Demos

Predicate Systems Demos

Two SDKs to secure AI agent loops: Predicate Authority for pre-execution authorization, and Predicate Runtime for post-execution verification. Keep your agents deterministic and safe.

Demos

Pre-Execution Authorization in Action

See how Predicate Authority blocks unauthorized actions at runtime—before they execute.

Zero-Trust OpenClaw Agent Loop
Pre-execution gate blocks unauthorized writes • Post-execution predicates verify DOM state • Cloud tracing with screenshots
Rust Sidecar (<25ms)
Deterministic Assertions
90-99% Token Savings
┌───────────────┐    ┌─────────────────┐    ┌───────────────────────┐
│   LLM/Agent   │───▶│ PRE-EXECUTION   │───▶│ POST-EXECUTION        │
│   (Claude)    │    │ GATE (Sidecar)  │    │ VERIFICATION (SDK)    │
└───────────────┘    │ ALLOW / DENY    │    │ PASS / FAIL           │
                     └─────────────────┘    └───────────────────────┘
LangGraph Poisoned EscalationNEW
Chain Delegation blocks confused deputy attacks • Prompt injection in multi-agent LangGraph pipeline • Privilege escalation prevention
Prompt Injection Defense
Chain Delegation
<1ms Validation
LangGraph Poisoned Escalation Demo
┌─────────────────┐                    ┌──────────────────┐
│  Intake Agent   │   POST /v1/delegate│  Rust Sidecar    │
│  (compromised)  │ ──────────────────▶│                  │
│                 │                    │  Chain Delegation│
│  mandate: m_001 │ ◀──────────────────│  Evaluation      │
│  fs.read:/inbox │   { allowed: false │                  │
└─────────────────┘     reason: "scope │  ┌────────────┐  │
                        exceeds_parent"}│  │ policy.yaml│  │
        ╳                              │  └────────────┘  │
        │ BLOCKED                      └──────────────────┘
        ▼
┌─────────────────┐
│  HR Admin Agent │  Never receives
│  (never called) │  a valid mandate
└─────────────────┘

More Authorization Demos

Predicate-Authority: zero-trust runtime authorization to protect AI agents from prompt injection and unauthorized tool calls before execution.

Temporal.io Integration
Protect Temporal agentic workflows with pre-execution authorization
OpenClaw Pre-Execution Gate
Secure OpenClaw agents with policy-based tool authorization

Browser Agent Demos

Reproducible browser agent demos using structure-first snapshots and Jest-style assertions.

Hacker News

"Open the top Show HN post"

Demonstrates ordinal reasoning ("first", "top") using semantic geometry. The agent identifies ranked items without screenshots.

What it proves
Ordinality~50% token savingsNo vision
Get code on GitHub

Local Llama Land

"SPA login + profile verification"

Handles async hydration, disabled-to-enabled buttons, and profile loading on a modern Next.js SPA. No sleeps or magic waits.

What it proves
AssertionsNo sleepsState-aware
Get code on GitHub

Amazon

"Search → open result → add to cart"

JS-heavy stress test on a real production site. Multi-step shopping flow with noisy DOM and frequent layout changes.

What it proves
Stress testVision optional~5.5k tokens total
Get code on GitHub

More demos in the playground

Browser-use Integration
Add machine-verifiable assertions to keep agent deterministic
LangChain Integration
Add per-step verification to LangChain Agent
LangChain demo: step verification screenshot
Google Search
Search + result navigation
Multi-step Form with Validation
Multiple steps + validation
Login Form
Login form with profile check (redaction)
~50% fewer tokens per step3B local models viableAssertions replace retries

Run the demos yourself

All demos are fully reproducible. Clone the playground, run with Qwen 2.5 3B (or any local model), and see structure-first agents in action.

Demo SPA: localllamaland.com