YeboYebo
Start Building

If an action cannot be authorized, it cannot execute.

Yebo implements fail-closed execution control for AI agents. Every action passes through device identity, mandate validation, and enforcement verification before anything runs. There are no bypass paths.

Three Interdependent Layers

Identity alone is not enough. Communication alone is not enough. Execution only happens after mandate validation and authorized proof.

๐Ÿ”
LAYER 01

Device-Bound Identity

Identity is anchored to hardware, not passwords or tokens. A cryptographic keypair is generated inside the device's secure hardware module. The private key never leaves the chip. Not even Yebo can extract it. Your identity is derived from your public key and verified biometrically every time you authorize.

  • Hardware-bound cryptographic identity
  • Biometric-gated signing
  • Private key never leaves the device
๐Ÿ“
LAYER 02

Mandates

Not a permission. A deterministic, immutable authorization contract. Each mandate specifies exactly what action is authorized, for how much, with whom, under which policy, within a strict time window. Once sealed, a mandate cannot be modified. Any change requires a new mandate. The same inputs always produce the same mandate hash.

  • Immutable once created
  • Policy-embedded and time-bound
  • Replay-resistant by design
โœ…
LAYER 03

Proof of Authorized Intent

The cryptographic proof that a specific human approved a specific action on a specific device. The proof is bound to the mandate, signed inside the device's secure hardware, and valid for a single use within a limited time window. It cannot be forged, replayed, or transferred.

  • Hardware-signed authorization proof
  • Single-use and time-limited
  • Bound to the exact mandate
๐Ÿ›ก๏ธ Non-Bypassable Enforcement

Sentinel

The mandatory verification gate between authorization and execution. Every action must pass through Sentinel. There are no exceptions, no overrides, and no configuration options that can disable it.

โœ“Authorization proof is valid and hardware-signed
โœ“Mandate has not expired
โœ“Request has not been replayed
โœ“Policy is current and matches the mandate
โœ“Action is within authorized scope
โœ“Amount is within policy limits

FAIL-CLOSED ENFORCEMENT

If any single verification fails, the entire execution is blocked.

Every decision is logged. Every block is auditable. There is no silent failure mode.

๐Ÿ“ก

Signed Transport

Every message in the Yebo protocol is wrapped in a signed envelope with sender identity, recipient identity, and replay protection. Messages cannot be forged, replayed, or tampered with in transit.

The transport layer supports the full authorization lifecycle from intent submission through execution receipt delivery.

WHAT CANNOT HAPPEN

  • โœ—An agent cannot forge an authorization
  • โœ—A mandate cannot be modified after creation
  • โœ—A proof cannot be reused or transferred
  • โœ—An action cannot bypass Sentinel verification
  • โœ—An execution cannot proceed without valid proof
  • โœ—An audit record cannot be altered or deleted

Yebo replaces trust with enforceable authority.

Request Technical Briefing