Agent Governance OS
TLA+ formal verification · Zero-trust architecture · OWASP Agentic security
Governing the code agents
that build the future.
MAREF actively governs Claude Code, OpenCode, Cursor, and other AI coding agents — intercepting threats, signing every decision, evolving defense strategies in real time.
Six layers, governance-first
Application
/ 应用层Multi-agent framework integration surface. Interoperable with any agent framework.
Orchestration
/ 编排层Task decomposition and distributed transaction coordination across agents.
Governance
/ 治理层Governance-first gate. Every agent action passes through before execution.
Safety
/ 安全层Screenshot redaction, input filtering, file sandboxing, clipboard sanitization.
Observability
/ 可观测层Full telemetry, immutable action recording, and real-time monitoring.
Infrastructure
/ 基础设施层Deployment substrate. Sidecar injection, K8s-native, serverless-ready.
4-Level Governance Decision Tree
Every agent action flows through 4 decision levels — 97% automated, 3% human escalation
Agent security is broken at every level
Multi-agent systems are exploding in adoption, but existing frameworks treat safety as an afterthought.
of production agents have toolchain vulnerabilities
Stanford/MIT Cooperative AI Research, 2026
MAS adoption growth in under 4 months
Databricks Data + AI Summit, 2026
average cost of an agent security incident
IBM Cost of a Data Breach 2026
Known Incidents
Claude Code jailbreak via prompt injection
Adversarial prompts bypassed safety filters, executing unauthorized file operations.
Gemini 3.5 database deletion
Misaligned tool-use chain caused irreversible production data loss.
AutoGPT sandbox escape
Container escape via unvalidated API calls to internal infrastructure.
Existing frameworks patch symptoms. MAREF rebuilds the foundation.
8-Layer Defense Architecture
Red attack arrows enter from left, penetrating layer by layer — intercepted at Layer 5 Safety Gate
Core Capabilities
Four foundational technologies that make agent governance mathematically provable and production-ready.
Gray Code FSM
Mathematically provable governance state machine. 10 states, 6-bit encoding, Hamming distance = 1.
8-Layer Defense
Defense-in-depth. 4-tier decision tree. 97% automated safety decisions.
Recursive Evolution
Lyapunov-proven convergence. FNR -60% over 200 rounds of self-evolution.
National Cryptography
SM2/SM3/SM4-GCM. Full GB/T 32918 compliance. AIP Pioneer Program ready.
Gray Code State Machine
Hamming distance = 1 on every transition. Mathematically verifiable governance.
Why MAREF?
7 critical dimensions across 6 agent frameworks
| Dimension | MAREF MAREF v0.30.0 | LangGraph LangGraph | CrewAI CrewAI | AutoGen Microsoft AutoGen | OpenAI OpenAI Agents SDK | Anthropic Anthropic Tool Use | Manual Manual Governance |
|---|---|---|---|---|---|---|---|
| Formal Verification TLA+/Coq correctness proofs | 10 | 4 | 3 | 5 | 3 | 3 | 2 |
| Defense-in-Depth Multi-layer security architecture | 10 | 5 | 4 | 5 | 4 | 4 | 3 |
| Zero-Trust Architecture No implicit trust between agents | 9 | 3 | 2 | 3 | 4 | 4 | 5 |
| Gray Code FSM Hamming distance = 1 governance | 10 | 1 | 1 | 1 | 1 | 1 | 1 |
| Self-Evolution Lyapunov-proven convergence | 10 | 2 | 3 | 4 | 1 | 1 | 1 |
| National Cryptography SM2/SM3/SM4 compliance | 9 | 1 | 1 | 1 | 2 | 2 | 3 |
| Full Observability OpenTelemetry + immutable audit | 9 | 6 | 5 | 6 | 5 | 4 | 2 |
Lyapunov-Proven Convergence
FNR -60% over 200 self-evolution rounds. Mathematically proven.