Agents Get Authority Tiers, Not Admin Keys.
AUTHREX Governance Kernel is a Docker-verified, synthetic-data MVP prepared for structured external technical review. It demonstrates agent authority-tier enforcement, human approval gating, signed audit evidence, reviewer packet export, latency/load testing, and ledger tamper detection. No operational validation or agency endorsement is claimed.
The Governance Kernel is the core runtime decision and enforcement engine of the AUTHREX program. It calculates and enforces authority. A mission-authority continuity profile currently in design will carry that authority through disconnected operations; it is part of the Kernel architecture, not a parallel product line. The Kernel bounds and records authorized behavior at its enforcement point. Its guarantees depend on placement, platform integrity, protected keys, and the integrity of downstream actuation paths.
| FINAL CODE ARTIFACT | QA10 closed the internal QA sequence after repeated structured review passes. The current internal QA cycle is complete. Independent external reproduction and adversarial review are the next evidence priorities. | FINAL |
| LOCAL INSTALL | Python 3.11 fast install path completed on a clean environment. | PASS |
| DOCKER BUILD (MAC) | Built on Docker Desktop for Mac after adding .venv/, venv/, env/, and ENV/ to .dockerignore. | PASS |
| DOCKER DEMO RUN | Containerized demo executed end to end as an unprivileged runtime user. | PASS |
| DOCKER TEST SUITE | pytest inside a python:3.11-slim container, package v1.0-QA10, July 2026: 83 passed, 1 skipped (environment-dependent) across 53 test functions; archive hash recorded in the internal QA log. Site claim pending external reproduction. | PASS |
| ALPHA DEMO | Real HTTP agent-to-proxy-to-tool governance: requests are gated by authority tier before any tool executes. | DEMO |
| MVP DEMO | Real MCP SDK governance with a human approval queue, RBAC-enabled localhost web UI, signed audit evidence, reviewer packet export, loopback latency measurement, and sustained concurrent-load testing. | DEMO |
| LEDGER VERIFICATION | Tamper detection distinguishes clean ledgers, forged records, and tail truncation on the checkpointed hash-chain. | PASS |
The public GitHub release is pending counsel review. The next step is a structured handoff to an external technical reviewer. Source access is by request only while counsel review is pending.
AUTHREX is a synthetic-data, defense-relevant AI governance and assurance research system. It is not an operational defense product, a deployed system, or an agency-validated technology. All results are from synthetic scenarios on self-generated test suites. No operational validation is claimed. No agency endorsement is claimed.
The current package demonstrates MCP-based agent tool governance, authority-tier enforcement, human approval gating with RBAC, signed policy loading, checkpointed audit evidence, reviewer report export, loopback latency measurement, sustained concurrent-load testing, resumable full validation, and internally tested ledger tamper detection in the stated package and test environment. The self-generated suite passes its full test set with zero unauthorized privileged executions in synthetic scenarios.
Source access is available only for structured external technical review while counsel review is pending. The review package is not publicly hosted. Qualified reviewers may request access directly.
authrex_kernel/ · tests/ (53 test functions) · harness/ · docs/EXTERNAL-REVIEWER-PACKET.md · demo_alpha.py · demo_mvp.py · Dockerfile · install.sh · VALIDATION-REPORT.md · CHANGELOG.md