Demo • Infra Automation

Execution-time governance for production changes

Proof shape: VETO ⇒ sink unchangedALLOW ⇒ sink changes • verified via evidence logs + before/after hashes.

Irreversible sink simulated

  • Sink: governed config mutation (represents “apply to prod”)
  • What’s proven: unsafe changes are blocked at the boundary; safe changes commit; both are verifiable
VETO / INVALID
Infra VETO: CLI showing observed decision and verification.
Unsafe change is vetoed at the execution boundary. Verification confirms the sink did not change (hash equality).
ALLOW / VALID
Infra ALLOW: CLI showing observed decision and verification.
Safe change is allowed. Verification confirms the sink changed (hash differs) and execution is evidenced in logs.

Evidence reports

VETO report
Infra VETO report showing evidence excerpt and sink hashes.
Report includes scenario target vs observed decision, evidence excerpt, timeline, and sink hashes.
ALLOW report
Infra ALLOW report showing evidence excerpt and sink hashes.
Report includes evidence excerpt + before/after sink hashes proving the mutation occurred.

Invariants enforced at the boundary

  • forbid unsafe ingress / overly broad exposure
  • forbid privilege escalation to admin
  • environment gating (no prod unless explicitly approved)
Use case fit: infra automation, deploy/apply pipelines, IAM tooling, config management.

Contact