Inactu

Stop Guessing What Your Agents Really Did.

Verifiable, policy-bounded execution with auditable receipts for secure autonomous actions.

Inactu makes agent actions provable without replacing your existing agent stack.

Ready to test verifiable execution?

The Agent Problem

Where Inactu sits

[Agent]
   |
   | proposes action
   v
[Inactu]
  - verify skill
  - enforce policy
  - constrain execution
  - emit receipt
   |
   v
[World]

Agents never run arbitrary code.

They can only invoke pre-approved, immutable skills.

Why You Should Care

When execution is opaque, security has no ground truth.

Ad-hoc execution paths and opaque scripts.
Silent permission sprawl.
Post-incident reconstruction from incomplete logs.
Weak reproducibility of what actually ran.

Outcome

Agent execution becomes bounded and evidentiary.

Every action is bounded by explicit capabilities.
Every execution is provable via cryptographic receipts.
Every failure is deterministic and explainable.
Runs can be replayed and audited with evidence.

Prove What Ran

Receipts over logs

Generate cryptographic receipts tied to skill artifacts, inputs, and policy outcomes.

Prevent Over-Reach

Explicit capability ceilings

Block undeclared or disallowed actions before execution starts.

Audit With Confidence

Deterministic failure semantics

Replace ambiguous incident narratives with reproducible verification evidence.

Trust Signals

Security engineers can verify claims directly.

Open-source repository with inspectable code and OpenAPI contract.
v0.1 baseline released with explicit stability notes.
Conformance vectors and receipt verification workflows in-repo.
Threat model and compatibility policy documented in core repo.

What Inactu Is Not

A narrow trust boundary beats a wide promise.

Not an agent framework.
Not a scheduler or orchestrator.
Not a model runtime.
Not a blockchain.
Not a centralized execution platform.

Run Quickstart Review Security

Next Step

Run one skill, verify one receipt, and inspect the evidence yourself.

Start Quickstart

Common Questions

Can we deploy in our own cloud?
Yes. The control-plane service and web frontend are self-hostable and can run behind your existing edge, auth, and logging controls.
Is the platform API-first?
Yes. Endpoints are documented in OpenAPI and map to explicit verification or control-plane operations.
Does this work for regulated environments?
It is designed for explicit capability controls and auditable receipts. You should validate controls against your own regulatory obligations before production adoption.