MGR · Mathematically Governed Runtime

Your hardest capability, as a runtime you can prove.

Take the one workflow stuck in pilot because nobody can prove what it will and will not do. We prove it in math during the engagement and compile it into a governed, deterministic runtime. It runs in your environment, and it is yours to keep.

Solves the problem that keeps your hardest capability in pilot: nobody can prove what it will and will not do.

Governed RuntimeYours to keep
Built by MAE · run by you
capabilityclaims_adjudication
invariants proven14 · Lean 4
inferencedeterministic
runs inyour environment
receiptson every decision
Provensigned · replayable without us
How it works

The model drafts. MGR decides what reaches the user.

MGR is the runtime embedded inside your AI application, in the output path — so an unsuitable answer is stopped before anyone sees it.

1

The model drafts a recommendation or response inside your app.

2

Before it can render, MGR checks the draft against the proven rules.

3

A draft that breaks a rule is stopped at the glass — the user never sees it.

4

Only the governed answer is delivered, with a signed receipt behind it.

How everyone else does it

Typical guardrails filter or rewrite outputs after generation — and can be talked around with a clever prompt, because the limit is itself a model.

How MGR does it

MGR makes the unsuitable output impossible to deliver: the constraint is compiled in, not bolted on, so there’s no prompt that gets around it.

Why it’s better: The bad answer is never shown — not caught later — and every delivered answer is deterministic and provable, one decision at a time.  See how we build it →

Watch it work

Inside the application, governing the output.

MGR is the runtime embedded in your AI application, sitting in the output path. The client only ever sees the surface. Below the glass, the model drafts, MGR checks every recommendation against the proven rules, and an unsuitable one is caught before it can reach the screen — with a signed receipt either way.

MGR embedded · governing
Client view · above the glass
— advising… nothing shown to the client yet —
MGRembedded runtime
Idle
Inside · governed by MGR
profile incomplete · conversation cannot advance
model draft
Client risk tolerance LOW · proven equity cap 70% · push past it and watch the glass hold
You request85% equity

When an agent reaches out to an external tool, that boundary is governed by AICP.

The failure it closes

The capability works in the demo. You cannot prove what it will do.

Three things keep the hardest use case in pilot: errors compound across steps, the tests that proved it go stale, and there is no single record of what one decision actually did. MGR closes all three. The behavior is specified in math, proven before it runs, and compiled into a runtime that produces a signed receipt for every decision.

01

Specified in math

The capability is defined as invariants the runtime must hold, not a prompt and a hope.

02

Proven before it runs

Every invariant is checked in Lean 4 during the build, so the guarantees are structural, not observed after the fact.

03

Deterministic by construction

The same input returns the same governed output, which is what makes every decision replayable.

04

A receipt on every decision

Each run writes a signed Decision Receipt your auditor can replay on a clean machine. See one.

05

Runs in your environment

Your compute, your keys. The runtime ships into your stack and answers to your Operations Center.

06

Yours to keep

Proven during the engagement, then handed over. You own and run the runtime, not a hosted black box.

Same input, same output — every time. So it is provable to anyone who has to sign off.
RiskComplianceInternal auditThe regulatorThe board

Every decision the runtime makes ships a signed receipt your reviewers can replay and verify independently.

Bring the one that will not ship.

We prove it, you run it, the regulator can check it.