The Architecture

Sequence Authorization,
Not Action Permission

Kuriom governs what the AI agent is about to do — as a complete sequence — before any action executes. Not after. Not during. Before.

Three Moments

Governance happens at the right moment
or it does not happen at all.

T — 1

Before Execution

The Sequence Authorization Unit evaluates the complete intended sequence against the validated organizational knowledge foundation. All five conditions are evaluated. The evaluation is deterministic and binary: authorized or withheld.

Kuriom operates here
T — 2

During Execution

The authorization record governs the execution layer. The governance token issued before execution is the mandate under which the sequence executes. Any deviation is detected and recorded.

Kuriom operates here
T + 1

After Execution

Runtime monitoring and post-hoc logging. Necessary for forensics. Not sufficient for governance. By the time an anomaly is detected, the consequential action has already occurred.

Where most tools operate
The Five Conditions

Every sequence is evaluated against
five governance conditions.

No sequence is authorized unless all five conditions are satisfied. No positive signal in one condition compensates for a failure in another. The evaluation is non-compensatory.

C1

Knowledge Completeness

The organizational knowledge foundation contains sufficient validated knowledge to evaluate this sequence. An incomplete knowledge foundation cannot authorize.

C2

Knowledge Currency

The knowledge nodes relevant to this sequence are current — within their validated currency interval. Stale knowledge cannot authorize. When knowledge drifts, the authorization layer detects it before any sequence executes.

C3

Knowledge Provenance

The instruction sources informing this sequence are validated and registered. An unvalidated source in the context window is an anomaly — detected and surfaced before execution.

C4

Pathway Authorization

The agent proposing this sequence is operating within its authorized pathway. Agent identity and pathway are verified cryptographically before any sequence is evaluated.

C5

Constitutional Compliance

The proposed sequence does not cross any organizational constitutional prohibition. Prohibitions are evaluated first. No compensating condition overrides a prohibition.

The Authorization Record

The record exists before
any action executes.

When all five conditions are satisfied, a cryptographically signed authorization record is produced. It contains the authorized sequence, the knowledge foundation state at the time of evaluation, and the governance conditions applied.


This record is written to an immutable governance ledger before any action executes. It is independently verifiable — without the controller's cooperation. A regulator, auditor, or counterparty can verify the record without contacting Kuriom or the deploying organization.


When execution completes, the post-execution evidence is paired with the pre-execution authorization in the same ledger entry. The pre-execution authorization and the post-execution evidence form a single, tamper-evident governance record.

Authorization Record
sequence_hash Authorized sequence · cryptographically bound
knowledge_state Versioned foundation at evaluation time
conditions_evaluated C1 · C2 · C3 · C4 · C5 · all satisfied
issued_at Before first action executes
ledger_anchor Immutable · independently verifiable
Paired at close Execution evidence · sequence match verified
Deployment

Three entry points.
One governance architecture.

Learning Mode

For complex, consequential use cases with no existing governance baseline. Kuriom observes, flags, and routes — building the organizational knowledge foundation before enforcement begins. Required where the governance baseline must be established from the ground up.

Most Common

Accelerated Learning Mode

For organizations with existing knowledge infrastructure — GRC platforms, data catalogs, policy systems. Kuriom ingests the existing foundation and compresses calibration from months to weeks. The existing governance work is not discarded. It is operationalized.

Direct Enforcement Mode

For narrow, well-defined domains with reversible actions or where constitutional prohibitions are the primary governance requirement. Enforcement begins immediately from a validated baseline.

Kuriom is AI-model agnostic and has no commercial agreements with any AI vendor. The architecture operates above the model layer — governing the sequence of actions any AI agent proposes, regardless of which model produces them.

The Architecture

Sequence Authorization,
Not Action Permission

Kuriom governs what the AI agent is about to do — as a complete sequence — before any action executes. Not after. Not during. Before.

Three Moments

Governance happens at the right moment
or it does not happen at all.

T — 1

Before Execution

The Sequence Authorization Unit evaluates the complete intended sequence against the validated organizational knowledge foundation. All five conditions are evaluated. The evaluation is deterministic and binary: authorized or withheld.

Kuriom operates here
T — 2

During Execution

The authorization record governs the execution layer. The governance token issued before execution is the mandate under which the sequence executes. Any deviation is detected and recorded.

Kuriom operates here
T + 1

After Execution

Runtime monitoring and post-hoc logging. Necessary for forensics. Not sufficient for governance. By the time an anomaly is detected, the consequential action has already occurred.

Where most tools operate
The Five Conditions

Every sequence is evaluated against
five governance conditions.

No sequence is authorized unless all five conditions are satisfied. No positive signal in one condition compensates for a failure in another. The evaluation is non-compensatory.

C1

Knowledge Completeness

The organizational knowledge foundation contains sufficient validated knowledge to evaluate this sequence. An incomplete knowledge foundation cannot authorize.

C2

Knowledge Currency

The knowledge nodes relevant to this sequence are current — within their validated currency interval. Stale knowledge cannot authorize. When knowledge drifts, the authorization layer detects it before any sequence executes.

C3

Knowledge Provenance

The instruction sources informing this sequence are validated and registered. An unvalidated source in the context window is an anomaly — detected and surfaced before execution.

C4

Pathway Authorization

The agent proposing this sequence is operating within its authorized pathway. Agent identity and pathway are verified cryptographically before any sequence is evaluated.

C5

Constitutional Compliance

The proposed sequence does not cross any organizational constitutional prohibition. Prohibitions are evaluated first. No compensating condition overrides a prohibition.

The Authorization Record

The record exists before
any action executes.

When all five conditions are satisfied, a cryptographically signed authorization record is produced. It contains the authorized sequence, the knowledge foundation state at the time of evaluation, and the governance conditions applied.


This record is written to an immutable governance ledger before any action executes. It is independently verifiable — without the controller's cooperation. A regulator, auditor, or counterparty can verify the record without contacting Kuriom or the deploying organization.


When execution completes, the post-execution evidence is paired with the pre-execution authorization in the same ledger entry. The pre-execution authorization and the post-execution evidence form a single, tamper-evident governance record.

Authorization Record
sequence_hash Authorized sequence · cryptographically bound
knowledge_state Versioned foundation at evaluation time
conditions_evaluated C1 · C2 · C3 · C4 · C5 · all satisfied
issued_at Before first action executes
ledger_anchor Immutable · independently verifiable
Paired at close Execution evidence · sequence match verified
Deployment

Three entry points.
One governance architecture.

Learning Mode

For complex, consequential use cases with no existing governance baseline. Kuriom observes, flags, and routes — building the organizational knowledge foundation before enforcement begins. Required where the governance baseline must be established from the ground up.

Most Common

Accelerated Learning Mode

For organizations with existing knowledge infrastructure — GRC platforms, data catalogs, policy systems. Kuriom ingests the existing foundation and compresses calibration from months to weeks. The existing governance work is not discarded. It is operationalized.

Direct Enforcement Mode

For narrow, well-defined domains with reversible actions or where constitutional prohibitions are the primary governance requirement. Enforcement begins immediately from a validated baseline.

Kuriom is AI-model agnostic and has no commercial agreements with any AI vendor. The architecture operates above the model layer — governing the sequence of actions any AI agent proposes, regardless of which model produces them.