OpenKedge: Governing Agentic Mutation with Execution-Bound Safety and Evidence Chains

Researchers Jun He and Deying Yu have introduced OpenKedge, a protocol that fundamentally rethinks how autonomous AI agents (systems that can take actions) execute changes in their environments. The core problem they address is that current API-centric architectures allow probabilistic AI systems to directly execute state mutations—like modifying databases or cloud infrastructure—without sufficient context, coordination, or safety guarantees. OpenKedge solves this by redefining mutation as a governed process rather than an immediate consequence of an API call.

Under the OpenKedge protocol, AI actors must first submit declarative intent proposals. These proposals are evaluated against the current system state, temporal signals, and policy constraints before any action is taken. Approved intents are then compiled into execution contracts that strictly bound the permitted actions, resource scope, and time window. Enforcement is handled via ephemeral, task-oriented identities, shifting safety from reactive filtering to preventative, execution-bound enforcement.

A crucial innovation is the Intent-to-Execution Evidence Chain (IEEC), which cryptographically links the original intent, the decision context, policy evaluations, execution bounds, and final outcomes into a unified, tamper-evident lineage. This transforms system mutations into verifiable and reconstructable processes, enabling deterministic auditability and reasoning about agent behavior after the fact.

The researchers evaluated OpenKedge across challenging scenarios including multi-agent conflict resolution and cloud infrastructure mutations. Results demonstrated that the protocol can deterministically arbitrate competing intents from different agents and effectively 'cage' unsafe execution attempts, all while maintaining high system throughput. This establishes a principled foundation for operating complex, agentic AI systems safely at scale.