Open framework Control plane Evidence + replay

Deterministic Agent Runtime Environment (DARE)

DARE is a control-plane framework for trustworthy AI agents. It defines enforceable tool and memory boundaries, interoperable contracts, conformance checks, and evidence-first operations.

Read the Spec (HTML) Download PDF GitHub
Core invariant

Agent runtimes never call tools or memory directly. All side effects traverse enforcement points that emit verifiable evidence.

Adoption model

Start bounded. Add contracts + conformance. Increase autonomy only when evidence and controls pass.

Vendor-neutral

Cloud-portable patterns with AWS/Azure/GCP quickstarts and minimal interop schemas.

What DARE is (and isn’t)

DARE is
  • A control-plane pattern for tool and memory governance
  • A set of contracts (schemas) for interoperability
  • A control catalog + minimum controls by tier
  • Conformance checks with expected evidence
DARE is not
  • A model, agent SDK, or prompt library
  • A vendor product or hosted service
  • A compliance certification
  • A replacement for cloud security fundamentals

Use cases

View detailed use cases
Financial operations & approvals
Signed actions, hard policy limits, and HITL thresholds for refunds, transfers, and financial record updates.
Infrastructure automation (DevOps)
Short-lived workload identity, replayable change traces, and orchestration backpressure to control blast radius.
Customer support (Safe RAG)
Treat retrieved content as untrusted, normalize inputs, and enforce retrieval-time ACLs to prevent injection and cross-tenant leakage.
External communications (irreversible writes)
Domain allowlists, circuit breakers, and approval gates for email/CMS publishing where errors can’t be rolled back.

Who should use DARE

Cloud & Platform Architects
Define boundaries, service placement, and cloud-portable reference implementations.
Security Engineering
Policy-as-code, identity, evidence integrity, and bypass prevention.
GRC & Audit
Evidence pack, retention posture, standard mappings (informative).

Start here

  1. Read the Spec for contracts, conformance, and minimum controls.
  2. Deploy bounded tier with gateway/firewall enforcement and evidence wiring.
  3. Run conformance and increase autonomy only after must-pass checks succeed.