Clean execution under trusted memory
The agent runs with verified memory and policy v2 active, completing the research cycle with trusted sources.
This sandbox uses controlled placeholder results to demonstrate the integrity flow. Run clean cycles, trigger a prompt-injection warning, apply memory tamper, and verify any generated ECO artifact in the browser.
Interactive sandbox
This console behaves like a small Talo-style agent room without live agents or live search. It generates fresh ECO artifacts in your browser for every run, with an optional ECOX replay package for permissioned review.
ECO is the shareable receipt. ECOX is an extended replay package for controlled review; this sandbox version includes only sanitized run state and the generated ECO, which the verifier can still check.
Flow
The point is not generic AI quality. The point is whether an agent can prove the state it relied on and stop when that state changes outside the approved flow.
A research brief and policy state are stored in append-only memory.
The agent executes while memory remains verified.
A suspicious external instruction is recorded as risk without overriding verified memory.
The agent can continue with an explicit warning while memory remains verified.
A later out-of-band change breaks the trusted chain.
The next run detects that change and halts before acting on corrupted context.
The incident can be checked independently in the browser from the exported artifact.
Published artifacts
The console above generates fresh ECO artifacts in your browser. These published ECO files are kept as stable examples from the repository history.
Open the verified execution artifact first. This is the happy path under trusted memory.
Then open the owner-review artifact to see how a sensitive instruction gets paused instead of executed.
Finally open the integrity incident artifact and verify that the agent refused to continue after memory changed.
The agent runs with verified memory and policy v2 active, completing the research cycle with trusted sources.
A sensitive request appears in external content. The system does not execute it blindly; it pauses and waits for owner review.
A later modification breaks the memory chain. On the next cycle, the agent refuses to proceed and exports incident evidence instead.
Run locally
If you want the runnable repository path behind the interactive sandbox, use the scripts below. They correspond to the same integrity story shown above.
npm install -g verifiable-memory-mcp npm run demo:scenario:reset npm run demo:cycle npm run demo:tamper npm run demo:cycle-after-tamper npm run demo:export npm run demo:verifier