Authorize every agent action before it runs.
Execution Governance™ evaluates each AI agent tool call against your policy and returns allow or deny before execution. Fail-closed. A signed receipt on every decision.
Request -> Verify -> Allow or Deny -> Execute -> Proof
npm install @11ai/execution-governanceThe 30-second proof
A prompt injection, denied before it runs.
$ npm install @11ai/execution-governance added 2 packages, 0 vulnerabilities $ node demo.mjs DENY exfiltration: outbound call carrying secret material receipt 019f78c7-... signed: true the http.post never ran. Nothing left the machine. ALLOW safe GET allowed
The agent obeyed the injection. The gate denied it. Every decision is a signed receipt you can verify yourself. Real output from a clean install.
Pre-execution authorization
The decision happens before the action, not after. A denied call never runs.
Fail-closed
Any error, timeout, unreachable engine, or missing decision is a deny. There is no fail-open path.
Cryptographic proof
Every decision is canonical JSON, sha3-512 hashed, Ed25519 signed, and chained.
MCP gateway
Gate an existing MCP server by changing one line of config.
{
"command": "npx",
"args": ["-y", "@11ai/mcp-gate", "--policy", "eg-policy.yaml", "--", "node", "their-server.js"]
}
The proxy passes initialize, tools/list, and notifications through untouched. A tools/call is gated. A denied call is answered with a JSON-RPC error and never reaches the server.
Measured, not claimed
Reproducible in CI, not asserted in a slide.
adversarial vectors denied under the starter policy, reproducible in CI.
conformance properties checked in CI: absorption, monotone evidence growth, non-commutativity.
fail-open paths. Deny by default.
Two packages
The SDK, and a one-line MCP gate.
Ship it
Try it in 60 seconds.
npm install @11ai/execution-governance && npm run demoExecution Governance™ · Governed Execution™ · EA-11™ · Execution Arithmetic™ · Execution Evidence State™ · Patent Pending