IRIN · IRINITY / v2

Your agent said
it was done.
Who checked?

IRIN is a governance plane for AI agents. Deterministic watchers, a metering gateway, multi-model deliberation, and a signed, hash-chained record of every action — separated by design, so no single component can watch, decide, and act alone.

Below this line, thousands of events are drifting past. One of them matters. Scroll to follow it down.

descend
01Sentinel · Runtime altitude
Watch is cheap.

Sentinels are deterministic watchers — files, queues, feeds, ledger deltas. No model calls, no reasoning, a fire decision in under 100 ms. They watch, and they never speak.

When observed state crosses a declared line, a sentinel fires: an evidence-based escalation — facts only, no inference — recorded to a hash-chained fire log. That amber trace is one fire, leaving the noise.

discipline // watches · never speaks
02Gateway · The governed path
Nothing moves
ungoverned.

Every call crosses the Gateway. It routes the escalation, meters the spend against a hard budget, enforces policy, and correlates everything to a ledger. The fire that just passed is now inside innerway.comms.v0.1 — a versioned envelope with a TTL, a budget hint, and a reply address.

Most events never make it this far. That's the point: the gate earns the next tier its scarcity.

discipline // governs · every call
03Council · Deliberation altitude
Thought is rare.

The Council is where reasoning finally happens — multiple models deliberating under a chair, watched by its own sentinels: frame checks, flip-flop detection, budget pause, a convergence judge. Closed-loop triage is bounded at 120 seconds by default; War Room sessions you convene run on your clock. Time is money and both are deadlines.

The Council speaks, but it never acts. Its answer is a directive: a named job, a scope, a stop condition, and what must come back.

discipline // speaks · never acts
04Signed outbox · The record
Action is final.

The directive is canonicalized, then signed. RFC 8785 JCS bytes, an Ed25519 signature, a row in directive_outbox chained to every row before it. Not a dashboard claiming success — a verifiable artifact that does not trust anyone's self-report, including ours.

In v0.1 the signed record is the endpoint. Workers are ephemeral, budgeted, and killed at 30 minutes — and the first real run through this chain settled at $0.0079 under a $25 cap.

discipline // acts · never remains

Watch is cheap.

Thought is rare.

Action is final.

Each tier earns the next.

The signal reached the seal. One row now carries everything that mattered.
The sealed record — a hash-chained, Ed25519-signed directive_outbox row DIRECTIVE_OUTBOX #3f1a • 66s • $0.0079 PREV a3f9c1e2…9b2d CANONICAL (JCS) {"job":"act","scope":"…","stop":"…"} ED25519 7f3a…d9e1 ✓ origin
hover a region
This row is the durable artifact produced by one signal. Everything before it is summarized by hashes and the signature.
$ make verify  # no API keys · mock providers · isolated stack
✓ Ed25519-verified mock directive — 66s
The chain is the claim. Ed25519 + JCS. Hash-chained. localhost-only. Verify yourself.