Plain-language definitions.

An agentic AI can book trades, update records, release payments, or change supplier status—not just summarise a document. Governance built for chat outputs does not automatically govern actions. You need enforcement before execution and evidence at decision time.

If the system state and proposed action are the same, the outcome is the same every time—no randomness, no “usually yes”. In regulated workflows (payment release, onboarding approval), deterministic enforcement means you can explain why an action was allowed without appealing to model mood or sampling luck. Example: two identical payment requests in the same account state always get the same decision from the validator.

Large language models and many AI systems are probabilistic: they may follow a rule 99.9% of the time and still violate it occasionally. That is acceptable for drafts and suggestions; it is not a substitute for enforcement when a rule must always hold. Riley Betts separates probabilistic reasoning (AI) from deterministic authority (validator).

In our architecture, agentic AI proposes actions but the validator decides, based on formally specified rules and proofs. This is the separation between “reasoning” and “authority” that lets you state with confidence what AI is allowed to do in your systems.

For example, “no client may own more than 10% of any fund” or “a payment cannot be released unless three-way match has succeeded”. Spec++ lets you write these rules so precisely that a machine can prove whether your code can ever break them.

Instead of a requirements document in natural language alone, a formal specification describes states, events, and rules in a way that leaves no room for ambiguity. Tools can then prove properties about all possible behaviours—not only the ones covered by your tests.

For example, a payment request might move from “draft” to “approved” to “released”. In the Compliance Operator, each transition is governed by explicit rules and proofs, so forbidden jumps—like “draft” straight to “released”—never happen.

Spec++ is Riley Betts’s specification methodology: write what must be true, verify it, then generate or enforce implementations. It is not the same as Spec++ Pipeline (the developer product)—Pipeline implements the methodology in IDE and CI.

Specification-driven development keeps intent in versioned specs with provenance and CI gates—especially when AI writes code. Riley Betts runs SDD adoption programmes to help teams operate this way with Spec++.

Spec++ Pipeline lifts natural-language clauses into structured Spec++, checks consistency, and preserves audit trail links from formal obligations back to the sentence that created them. In active R&D—not GA in every environment.

The Compliance Operator is a formally specified, cryptographically enforced layer where agentic AI proposes and a validator decides. It produces hash-chained audit log entries and, where needed, ZK proofs for examination-ready evidence.

CECO is Riley Betts’s product for agentic governance: AI agents propose actions; CECO evaluates them against your formal policy and cryptographic proofs before they run. On the website we often say Compliance Operator; in technical material we say CECO. Same product family.

Every consequential action is evaluated against formal rules before it runs. “The agent had permission to call the API” is not enough; the system must show which policy applied and that it held at decision time.

A policy-constrained authorisation system describes rules for accepting or rejecting actions in a state machine, with proofs that those rules hold. The Compliance Operator / CECO implements this pattern: the AI is not the authorisation layer—the validator is.

Proof-gated enforcement means the system does not merely log that something happened—it produces verifiable evidence that your formal rules were satisfied before the action executed. Auditors can check the proof without trusting a narrative reconstructed from scattered logs.

For example, you can prove that a trade passed sanctions checks or that three-way match succeeded without exposing raw client data or contract terms. This is how the Compliance Operator can enforce rules while keeping sensitive information private—even from the AI agent itself.

Each record contains a cryptographic fingerprint of the one before it, forming a chain. If someone tries to change a past decision, the fingerprints stop matching and tampering is obvious. Supervisors get a log that is not only complete, but provably untampered-with.

Neuro-symbolic agents use AI where learning helps, but operate inside policies and specs a machine can check—matching Riley Betts’s split between probabilistic reasoning and deterministic enforcement. Labelled a research programme on the public site.