YEBO
Create Free

If an action cannot be authorized, it cannot execute.

Yebo implements fail-closed execution control for AI agents. Every action passes through device identity, mandate validation, and enforcement verification before anything runs. There are no bypass paths.

Three Interdependent Layers

Identity alone is not enough. Communication alone is not enough. Execution only happens after mandate validation and authorized proof.

🔏
LAYER 01

Device-Bound Identity

Identity is anchored to hardware, not passwords or tokens. A cryptographic keypair is generated inside the device's secure hardware module. The private key never leaves the chip. Not even Yebo can extract it. Your identity is derived from your public key and verified biometrically every time you authorize.

  • Hardware-bound cryptographic identity
  • Biometric-gated signing
  • Private key never leaves the device
📝
LAYER 02

Mandates

Not a permission. A deterministic, immutable authorization contract. Each mandate specifies exactly what action is authorized, for how much, with whom, under which policy, within a strict time window. Once sealed, a mandate cannot be modified. Any change requires a new mandate. The same inputs always produce the same mandate hash.

  • Immutable once created
  • Policy-embedded and time-bound
  • Replay-resistant by design
LAYER 03

Proof of Authorized Intent

The cryptographic proof that a specific human approved a specific action on a specific device. The proof is bound to the mandate, signed inside the device's secure hardware, and valid for a single use within a limited time window. It cannot be forged, replayed, or transferred.

  • Hardware-signed authorization proof
  • Single-use and time-limited
  • Bound to the exact mandate
🛡️ Non-Bypassable Enforcement

Sentinel

The mandatory verification gate between authorization and execution. Every action must pass through Sentinel. There are no exceptions, no overrides, and no configuration options that can disable it.

Authorization proof is valid and hardware-signed
Mandate has not expired
Request has not been replayed
Policy is current and matches the mandate
Action is within authorized scope
Amount is within policy limits

FAIL-CLOSED ENFORCEMENT

If any single verification fails, the entire execution is blocked.

Every decision is logged. Every block is auditable. There is no silent failure mode.

📡

Signed Transport

Every message in the Yebo protocol is wrapped in a signed envelope with sender identity, recipient identity, and replay protection. Messages cannot be forged, replayed, or tampered with in transit.

The transport layer supports the full authorization lifecycle from intent submission through execution receipt delivery.

WHAT CANNOT HAPPEN

  • An agent cannot forge an authorization
  • A mandate cannot be modified after creation
  • A proof cannot be reused or transferred
  • An action cannot bypass Sentinel verification
  • An execution cannot proceed without valid proof
  • An audit record cannot be altered or deleted

Yebo replaces trust with enforceable authority.

Request Technical Briefing