Live — 8.3M+ TAOs minted · Zero exceptions

STS-001 · Pre-Execution Authorization

NSF I-Corps · Lehigh University 2026

No TAO,
no write.

TAO — Typed Authorization Object

Not blocked by a rule.

Blocked by construction.

Steward and Sync enforces pre-execution authorization at the persistence layer — for any actor, any system, any regulated environment. Every write to a system of record requires a cryptographically-signed authorization object before it happens. There is no configuration that bypasses this. It is the architecture.

Request Briefing See the Architecture

Follow the thinking on Substack ↗

NSF I-Corps Northeast HubIEEE Transactions on Information TheoryElsevier Finite Fields & ApplicationsUSPTO · 5 Provisionals PendingZenodo CC BY 4.0

8.3M+

authorization decisions minted, live deployment

U.S. provisional patents

13.8B+

cases verified

papers under peer review

The Problem

Every other governance system operates after the fact.

Filters, classifiers, behavioral monitors, policy engines — they all run at the application layer and they all fire after a decision has already been made. When they catch something, the action has already been attempted. The audit log records what happened. It does not prove what was authorized before it happened.

In regulated environments — pharma, finance, critical infrastructure, defense — that distinction is the difference between compliance and liability.

AI agents are being deployed in FDA-regulated labs, financial trading systems, and critical infrastructure now. Regulators are asking a question the existing tooling cannot answer: prove that action was authorized before it executed.

The Architecture

The gate sits below the application. Below the agent. Below the pipeline.

STS-001 places the enforcement point at the persistence layer — at the moment a write is attempted, not after it succeeds. Any actor must present a valid TAO before the write proceeds.

The authorization layer is not a classifier. It is a deterministic mathematical gate, verified by exhaustive computation across 13.8 billion cases with zero exceptions. Authorization is proven before execution, or the write does not proceed.

Multi-Plane Architecture

STS-001

Governance Plane

Analogous to: QA / Regulatory Affairs

Issues TAOs. Evaluates authorization requests against policy. Produces tamper-evident receipts. Structurally isolated from the Reasoning Plane — the approver can never be the executor.

Reasoning Plane

Analogous to: Operations / Manufacturing

Where AI agents, models, human operators, and automated pipelines run. Any actor may propose an action. No actor in this plane can alter durable state directly — ever. Proposal is not authorization.

Persistence Plane

Analogous to: LIMS / EHR / System of Record

All writes to systems of record. Accepts only TAO-bearing transactions. Rejects unsigned or replayed authorization attempts below the application. Appends a cryptographic receipt to the append-only ledger before the write completes.

The Architectural Principle

"Information flows forward. Authority does not flow back."

The system that generates an action has no standing to evaluate its own action. Authorization is defined outside the system — or it is not authorization at all. A governed gate is not a feature you add. It is a plane you separate.

Read: "The Gate Stands Outside" ↗

Writing

The arguments behind the architecture.

All posts ↗

The Gate Stands Outside

Most AI governance today is a prop.

A lock is meaningless if the locked system can reach the key. Most governance operates inside the same trust boundary as the system it governs. That is not governance. That is a governance-shaped interface.

You Cannot Certify Yourself

A system that cannot certify itself is not a broken system. It is an honest system.

Capability and authority are orthogonal properties. Merging them produces a capable system that tells you it is governed — not one that actually is. Authorization is defined outside the system, or it is not authorization.

Probability Is Not a Wall

Probability is not a wall. Probability is a distribution.

For most applications, a 99.99% guardrail is sufficient. For regulated systems — where one unauthorized write creates liability, audit failure, or physical harm — it is not. Architecture doesn't fail at the tail.

The Gap-3 Phenomenon

The math isn't decoration. It's the enforcement mechanism.

Most mathematical conjectures live in the land of probably true. After 13.8 billion exhaustively computed cases with zero exceptions, the authorization structure moved out of that category.

All posts on Substack ↗

For Practitioners

Integration, operations, and the math behind the gate.

No compliance theater. No hand-waving about "AI safety." Just the architecture, the deterministic mathematics, and what it means for the systems you build and operate. All open-access. No NDA required.

Read the Practitioner Guide Open-Access Monograph ↗

Four-tier verification taxonomy — where your current stack sits

Zero-application-change integration at the persistence boundary

Legacy system governance without revalidation or replacement

Sovereign infrastructure — air-gap capable, no subscription dependency

Operational reality: latency, failure modes, monitoring, answers

Regulated Environments

Any actor. Any system. Any sector.

FDA 21 CFR Part 11 · GAMP 5 · ALCOA+

Pharma & Life Sciences

Every LIMS write, batch record update, and deviation log requires a TAO. Electronic signatures are TAOs. Reviewer independence is structural, not configured.

ISA/IEC 62443 · GAMP 5 Cat 4–5

Manufacturing & MES

Process parameter changes and recipe updates are TAO-gated at the persistence layer before they reach the controller.

SR 11-7 · SOX · DORA

Financial Systems

Trade execution and ledger entries each require a cryptographically-bound pre-authorization receipt. The audit trail is not a log — it is the proof.

NERC CIP · IEC 62443

Critical Infrastructure

SCADA/ICS setpoint commands are TAO-gated at the authorization layer — before the command is dispatched to the controller. No TAO, no authorized setpoint command. Not blocked by a rule.

HIPAA · HITECH · 21st Century Cures

Healthcare

EHR writes and order entry require pre-execution certificates for every actor — human or AI. Authorization is a receipt, not an access log.

NIST AI RMF · ISO/IEC 42001 · CMMC

Defense & Government

Every privileged action produces a tamper-evident receipt before the action executes.

View all use cases →

Research & Intellectual Property

PR1–PR5

Five U.S. Provisional Patents

STS-001 family. Architecture, TAO protocol, persistence-layer enforcement, and deterministic authorization.

IEEE · Elsevier

3 Papers Under Peer Review

Deterministic authorization research under review at IEEE Transactions on Information Theory and Elsevier Finite Fields and Their Applications.

13.8B+

Cases Verified — Zero Exceptions

The authorization structure is verified by exhaustive computation. The decision is proven, not calibrated.

View research & patents →

Ready to make non-compliant writes
structurally impossible?

We are working with a limited set of design partners in regulated industries. Tell us about your environment.

Request Briefing

NDA available upon request · Design partner engagements are confidential

No TAO,no write.