.

AI systems can propose actions. CerbaSeal decides whether those actions are allowed to execute.

Live Enforcement Scenarios

Run live gate scenario — each call hits a real enforcement route

Gate evaluation result
FINAL STATE
EXECUTION
REASON
INVARIANTS
// Click REJECT, HOLD, or ALLOW to run a live gate evaluation
How it works

Enforcement Boundary

CerbaSeal is an execution gate. It enforces invariant rules over a decision envelope.

Every request results in one of three states: REJECT, HOLD, or ALLOW.

AI systems may propose actions. CerbaSeal decides if execution is permitted.

All consequential actions must pass through CerbaSeal before execution.

Enforcement pipeline: decision flows into CerbaSeal gate, splits into REJECT, HOLD, or ALLOW

Enforcement pipeline — deterministic, three-outcome

System proof

What it does

Three responsibilities, backed by 372 passing tests. No claim without evidence.

  • 01Blocks unauthorized execution attempts
  • 02Enforces approval, control, and trust requirements
  • 03Produces verifiable evidence for every decision
Invariants
12 named invariants
Each decision is evaluated against all 12 invariants in sequence. No partial passes. One failure halts the evaluation.
  • INV-01
  • INV-02
  • INV-03
  • INV-04
  • INV-05
  • INV-06
  • INV-07
  • INV-08
  • INV-09
  • INV-10
  • INV-11
  • INV-12
Audit trail
Hash-linked, append-only
Every decision is hash-linked and append-only. The chain can be verified at any time. Every evaluation can be replayed — the same input always produces the same output. Each record is bound to the specific request that created it.
Authority model
AI is non-authoritative
AI is non-authoritative. Enforcement is deterministic. An AI actor cannot produce a release authorization regardless of any other field values. INV-05 fires unconditionally. No approval flag or trust state can override this check.
Status

What exists now

Honest about what is implemented and what is not. No version of this page overstates what exists.

Status Review-ready core. Not yet client deployed.

Currently implemented

  • Deterministic execution gate
  • Invariant enforcement (12 named invariants)
  • Audit chain + replay
  • Adversarial audit complete
  • Fail-closed behavior validated
  • Non-forgery protection
  • Misuse + boundary condition tests
  • 372 / 372 tests passing (15 files)

Not yet implemented

  • Client deployment
  • Third-party security review
  • Persistent storage
  • Identity provider integration
Review path

For Reviewers

Four pages, each focused on a single concern. Read in any order.

/review
Review Portal
Maturity, claims, and evidence — what is implemented, what is not, and where to verify.
/pilot
Pilot Readiness
What is ready now and what requires client definition and written agreement.
/security
Security Summary
Implemented controls, threats covered, and known limitations.
/deployment
Deployment Posture
Three deployment modes and minimum readiness checklist.
!
Limitation notice. This is a review-ready core demo, not a production client deployment. It should not be used with real client data. See the Review portal for full maturity details.