What Is Intended#

Intended is Intent Verification Infrastructure for Autonomous Agents. It verifies that what an agent is about to do matches what was intended before the action is allowed to execute.

If the action verifies, Intended issues a cryptographic Authority Token. If it does not verify, the action does not execute. Every decision is recorded in an immutable, independently verifiable audit chain.

That is the operating rule:

No Token, No Action.

The Problem Intended Solves#

AI agents can already call tools, open tickets, deploy code, query customer data, and trigger workflows across enterprise systems. The hard problem is not whether an agent has some abstract permission. The hard problem is whether the agent is doing what was intended to happen in this specific context.

That is where Intended sits.

It does not replace your models, orchestrators, or business systems. It sits between intent and execution and answers one question before anything happens:

Is this what was intended to happen?

The Core System Vocabulary#

Understanding Intended starts with six product terms.

Open Intent Layer#

The Open Intent Layer is the open taxonomy that defines what actions are intended to do. It gives the runtime a shared language for classifying actions across systems and domains.

Large Intent Model (LIM)#

The Large Intent Model interprets what the agent means, not just which tool it called. It maps raw actions into structured intent.

Intent Object#

The Intent Object is the structured representation of what is supposed to happen. It is the object the runtime actually verifies.

Enterprise Capability Engine (ECE)#

The Enterprise Capability Engine maps verified intent to enterprise capability context so the decision reflects how the business is organized, not just what the API call looked like.

Authority Engine#

The Authority Engine evaluates the verified intent against active policy and returns a deterministic decision: allow, deny, or escalate.

Authority Token#

The Authority Token is the cryptographic proof that the action was verified and authorized. Downstream systems verify the token before they execute anything.

How the System Works#

What Intended Is Not#

To set expectations clearly:

• Not a policy engine by itself. Policy evaluation is one part of intent verification, not the whole product.
• Not an observability layer. Intended records evidence, but it is not just a dashboard or monitoring surface.
• Not a guardrail or filter. It is the authority layer between an agent deciding to act and the action actually happening.
• Not an orchestrator. Intended does not manage agent workflows. It verifies and authorizes the actions those workflows want to execute.

Where Intended Sits#

Intended occupies a specific position in the autonomous systems stack:

┌──────────────────────────────────────────────────┐
│  Agents / Runtimes / Workflows                   │
├──────────────────────────────────────────────────┤
│  Intended (intent verification + authority)      │
├──────────────────────────────────────────────────┤
│  Identity / Policy / Capability Context          │
├──────────────────────────────────────────────────┤
│  Infrastructure / Data / Enterprise Systems      │
└──────────────────────────────────────────────────┘

It receives proposed actions from the layer above and issues Authority Tokens that the layer below can independently verify.

Why It Matters#

Intended produces three outcomes:

• Unintended actions do not execute.
• Intended actions are provably authorized.
• Every decision is independently verifiable.

That is the distinction between policy rules and intent verification. Policy answers whether an action is permitted. Intended verifies whether the action matches what was meant.

Next Steps#

• Authority Runtime Pipeline — understand the full verification pipeline
• Authority Token Model — learn how Authority Tokens are structured and verified
• Tenant Trust Boundary — understand tenant isolation guarantees
• Trust Model — the broader security model underpinning the platform