Skip to main content

ANNIE#

Deterministic causality for autonomous AI agents.

ANNIE is a trusted execution environment for AI agents operating in high-stakes settings. Instead of trying to predict what a model will do, ANNIE holds every proposed action behind a deterministic authorization boundary — checking it against formally specified safety logic — before the action is allowed to touch the physical world.

If an action is rejected at any stage, the system rolls back to its last cryptographically-sealed safe state. Within ANNIE’s scope — the path from intent proposal to commit — approved transitions are the only transitions that reach external systems. There is no real-world action to undo, because the rejected intent was held inside the verification vessel and never dispatched.

Public boundary#

This site is the public ANNIE documentation and framing surface. The current public runnable MVP evidence lives in the Sovereign Loop Core repository at github.com/ABSatVPS/sovereign-loop-core, where PUBLIC-STATUS.md defines the implemented evidence boundary. This site does not claim production certification, regulatory approval, or that the public MVP proves every ANNIE capability described here.

What this enables#

  • Evidence-backed refusal. Out-of-policy intents are rejected by a formally specified kernel path, not a probabilistic classifier.
  • Independent audit. Every approved and rejected action is anchored in a hash-chained ledger. Customers — and regulators — can replay history and check it themselves.
  • Familiar safety language. Autonomous-agent risk is framed using the same threat-model vocabulary already used for dangerous equipment, so reviewers do not have to learn a new safety story from scratch.
  • Bounded fault response. On supported platforms, hardware exceptions are handled inside a documented response-time budget before the next authorized transition can proceed.
  • Post-quantum signed receipts. Every meaningful event leaves a signed witness using NIST-standardized post-quantum signatures.

Who this is for#

Teams deploying AI agents where a wrong action is not a UX problem — it is a liability event, a safety incident, or an irrecoverable loss.

  • Financial automation where a single misrouted transfer is catastrophic.
  • Industrial and robotics control where a bad command moves physical mass.
  • Regulated medical or legal workflows where every decision must be auditable.
  • Defense and critical-infrastructure environments where adversaries are presumed.

If your agent’s worst day costs you nothing, you do not need ANNIE. If your agent’s worst day costs you the company, you do.

How it differs from a guardrail layer#

Guardrail libraries inspect model output and try to filter what looks dangerous. ANNIE does something structurally different: it makes unauthorized action inexpressible at the actuator boundary, by requiring every intent to clear a formally specified gate before it becomes an action.

The model can propose anything. The kernel decides what is allowed.

Where to go next#

  • The Four Pillars — the four mechanisms that make this work: a hash-chained append-only event log, cache-line cryptographic memory witnesses, a hardware-fault response thread, and a bounded-latency control loop discipline.
  • Guarantees — documented guarantees, non-claims, and verification boundaries.
  • CLI reference — public command surface, including annie verify.

ANNIE is offered as a commercial product. The verification tooling is available to all license-holders so that audits never depend on our cooperation.