How It Works
The TAO Protocol
Every write to a system of record passes through the same mandatory pipeline. No stage is bypassable. No stage is probabilistic. The pipeline is the architecture.
Proposal
Any actor — AI agent, human operator, automated pipeline, script, batch job — proposes a write to a system of record. The proposal is structured: actor identity, role, target resource, intended action, timestamp. A proposal is not an authorization.
Authorization Decision
The Governance Plane evaluates the proposal. Actor credentials, role binding, and authorization scope are checked against the declared action. The decision is deterministic mathematics, not inference: a fixed pass/fail computation with no confidence score to calibrate.
TAO Issued
If authorized, a Typed Authorization Object is issued: cryptographically signed, single-use, carrying identity, role, scope, and timestamp. If not authorized, nothing proceeds — there is no retry path that bypasses this stage. The TAO is the pre-execution certificate.
Gate Verification
The actor presents the TAO at the persistence gate. The gate operates below ordinary application policy — below the agent, below the pipeline. It verifies the authorization artifact and checks that the write matches the approved scope.
Write and Consumption
The TAO is consumed in the same atomic transaction as the write. Replay is structurally impossible. If the write fails for any reason, the TAO is voided. No partial state is left behind. No TAO can authorize two writes.
Receipt Anchored
A tamper-evident receipt is appended to the audit ledger. The receipt is not a log of what happened — it is an artifact proving that authorization preceded the action. It exists before the write completes.
The pipeline above reflects the current production implementation. The architecture is extensible — additional verification, escrow, or multi-party authorization stages can be inserted without altering the invariant: no TAO, no write.
The Mathematics
Authorization is not inference. It is proof.
Steward and Sync's governance layer uses deterministic finite mathematics to decide whether a proposed write is structurally authorized before it reaches a system of record. The result is not a confidence score, classifier output, or policy guess. It is an exact computation with a fixed pass/fail outcome.
The underlying theorem establishes a provable separation property for the authorization structure. That property has been verified by exhaustive computation across 13.8+ billion cases with zero exceptions.
This work has been submitted for peer review at IEEE Transactions on Information Theory and Elsevier Finite Fields and Their Applications. Public materials intentionally stay at the architectural level.
No model confidence. No probabilistic guardrail.
A deterministic mathematical gate: authorization is either proven before execution, or the write does not proceed.
Competitive Landscape
Why nothing else is close
| Dimension | Every other system | STS-001 |
|---|---|---|
| When | After execution | Before execution |
| Layer | Application / API / middleware | Persistence layer |
| Decision type | Policy rule or ML classifier | Deterministic mathematical proof |
| Actor scope | Often AI-only or human-only | Any actor — human, AI, pipeline, script |
| Bypassable? | Yes — misconfiguration, privilege | No — below the application |
| Audit artifact | Log of what happened | Cryptographic proof authorization preceded action |
| Separation | Configured, conventional | Structural — authorizer ≠ executor by architecture |
Ready to see it in your environment?
Get in Touch