Deterministic execution boundary for AI systems
APEX Lite is a minimal, external policy gate that evaluates declared AI intent before execution.
It enforces one principle:
No action executes without passing a preflight policy check.
APEX Lite is intentionally simple, deterministic, and model-agnostic.
It exists to demonstrate that execution control does not need to live inside the model.
Most AI “safety” mechanisms today operate:
- inside prompts
- inside model weights
- after execution
- or not at all
This approach works for content generation.
It breaks down when systems begin to act.
In every safety-critical domain (industrial control, aviation, finance), execution is never trusted blindly.
Actions are gated by external, deterministic systems.
APEX Lite brings that same execution boundary to AI systems.
APEX Lite is:
- A pre-execution policy evaluator
- A deterministic decision engine
- An external safety interlock
It:
- Accepts declared intent (metadata)
- Evaluates it against local policy
- Returns a decision: ALLOW / BLOCK / REQUIRE_APPROVAL
- Logs the outcome
APEX Lite does not:
- Reason ethically
- Modify prompts
- Rewrite intent
- Learn or adapt
- Depend on model internals
- Require chain-of-thought access
- Act autonomously
This is deliberate.
APEX Lite is infrastructure, not intelligence.
Intent → Policy Evaluation → Decision → Execution (or not)
Intent is evaluated before any action occurs.
{
"actor": "agent_123",
"action": "send_email",
"target": "external_user",
"risk": "medium",
"data_classes": ["PII"],
"timestamp": 1730000000
}Example Policy
- id: rule_01
if: action == "send_email" and "PII" in data_classes
require: human_approval
- id: rule_02
if: risk == "high"
deny: true
-
explicit
-
deterministic
-
human-defined
-
locally owned
-
There is no global ethics model and no universal rule set.
{
"decision": "BLOCK",
"reason": "High-risk actions are not permitted",
"policy_id": "rule_02",
"apex_version": "lite-0.1",
"timestamp": 1730000123
}APEX Lite includes a minimal CLI stub that demonstrates how intent is evaluated against policy.
node bin/apex-lite.js evaluate examples/intent.json examples/policy.yamlAPEX Lite produces an append-only log containing:
-
intent hash
-
decision
-
policy ID
-
timestamp
-
APEX version
This enables:
-
auditability
-
post-incident analysis
-
compliance review
-
reproducibility
APEX Lite can run as:
-
a CLI tool
-
a local REST service
-
a sidecar process
-
a containerized service
-
It is intentionally easy to embed into existing stacks.
-
Model-agnostic Works with any LLM or agent framework
-
Deterministic Same input + same policy = same decision
-
Externalized alignment Safety does not depend on model behavior
-
Human-defined boundaries Policy reflects local risk tolerance and values
Many systems rely on internal guardrails (prompts, fine-tuning, or in-model policies). These are useful, but they have structural limitations.
-
Live inside the model
-
Can be bypassed, overridden, or degraded
-
Are difficult to audit independently
-
Change when models are updated
-
Cannot reliably enforce organizational policy
-
Operate outside the model
-
Are deterministic and inspectable
-
Remain stable across model upgrades
-
Are independently auditable
-
Reflect the operator’s rules - not the model provider’s
In safety-critical systems, execution authority is never self-policed. It is enforced by an independent control layer.
APEX Lite follows that principle.
APEX Lite is not the final system.
It exists to:
-
Prove external execution control is viable
-
Demonstrate preflight enforcement
-
Create a concrete, inspectable artifact
-
Serve as a foundation for more advanced systems
-
It is the minimum viable execution boundary.
APEX Lite borrows concepts from:
-
Pre-flight checklists
-
Change-management systems
-
Zero-trust execution models
If execution matters, it must be gated.
APEX Lite follows established safety patterns used in other execution-critical systems.
This repository is an early reference implementation intended for experimentation, validation, and discussion.
Related: Prism Protocol - the open intent signaling standard that pairs with APEX.
Apache 2.0 Use it, fork it, critique it.
AI does not need more intelligence to be safe. It needs boundaries.
APEX Lite is one of them.