Technology

The judge does not sit inside the game.

Celestial State separates where an agent runs from where it is governed. The agent runs on CPU, GPU, containers, or Kubernetes. The governance layer runs lower — in or beside a hardware component the agent cannot switch off, forge, or bypass.

Two Planes

A control plane in software, an enforcement plane in hardware.

Celestial State is not another agent-security SDK that shares the agent's trust boundary. It is an infrastructure boundary — like a firewall or a storage controller, but built for a world where the user is an autonomous agent with an identity, a mission, a history, permissions, and a trust score.

Software

Control Plane

Manages identities, policy, permissions, trust scores, and audit. Runs as ordinary software.

  • Agent Registry
  • Passport Issuer
  • Policy Builder
  • Trust Score Engine
  • Audit Dashboard & API

Hardware-anchored

Enforcement Plane

Checks, enforces, blocks, and signs actions in real time — outside the agent's trust boundary.

  • Passport Verifier
  • Policy Decision Point
  • Policy Enforcement Point
  • Decision Signer
  • Behavioral Ledger Writer

The Wedge

Identity, policy, signed history, and trust.

The first product wedge proves the governance mechanism on a realistic infrastructure-agent workflow.

Agent Passport

Agent ID, responsible principal, declared purpose, model fingerprint, active licenses, trust score, training lineage, and health indicators — signed by the substrate, not the agent.

Policy Enforcement

Every sensitive operation is checked before execution. Decisions can allow, deny, log, suspend, or require review.

Signed Behavioral History

Every governed action produces an audit record with identity, operation, decision, timestamp, context, and a signature or hash-chain reference.

Action Flow

Every sensitive action, checked at the boundary.

From the moment an agent requests an action to the moment it touches data, the request passes through a single enforcement boundary that produces a signed, non-forgeable verdict.

ALLOWDENYLOGSUSPENDREVIEW

  1. 01

    Agent requests an action

    Delete a dataset, move an object, call an API, run a pipeline.

  2. 02

    Request carries its passport

    Agent ID, responsible principal, declared purpose, license set, current trust score.

  3. 03

    Reaches the enforcement boundary

    A software gateway today; a DPU, SmartNIC, or storage controller in the target architecture.

  4. 04

    Context is evaluated

    Identity, license, resource, environment, declared purpose, and risk are checked together.

  5. 05

    A verdict is produced and signed

    Signed by a hardware-rooted key the agent cannot reach — a non-forgeable audit proof.

  6. 06

    Only approved actions continue

    Authorized actions reach data, storage, API, or network. Everything else is stopped or escalated.

Hardware Substrate

Where enforcement is anchored.

The enforcement plane is designed to run outside the agent's trust boundary. Several infrastructure components can host it — each suited to a different deployment. A GPU runs the agent's thinking; the enforcement point sits around network, storage, API, and the control plane.

DPU

A data-processing unit has its own cores, memory, crypto engines, and isolation from the host — the natural home for the enforcement logic. Target substrate.

SuperNIC / SmartNIC

An ultra-fast network datapath, ideal for high-speed interception and telemetry between GPU servers, agents, and data services.

Storage Controller

Enforcement inside the data platform itself — answering whether an agent may read, write, delete, tier, or replicate a specific object right now.

Secure Enclave / TEE

A root of trust for signing keys, attestation, and signed verdicts. A strong intermediate step, closer to availability than a full DPU build.

Application Layer
Agent Framework Layer
Operating System Layer
Celestial State Governance Layer
DPU / SmartNIC / Secure Enclave / Storage Controller
Data / Compute / Storage

Implementation Path

From a software prototype to a hardware anchor.

The right path is not to start by building a chip. First prove the logic — that the problem is real and that agent actions can be enforced consistently. Then move the critical enforcement components into hardware-adjacent layers.

  1. 01Software gatewayA proxy and agent wrapper that simulates the hardware anchor. Proves the mechanism — identity, policy, enforcement, signing, and audit — end to end.
  2. 02Kernel / eBPF / runtime hooksEnforcement and monitoring closer to the Linux and Kubernetes layer, demonstrating technical depth on real workflows.
  3. 03DPU labA BlueField / DOCA prototype running the verifier, signer, and policy cache on a DPU — proving hardware anchoring.
  4. 04OEM integrationAn embedded governance module integrated with a storage, DPU, or SuperNIC partner platform.
  5. 05Full platformControl plane plus hardware enforcement plus lifecycle modules — a complete governance platform for autonomous agents.

Lifecycle

Governance as an operational lifecycle.

The product direction treats agent governance as an operational lifecycle, not a one-time permission grant — from registration through retirement.

01

Birth

02

Border Control

03

Academy

04

Simulator

05

Production

06

Health Review

07

Retirement

Celestial State is not a GPU product and not another agent SDK. It is a hardware-anchored governance layer that separates the agent from the resources it acts on. Software manages identity and policy; hardware enforces it before any sensitive action reaches data, storage, network, or an API.