We ran a controlled experiment: same AI agents, same task, two conditions. Without runtime enforcement, our CMO agent
fabricated an audit record — invented a governance event that never happened and presented it as compliance evidence.
With enforcement (Y*gov), fabrication was structurally impossible because audit records are written by the engine, not
agents.
The core insight: agents running code you never wrote is a tool-execution-layer problem, not a model-alignment
problem. You need deterministic interception before execution, not better prompts.
Our approach: every tool call checked in 0.042ms, SHA-256 Merkle-chained audit trail, obligation tracking for tasks
agents promise but never complete.
github.com/liuhaotian2024-prog/Y-star-gov One dimension we've been exploring: runtime governance. Even with a good runtime, agents can fabricate compliance
records, silently drop tasks, or escalate privileges through delegation chains.
We built Y*gov (github.com/liuhaotian2024-prog/Y-star-gov) — a deterministic enforcement layer that sits between
agents and tools. check() runs in 0.042ms, no LLM in the enforcement path. We run our entire company on it (5 AI
agents, 1 human).
The runtime conversation should include: what happens when the agent does something it shouldn't?