OpenKedge
Open Protocol for Governed Mutation

The Governance Layer for AI-Driven Mutation

OpenKedge replaces direct API execution with intent-based governance — ensuring every mutation is validated, bounded, and explainable before it touches production state.

Read the PaperView on GitHub
Submitted to NeurIPS 2026Open SourceProtocol Specification
Intent
Context
Policy
Contract
Execution
Evidence
Problem

APIs Were Built for Software. Agents Are Not Software.

Traditional APIs assume the caller already knows what to do. AI agents are probabilistic — they operate under uncertainty, and direct execution turns uncertainty into production mutation.

Traditional API
Agent
API Call
Mutation

The caller decides what to do and the system executes blindly. No validation, no context, no governance — just direct mutation of production state.

OpenKedge Governance
Intent
Context
Policy
Contract
Execute

Every mutation is proposed as intent, validated against system context and policy, bounded by an execution contract, and recorded as a verifiable evidence chain.

Context Blindness

APIs accept parameters, not situational understanding. Agents can be locally plausible and globally wrong.

Multi-Agent Conflict

Multiple agents can mutate the same surface with incompatible assumptions and no shared governance.

Unsafe Mutation

Direct execution grants immediate power even when the action should have been blocked, delayed, or scoped down.

Lack of Traceability

Logs record what happened, not whether the mutation was justified, bounded, or decision-correct.

Architecture

A Mutation Pipeline Designed for Governance

OpenKedge routes every mutation through intent, context, policy, contracts, and evidence — so the system can reason about a change before infrastructure sees it.

OpenKedge Governed Mutation Pipeline
projectssignalsfeedsAgent / OperatorIntent ProposalGovernance LayerContext ExpansionPolicy EvaluationEnforcement LayerExecution ContractTask-OrientedIdentityExecutionTarget Systems /APIsEvidence Chain(IEEC)actor & actionpolicy traceboundsresults & timeDerived State StoreContext Signalsresource statusdependency mapshistorical aggregatesquotas
Pipeline Stages
01
Intent Proposal
Agents declare what they want to change — not which API to call.
02
Context Expansion
System state, dependencies, and trust signals are assembled before any decision.
03
Policy Evaluation
Intent is checked against governance rules, guardrails, and conflict resolution logic.
04
Execution Contract
A bounded contract defines the mutation surface, time scope, and permitted side effects.
05
Task-Oriented Identity
Scoped credentials are derived for the task — no ambient privilege.
06
Execution
Only the contract-approved mutation is performed. No expansion, no branching.
07
Evidence Chain (IEEC)
Every mutation is linked to its intent, context, decision, and proof — producing a verifiable lineage.
Primitives

Three Primitives That Change How Systems Accept Mutation

OpenKedge is not an API wrapper. It is a protocol layer with explicit governance primitives for how mutation enters a live system.

Intent-Governed Mutation

Mutation begins as intent, giving the system a chance to interpret purpose before touching production state.

Execution-Bound Contracts

Approved actions are narrowed to an explicit contract with constrained scope, identity, and duration.

Intent-to-Execution Evidence Chain

Every mutation carries a full lineage trail, making system decisions explainable long after the action has completed.

Real-World Example

Stopping a Destructive Action Before Blast Radius

An agent believes an EC2 instance is unused and attempts to terminate it. OpenKedge blocks the mutation before it crosses the execution boundary.

Traditional API Execution

Terminate instance now

Agent assumes the EC2 instance is idle and calls the termination API directly.

No dependency graph is consulted. No maintenance policy is evaluated. No bounded contract is produced.

Result: the instance disappears before the system realizes it was still serving a private queue consumer.

OpenKedge Governance

Reject mutation before blast radius

Intent is proposed: terminate an apparently unused instance. Context expansion discovers downstream workers and a live ASG dependency.

Policy rejects the mutation because the termination violates workload continuity requirements and no approved replacement contract exists.

Result: execution never happens, and the rejected mutation remains explainable through its evidence chain.

Research

OpenKedge: Governing Agentic Mutation with Execution-Bound Safety and Evidence Chains

The OpenKedge paper formalizes intent-governed mutation, execution-bound contracts, and the Intent-to-Execution Evidence Chain (IEEC) as the basis for safe agentic operation. It establishes a narrow decision boundary between probabilistic agents and deterministic systems.

Submitted to NeurIPS 2026
Open Source
Download PDFView on arXiv
openkedge-protocol.pdf
Abstract
§1. Introduction
Developers

Start Building with OpenKedge

The reference implementation is designed for engineers who need real governance around mutation — not a marketing demo.

1. Read the protocol

Start with the concepts and architecture docs to understand intent, contracts, and IEEC.

2. Clone GitHub

Pull the reference packages, inspect the reducer and policy engine, and follow the examples.

3. Run the example

Propose a mutation, evaluate it against policy, and inspect the resulting lineage.

Example
Clone GitHub
import { createProposal, evaluateProposal } from "@openkedge/sdk-js";

const proposal = createProposal({
  actor: "agent.ops.autoscaler",
  target: "aws:ec2:i-0ab1cdef23456789",
  intent: "terminate_instance",
  desiredOutcome: "remove_unused_capacity",
});

const decision = await evaluateProposal(proposal);

if (decision.status === "approved") {
  await decision.execute();
}

The correctness of agents is secondary.
The correctness of the system governing them is primary.

Star on GitHubRead the Docs