Runtime Trust Infrastructure

The runtime trust layer for AI agents

Authorize agent actions before execution. Verify outcomes after. No LLM-as-judge.

What happens on every action

Intercept → Authorize (policy check / mandate) → Execute → Verify (deterministic check). The sidecar gates or executes the command—enforcement is a hard boundary, not best-effort.

1

Interception

The Predicate SDK (e.g., predicate-claw) pauses the tool call before execution.

2

Authorization

The sidecar checks intent against policy. If safe, it issues a cryptographic mandate (a "Work Visa").

3

Execution

The mandate is passed to the OS or backend API to perform the action.

4

Verification

The Snapshot Engine verifies the new state (e.g., terminal output matches, DOM updated correctly).

Policy and verification examples: Writing Policies, Verifications.

What we solve

  • Before execution: Block actions that don't match policy (prompt injection, wrong resource).
  • After execution: Prove the outcome (URL, DOM, state) with assertions—no LLM-as-judge.

We do this with a secure wrapper (predicate-secure), an authorization sidecar (Predicate Authority), and a verification engine (Predicate Runtime).

Predicate Secure

The Wrapper

Drop-in security for your agent. Learn more →

Predicate Authority

Pre-Execution

Policy check, mandate, sidecar. Learn more →

Predicate Runtime

Post-Execution

Snapshots, assertions, traces. Learn more →

Where Predicate Fits

AI agents gained reasoning before they gained trust infrastructure. Predicate is the missing layer between your agent framework and the execution target.

1

Agent Framework

Planner/executor: OpenClaw, LangChain, PydanticAI, custom

2

Predicate Systems

Secure wrapper + Authority sidecar + Runtime verification

3

Execution Target

Browser (Playwright), Terminal (Bash), APIs, or custom backends

Try It Live

See authorization and verification in action.

Explore interactive SDK examples or test the API directly with real automation scenarios.

Apply a permission policy, run agent steps with lifecycle hooks, trace tool calls, and verify a real download deterministically.

1# Verification-first runtime demo (Agent acts; Predicate asserts)
2from sentience import SentienceBrowser, PermissionPolicy, SentienceAgent
3from sentience.llm_provider import OpenAIProvider
4from sentience.agent_runtime import AgentRuntime
5from sentience.tools import ToolRegistry, ToolContext, register_default_tools
6from sentience.verification import exists, download_completed
7from sentience.tracing import Tracer, JsonlTraceSink
8
9# Tracing (local JSONL; upload optional)
10tracer = Tracer(run_id="demo-run", sink=JsonlTraceSink("trace.jsonl"))
11
12# Startup permission policy avoids non-DOM browser permission bubbles
13policy = PermissionPolicy(
14    default="clear",
15    auto_grant=["geolocation"],
16    geolocation={"latitude": 37.7749, "longitude": -122.4194},
17)
18
19browser = SentienceBrowser(
20    api_key="sk_live_...",
21    allowed_domains=["example.com"],
22    permission_policy=policy,
23)
24browser.start()
25
26llm = OpenAIProvider(api_key="sk_openai_...", model="gpt-4o-mini")
27agent = SentienceAgent(browser, llm, tracer=tracer)
28runtime = AgentRuntime(browser, browser.page, tracer)
29
30# Typed, traceable tools (includes evaluate_js + permission tools)
31registry = ToolRegistry()
32register_default_tools(registry, runtime)
33ctx = ToolContext(runtime)
34
35def on_start(ctx): print("hook start:", ctx.goal)
36def on_end(ctx): print("hook end:", ctx.success, ctx.outcome)
37
38browser.page.goto("https://example.com/billing")
39
40# Small introspection (bounded output; no DOM dump)
41title = await registry.execute("evaluate_js", {"code": "document.title"}, ctx=ctx)
42
43# Act with lifecycle hooks
44agent.act("Sign in if needed", on_step_start=on_start, on_step_end=on_end)
45
46# Verify + download (assert what happened, not what you hope happened)
47runtime.begin_step("Download invoice and verify")
48await runtime.snapshot(limit=60)
49runtime.assert_(exists("role=button text~'Download invoice'"), "has_download_button", required=True)
50
51agent.act("Click 'Download invoice PDF'", on_step_start=on_start, on_step_end=on_end)
52
53await runtime.snapshot()
54await runtime.check(download_completed("invoice"), label="invoice_downloaded", required=True).eventually(timeout_s=10)
55
56print("PASS ✓ invoice_downloaded")
57await tracer.close(upload=False)
58browser.close()

✓ Jest-Style Assertions

Verify outcomes deterministically — assert what happened, not what you hope happened

📸 Stability-Aware Snapshots

Rendered DOM after hydration with confidence scoring — enables deterministic verification

↻ Bounded Retries

Retry verification (not actions) with confidence gating — explainable failures with reason codes

Let your agent think freely. Just don't let it act freely.

Predicate Systems focuses on runtime trust and verification. Browser runtimes and navigation engines are intentionally decoupled.