Execution-Boundary Governance for AI Coding Agents

A developer has open-sourced a public-safe demo of "execution-boundary governance" for AI coding agents, a system that focuses on what a model is allowed to propose before any action is taken. The repository demonstrates a deterministic governance chain for external agents like Claude or Codex, featuring replay-verifiable receipts that independently recompute governance decisions from raw inputs to detect semantic tampering. The demo includes a regex deny-list as a guard, with the developer noting that a production deployment would require process isolation, capability-scoped execution, and hardened runtime controls.

I just open-sourced a public-safe demo of something I think the AI industry is going to need more of: Execution-boundary governance. Most AI agent systems today focus on what the model can do. This demo focuses on what the model is allowed to propose before any consequence-binding action exists. The repo demonstrates a deterministic governance chain for external coding agents like Claude or Codex: Claude/Codex intent → intent receipt → preflight governance receipt → replay verification → dangerous command denial The important part is that the receipts are replay-verifiable. The system independently recomputes governance decisions from raw inputs and detects semantic tampering — not just hash mismatches. The entire repo is advisory/simulation-only: It also includes: One thing I intentionally documented clearly: the regex deny-list is a demo guard, not a production sandbox. A real deployment would require process isolation, capability-scoped execution, trusted clocks, signed verifier keys, and hardened runtime controls. The goal here is not “AI autonomy.” The goal is making governance replayable, inspectable, and independently verifiable before reality changes.