EYDII · trust layer
EYDII is the trust layer for autonomous systems.
Agents do not have to be malicious to become unsafe. They only have to keep working after they have drifted. EYDII watches behavior, proof gaps, scope movement, and unsafe patterns without reading private work payloads.
Content-blind by design.
Most AI security starts with content: prompts, outputs, rule checks, and access control. EYDII adds another plane: behavior. It can observe timing, sequence, scope movement, verification gaps, handoffs, and health signals while content-bearing work stays private.
Content stays private
EYDII reads behavioral metadata, not content-bearing prompts, messages, artifact payloads, code, or agent outputs.
Evidence is signed
Important actions, boundaries, approvals, and trust events can carry verifiable provenance.
Memory can be contained
Work written during a suspected drift window can be flagged before it becomes shared truth.
Agents do not supervise themselves
The trust layer runs outside the agent's reasoning loop, so an agent cannot simply prompt its way around it.
Drift: a silent killer.
Drift does not announce itself. The agent still sounds useful. It still reports progress. It still produces work. The problem is that its behavior is moving away from the role, scope, evidence standard, or authority boundary you gave it.
Scope creep
A narrow assignment quietly expands into extra files, extra claims, or extra decisions the operator never approved.
Self-authorization
The agent stops asking before consequential actions because previous approvals start feeling permanent.
Hallucinated completion
The agent says done because it remembers intending to verify, not because a verification action happened.
Verification atrophy
Early in the run it checks carefully. Later, the checking disappears while the confidence remains.
Selective reporting
The agent reports wins and omits failures, side effects, or unresolved gaps that still matter.
Copy drift
Human-approved language gets rewritten because the agent thinks it is improving it.
Delegation without verification
A coordinator passes along a sub-agent's status as truth without checking the actual work.
Context decay
Earlier rules are still present, but the agent stops attending to them as the session gets long.
Race condition drift
Two agents touch the same resource; one silently overwrites work the operator already approved.
Confidence-effort inversion
The most certain status reports arrive with the least verification behind them.
Priority inversion
The agent works on easier nearby tasks while the actual broken thing remains broken.
Cascade amplification
One bad handoff becomes shared truth, then another agent builds on it.
Detection is not enough. The system has to recover.
This is the part most policy and access systems miss. They can tell you something is wrong. ROAM and EYDII are designed to keep the organization moving after something goes wrong.
Detect early
EYDII watches behavioral signals: scope movement, timing, action sequence, verification gaps, permission decay, and session-time degradation.
Contain the window
ROAM can mark work produced during a drift window so it does not silently become shared memory or a trusted handoff.
Auto-swap when enabled
If the operator allows it, ROAM can replace the drifting worker with a fresh agent under the same name, role, job description, context, and boundaries.
Continue with memory
The replacement inherits the organization memory, open tasks, context, and handoffs, so the work continues without the human rebuilding the run.
Trust score
A four-person organization may have recovered through many silent swaps.
The operator should not have to restart the company every time an agent degrades. ROAM keeps the identity, role, memory, and open work visible while EYDII tracks the behavioral trust state behind it.
Healthy: the agent is operating within its role, scope, and evidence standard.
Degraded: behavioral signals suggest increasing oversight.
Unhealthy: review the agent's work or quarantine until cleared.
Critical: stop the agent and audit before continuing.
Evidence without reading the private work.
ROAM treats identity, approvals, writes, handoffs, and trust events as part of the operating system. The point is not to ask for blind faith. The point is to make behavioral evidence inspectable without turning private work into surveillance.
How trust is verified.
Trust is not granted because the homepage says so. ROAM is designed so technical users can inspect the local state, events, signed actions, and boundary model themselves.
Inspect which directories are behavioral metadata and which content-bearing payloads stay out of EYDII's read path.
Check local state, heartbeats, tasks, peer reports, and trust events.
Review signed actions, handoffs, approvals, and memory writes.
Look for drift-window markers before suspect work becomes shared truth.
Run a canary check to confirm content-bearing payloads are not required for behavioral trust signals.
No sign-up. Free up to three harnesses.