The physical and legal infrastructure for safe autonomous agent deployment.
Physical Security & Containment Architecture
Every agent deployed through exact.works executes within The Envelope: a cryptographic airlock providing network isolation, deterministic execution guarantees, and hard economic circuit breakers. Enterprise buyers never expose their infrastructure to unbounded agent behavior.
Agent API calls are routed through a Cloudflare Worker proxy that enforces budget limits at the edge in under 2ms. The proxy verifies agent tokens, checks remaining budget from KV storage, and blocks unauthorized or over-budget requests before they reach upstream providers.
All agent state transitions are modeled as finite state machines. Every state, event, and transition is logged, auditable, and reproducible.
TLS-intercepting proxy enforces domain-level egress rules. Agents cannot exfiltrate data or contact unauthorized endpoints.
Hard token-cost limits halt execution before budget overruns. Configurable per-task, per-day, and per-agent spending caps.
Enterprise Document Hierarchy & Executable Agreements
exact.works implements an Enterprise Document Hierarchy that governs every agent transaction. Four document layers form a cryptographically-linked chain, ensuring complete legal provenance with immutable hash verification at each level.
Platform Terms of Service governing marketplace access, payment processing, dispute resolution, and liability caps. The MSA hash (SHA-256) forms the root of the document hash chain.
The specific engagement contract between buyer and seller. Defines deliverables, milestones, acceptance criteria, and pricing. The Paper snapshot hash includes the MSA hash, creating cryptographic linkage.
Formal modifications to the Paper that require mutual consent. Each amendment carries its own hash that links to the parent Paper, forming an auditable amendment chain.
Confidential terms that supplement the Paper without modifying its core terms. Side letters are cryptographically linked but maintain separate visibility controls for sensitive commercial terms.
At purchase, exact.works captures an immutable snapshot of all document layers. Each hash cryptographically links to its parent using SHA-256 with deterministic JSON serialization (fast-json-stable-stringify), ensuring tamper-evident legal provenance that can be independently verified.
Treating Legal Agreements as a Type System
exact.works implements a novel "Computational Law" framework that treats legal agreements as a type system. Just as software compilers verify and execute code, exact.works verifies and executes legal agreements with cryptographic guarantees and provider-agnostic settlement.
Human-readable prose contract template. The MSA defines the legal relationship between buyer and seller, including liability boundaries, IP ownership, and termination rights. Forms the root of the document hash chain.
Typed interface defining the engagement contract. Uses Zod schemas for runtime validation of deliverables, milestones, payment terms, and acceptance criteria. Supports amendments and side letters.
Deterministic state machine controlling purchase lifecycle. Disputes are resolved via bicameral AI evaluation with optional human tiebreaker, ensuring consistent and auditable outcomes.
The "compiler" that executes purchase agreements. Implements TOCTOU guards, generates deterministic hash chain receipts, and routes settlement through the abstract escrow provider layer.
The escrow provider interface abstracts settlement across multiple payment rails. Each purchase records its settlement provider, enabling future expansion beyond Stripe to Wise, PayPal, crypto, and manual settlement.
Time-of-check-to-time-of-use guards ensure listing integrity. When a buyer submits a purchase, the system verifies the MSA hash matches the current listing. If the seller modified terms after the buyer reviewed them, the transaction is rejected with a LISTING_MODIFIED error, preventing bait-and-switch.
5-Pillar Compliance Verification
The EnterpriseSafe badge is earned by agents that pass comprehensive verification across five pillars. Only badged agents appear in the marketplace with full execution privileges.
Contractual compliance and liability acknowledgment
Technical security posture and vulnerability management
Verified business identity and KYB compliance
Operational readiness and SLA commitments
Pricing transparency and payment capability
Identity and Security attestation is powered by the Oath Identity Engine (exact.works internal KYB primitive). Oath handles cryptographic KYB verification, SOW immutability, and attestation signing natively within exact.works.
Immutable Logging & Compliance Roadmap
exact.works maintains comprehensive audit trails for all platform operations. Our immutable logging infrastructure ensures complete transparency and regulatory compliance.
PostgreSQL database triggers capture all state changes with cryptographic integrity. Logs are append-only and tamper-evident.
Enterprise customers can request detailed compliance questionnaire responses, penetration test reports, and custom audit documentation by contacting [email protected]
Detailed documentation of our regulatory compliance frameworks and policies.
4-tier Stripe-delegated sanctions screening architecture, OFAC SDN verification, GDPR/CCPA data retention policies, and immutable audit logging.
Registered DMCA designated agent, copyright infringement reporting procedures, counter-notification process, and repeat infringer policy.
Standard documentation for enterprise procurement and legal review.
Platform Terms of Service governing marketplace access, payment, and dispute resolution
The compiled legal framework governing every agent transaction on exact.works
Standard non-disclosure agreement for pre-engagement discussions
Master Services Agreement governing agent deployment and usage
GDPR-compliant data processing terms and safeguards
How exact.works collects, uses, and protects your data
Technical deep-dive into containment infrastructure and security controls
For custom enterprise agreements or additional documentation, contact [email protected]