The proof is
working evidence, not a brochure.
Every meaningful action a coding agent attempts inside Constraint Native is brokered by policy and signed into a chain. This page presents the current sample artifact — the same shape grant reviewers, funders, and technical evaluators can evaluate against, with a fresh export available on request.
Bridge note: This is not the Golem research claim itself; it is the governed-action proof surface that carries Golem's verification discipline into agent work.
Current artifact: deterministic demo sample. Next milestone: fresh live macOS-alpha proof export. Same artifact shape; refreshed hashes and session data.
Eleven events.
One ed25519 chain.
The shape comes from the deterministic Agent Firewall demo. The numbers are exact for this sample. They will refresh when a fresh scoped macOS-alpha session is exported.
The full sample chain.
Each row is one signed event from the sample JSON. The chain is verifiable offline from the JSON artifact. A fresh macOS-alpha export will replace these sample hashes with refreshed session data.
Three files, one packet.
The proof package is intentionally small. A signed event log, a bounded blast-radius report, and a replay-audit walkthrough. Anything else a reviewer needs we can produce on request.
sample-proof-path.json
Eleven events, schema versioned, hash-chained. Includes governed-boundary metadata and explicit non-claims.
Open file → MD · blast-radiussample-blast-radius.md
What did the session actually touch? Files read, files denied, network attempts, secrets exposure. Bounded claims only.
Open file → MD · replaysample-replay-audit.md
How a reviewer walks the chain offline: signature verify, event reconstruction, decision reproduction.
Open file →How funders read this proof.
The same artifact answers different questions for different readers. Grant reviewers look at discipline and replicability. Lenders look at concrete outputs and runway use. Strategic backers connect Golem's research depth to Constraint Native's commercial surface. Security advisors look at scope and non-claims. The artifact is built to read clearly to all four.
Grant evidence
Bounded claims, signed events, replay audit. The artifact answers "is the work real and reproducible?" without asking the reviewer to install anything.
Product proof
The same event log demonstrates the commercial bridge: governed action on real workspaces, default-deny boundary, canary-secret containment, human approval gate, signed audit trail.
Security-review artifact
Threat-model surface, non-claims, deny-by-default discipline. A reviewer can pressure-test the boundary without us shipping a black-box appliance.
Note on freshness. The current sample is the deterministic-demo artifact, not a completed live external audit. A fresh proof refresh — exported from a live macOS-alpha session — is part of the 0–30 day funding milestone. The shape will not change; the hashes and session data will.
What this proof package is not.
Stated explicitly so reviewers do not have to read between lines. These are the boundaries the artifact deliberately keeps.
Not in scope
- Not compliance certification (SOC 2, FedRAMP, HIPAA, ISO, etc.)
- Not full endpoint isolation or sandbox containment
- Not perfect prompt-injection prevention
- Not complete agent-client coverage — alpha is macOS, single workspace
- Not a replacement for IAM, EDR, DLP, secure code review, or human judgment
- Not peer-reviewed or third-party-audited yet — external review is part of the grant / bridge plan
Generate the bridge-ready
proof export.
The next funding milestone is a current macOS-alpha export: signed proof path, blast-radius report, replay audit, and a short walkthrough sized for grant, fellowship, and security review.