Project 01
Elorynv0.25.3
Morality is not a speech. It is a switch statement.
The Problem
The Illusion of Prompt Safety
AI agents are gaining unprecedented autonomy, integrating directly into enterprise databases, payment gateways, and core infrastructure. Yet, the safety mechanisms guarding these systems are still primarily just system prompts.
A system prompt is essentially a speech explaining to the AI why doing bad things is wrong. In an enterprise environment facing adversarial prompt injection and zero-day vulnerabilities, a speech is unacceptable. A speech can be argued with.
Physics cannot be argued with.
The Solution
Typed Policy + Sandbox Toolkit
Eloryn provides an enterprise-secure agent toolkit that compiles morality and policy directly into WASM sandboxes, Zod schemas, and Biscuit Datalog rules.
It is a deterministic governance architecture where an LLM is allowed to execute only what the cryptographic trust chain explicitly permits, only within a capability-scoped runtime, and only after a Constitutional Supervisor co-signs the intent.
If the LLM generates a malicious payload, the execution fails at the cryptographic or hardware layer — completely independent of the model's reasoning capabilities.
Architecture
The 5-Layer Guardian Stack
Identity
Biscuit tokens with Ed25519 signatures and Datalog attenuation rules. Sub-agents are mathematically provable subsets of their parent's authority.
Cage
Each agent action runs in a Wasmtime sandbox with deny-all defaults. Only the exact capabilities required for the intent hash are provisioned.
Semantic Firewall
A Rust hyper proxy that canonicalizes Unicode, scans for canary tokens, sanitizes content, and evaluates semantic risk.
Supervisor
Every agent action is evaluated against Ternary Moral Logic rules and co-signed via gRPC before execution.
Circuit Breaker
Health-score-based anomaly detection protecting the chain. Drop below threshold and the system terminates the process.
Logic Engine
Ternary Moral Logic
Traditional authorization systems are binary: allow or deny. AI operations often encounter edge cases that require human context. Eloryn introduces a four-state outcome model.
Every proposed tool call is evaluated by the Constitutional Supervisor against the organization's policies, resulting in one of these deterministic states.
Permit
Action passes all cryptographic and semantic checks. Authorized to execute.
Sacred Pause
Insufficient context or ambiguous intent. Action is held for human review.
Prohibit
Action violates policy constraints. Hard blocked.
Terminate
Action is flagged and violates compliance posture while in process. Process is terminated.
Privacy Engineering
Multi-Jurisdictional Privacy Governance
Privacy laws are not checkboxes — they are interface contracts compiled directly into the governance pipeline. Eloryn enforces compliance at the code level across five major jurisdictions.
🇨🇦 Canada
PIPEDA · Quebec Law 25
Granular boolean consent masks per data purpose. Automated PII incident reporting to the CAI for Quebec Law 25 violations.
🇪🇺 European Union
GDPR · EU AI Act
Article 17 cascading deletes across vector databases and semantic caches. Mandatory Art. 22 override halts for automated biometric processing.
🇺🇸 United States
CCPA / CPRA
Global DoNotProfile token strips RAG historical data from the agent context. Machine-readable CCPA data export endpoint.
🇬🇧 United Kingdom
UK GDPR · DPA 2018
Mandatory lawful_basis enum on every data schema. Missing basis triggers a compile-time error — not a runtime warning.
🇦🇺 Australia
Privacy Act 1988 · APPs
SPIFFE/SVID identity-based data sandboxing by organizational unit. NDB-formatted audit logs for breach reporting.
🌐 Cross-Jurisdictional
ComplianceContext
Every ActionPayload carries jurisdictions in scope, lawful basis, data categories, and consent state as typed fields — not metadata.
Security
Advanced Threat Defense
Beyond basic input filtering — state-of-the-art agentic defense mechanisms compiled into the runtime.
Unicode Canonicalization
Attackers use Cyrillic/homoglyph lookalikes to bypass regex filters. All input passes through NFKC normalization before processing. System commands enforce strict ASCII-only policies.
Archon Pattern
Untrusted data (web pages, vendor emails) is never fed to the main agent. A lightweight "Archon" model runs in a separate WASM sandbox with a single instruction: extract facts as JSON, ignore all other instructions.
Canary Token Detection
Invisible UUID canary tokens are injected into SOUL.md and config files. If any canary appears in outbound traffic, the agent is frozen, context is assumed compromised, and all cryptographic keys are rotated.
JSON Smuggling Defense
LLM tool call outputs are never parsed with JSON.parse() alone. Strict Zod schemas with strip: true reject any unrecognized keys. Unknown fields trigger an immediate SacredPause.
Status
Development Trajectory
Completed
- Identity Package (Biscuit Ed25519)
- WASM Sandbox Runtime
- TML Engine + 5-Gate Pipeline
- Multi-Jurisdiction Compliance (CA·US·UK·AU·NZ·EU)
- Tamper-Evident Audit Database (PostgreSQL)
- Human-in-the-Loop Review & Escalation
- Next.js 16 Governance Dashboard
- Live environment on eloryn.io (v0.25.3)
Pending
- Live agent → tool / agent → LLM traffic interception (post-demo)
- FIDO2 / WebAuthn hardware-key auth
- OpenTelemetry (OTel) span trees
Tech Stack
Engineering
Canadian Sovereign AI
Eloryn is architected with strict alignment to the Government of Canada's AI policies, including AIDA (Artificial Intelligence and Data Act), PIPEDA, and the Directive on Automated Decision-Making (DADM). The platform supports on-premise, air-gapped deployments for complete data sovereignty.
Eloryn
Explore the Governance Center
The Eloryn dashboard is live at eloryn.io. It visualizes the Ternary Moral Logic decision engine, multi-jurisdiction compliance, human-in-the-loop review, and the tamper-evident audit trail across the agent runtime.
View Live Dashboard