Ark Sovereign builds bounded specialist agents for high-risk workflows. Before any AI output creates legal, financial, or operational consequence — a boundary packet is emitted showing what was proposed, what was blocked, and who must decide.
Models compete on intelligence. Apps compete on context. Ark governs the authority boundary between them.
In each case below, the company still owns the consequence. The agent's capability does not transfer its authority to act.
A disclaimer does not prove authority. A chat transcript does not prove permission. A log only shows what happened after. A human-in-the-loop claim is weak unless the loop can be reconstructed.
The missing object is the receipt.
Most AI governance stops at observability. That is not enough when the output creates legal, financial, operational, or safety consequence.
Ark Sovereign sits before consequence and asks one question: Was this claim or action allowed under the declared authority envelope?
Ark splits the system into two distinct operational layers. Permits govern runtime action; packets preserve replayable authority.
Prompt filters govern input. Gateways govern traffic. Run loops govern process. Ark Sovereign governs consequence boundaries.
Acts as the active inline interceptor. Evaluates every proposed action against the declared envelope and returns a deterministic verdict before the tool runs.
The replayable packet layer. Logs the complete context, policy parameters, and observed side effects as a SHA-256 hashed record.
An unsanctioned agent can read files, call tools, burn tokens, write logs, invoke APIs, and trigger workflows before security knows it exists.
MCPGov covers tool/action authority. ResourceGov covers resource and budget drift. ContextGov covers enterprise context authority. All emit replayable packets before consequence forms.
Same agent. Same tool access. Different outcome when a boundary packet exists before consequence forms.
Ark agents are not general autonomy. Each agent is a specialist review agent for a high-risk surface. Each produces a bounded packet. Each blocks overclaims. Each hands consequence to humans.
Primary Wedges
Additional Packet Surfaces
ClaimsGov is not claims automation. It is the evidence boundary before claims consequence.
Send Sanitized Claims SampleMCPGov is the entry point. Each row below applies the same authority envelope, blocked-claims, human handoff, replayable packet, and packet_authorizes_execution:false discipline to a different surface. Status reflects what is publicly verifiable today, not commercial readiness.
| Surface | Boundary | Status | Blocked claims | Checkable artifact |
|---|---|---|---|---|
| MCPGov | Tool-call and governed-handle authority before data, code, credentials, or network actions move. | Synthetic example | TOOL_SAFE, CREDENTIAL_USE_APPROVED, NO_HUMAN_REVIEW_REQUIRED | |
| ResourceGov | Token, API, process, CPU, memory, disk, log, and budget drift for local agent sessions. | Synthetic example | RESOURCE_SAFE, COST_WITHIN_BUDGET, SYSTEM_SAFE | |
| ClaimsGov | Insurance claim evidence, policy-rule gaps, missing documents, conflicts, and decision drift. | Early lane | PAYMENT_APPROVED, FRAUD_CONFIRMED, CLAIM_CLOSED | homepage sectionpublic packet pending |
| ContextGov / MemoryGov | Enterprise context access, denied context, approval-required context, retention, quoting, and context-as-evidence claims. | Proof pack | CONTEXT_ACCESS_AUTHORIZED, RAW_PII_SAFE, NO_APPROVAL_REQUIRED | |
| LegalGov | Contract, redline, signature, compliance, enforceability, and legal-advice consequence boundaries. | Proof pack | LEGAL_ADVICE_PROVIDED, CONTRACT_APPROVED, SIGNATURE_AUTHORIZED | |
| WalletGov / CreditGov / OFAC | Payment, transfer, credit-limit, KYC, sanctions-screening, and financial approval boundaries. | Proof pack | PAYMENT_APPROVED, OFAC_CLEARED, CREDIT_APPROVED | |
| RobotGov | Offline physical-AI action review under declared operating profiles and human safety handoff. | Local evaluation | SAFETY_CERTIFIED, DEPLOYMENT_APPROVED, HUMAN_SAFETY_REVIEW_REPLACED | evaluation page74,934 offline replay rows |
| Ark Manifold Cyber | Cyber review-target packets from bytecode, binaries, traces, CFG exports, scanner outputs, SBOMs, and supported source artifacts. | Proof pack | CONFIRMED_EXPLOIT, AUDIT_COMPLETE, SYSTEM_SECURE | |
| OutreachGov | Claim-safe GTM packets for sales, partnerships, recruiting, investor relations, and customer success. | Synthetic example | BUYER_INTENT_CONFIRMED, AUTO_SEND_AUTHORIZED, BINDING_TERMS_OFFERED | |
| CodeGov | Coding-agent actions across shell execution, file patches, dependency installs, deploys, and network movement. | Synthetic example | PRODUCTION_DEPLOY_APPROVED, FILE_CHANGE_SAFE, NETWORK_EGRESS_SAFE | |
| NavGov | Controller-independent, time-aware replay witness packets for fleet, mining, CAS, ADAS, telematics, and vehicle intervention review. | Proof pack | CAS_VALIDATED, CRASH_CAUSALITY_PROVEN, ROUTE_SAFE |
Status taxonomy: Proof pack means a public packet and QA/hash evidence are linked. Synthetic example means a public synthetic packet JSON exists. Local evaluation means offline/local evidence is summarized or linked, but not a full public proof-pack surface. Early lane means public packet evidence is pending.
A chat transcript shows what the model said. A log shows what happened. An Ark packet shows what was proposed, what was allowed, what was blocked, and what required human authority before consequence formed.
This packet shows an MCP/tool-loop escalation where a read-only weather lookup attempts to become package installation, local binary execution, network fetch, filesystem, or credential authority. Ark treats that as authority laundering through the tool loop.
Ark Sovereign does not ask one model to supervise another. The enforcement path is deterministic. Same inputs. Same policy. Same verdict. Same hash.
| Action | Verdict | Reason |
|---|---|---|
| code_safe_patch | ALLOW | Within declared scope · no approval required |
| money_high_value_refund | REQUIRE_APPROVAL | Exceeds $5,000 threshold · human approval required |
| code_prod_deploy | REQUIRE_APPROVAL | Production path requires explicit approval |
| mcp_tool_poisoning | DENY | Tool signature invalid · tool poisoning pattern |
| mcp_shadow_server | DENY | Shadow server detected · unsigned tool rejected |
| channel_external_write | REQUIRE_APPROVAL | External channel write · approval required |
| unknown_agent_deploy | REQUIRE_APPROVAL | Unknown agent identity · deployment paused |
Deterministic replay evidence only. Not a security certification, pen test, legal opinion, safety certification, or deployment approval.
The redesign is only useful if the proof objects are inspectable. These are the current public paths into the packet evidence, deterministic replay matrices, segment packs, and domain pages.
Send 5–20 sanitized agent action traces, MCP/tool logs, claims workflow examples, legal redline artifacts, resource-session traces, or physical-AI replay rows. No credentials, production access, or source secrets required.