§ Product
How Maxwell works.
A compiler-grade analysis engine built on the Truss platform. How it works, what it checks, and how to integrate.
§ 01 — How it works
Eight layers. One rule:
never cross a boundary.
If a layer crosses responsibility boundaries, the architecture is considered broken — and the system is built to fail rather than produce an untrustworthy result. Each layer has exactly one job and one output type.
Maxwell · Truss Platformstatic compiler-grade analysis · zero runtime instrumentation
Invar Engine01–03, 06
01Parserast.Module∅ semantic interpretation, type inference
02Type ExtractorTypeInfo(agent_vars, agent_calls)∅ heuristic inference, emitting violations
03Semantic AnnotatorList[Annotation]∅ violations, CFG analysis, mutate ast
06Semantic IR BuilderDict[fn → FunctionSemanticIR]∅ pattern matching, heuristic inference
Axiom Engine04–05, 07
04CFG BuilderCFG(nodes, edges, entry, exit)∅ semantic rules, dominance computation
05Dominance AnalyzerDominanceTree(dominators)∅ heuristics, semantics
07Invariant EvaluatorList[Violation]∅ AST/CFG mutation
Verity08
08Violation AdapterList[AdaptedViolation]∅ analysis logic, re-evaluation
Provenance→Verifiable audit artefact for auditors, regulators, and insurers. Chain of custody, end to end.
§ 02 — Invariant library
17 active rules.
6 dimensions.
Every agent architectural failure mode, named and formalised. Due-diligence before you install.
| ID | Dimension | Invariant | Tier | Regulatory |
|---|---|---|---|---|
| AG-001 | Guardrails | LLM calls are wrapped (error containment) | Tier S | Art. 9, 15 · Art. 25(1) · DE-3 |
| AG-002 | Guardrails | Infinite loop must have exit condition | Tier S | Art. 15 · Art. 25(1) · GV-2 |
| AG-003 | Data Provenance | No hardcoded secrets in codebase | Tier S | Art. 9 |
| AG-004 | Guardrails | Network/LLM calls require explicit timeout | Tier S | Art. 15 · Art. 25(2) · DE-3 |
| AG-005 | Decision Boundary | Agent outputs validated before use | Tier S | Art. 15 [Accuracy and Robustness] · Pillar 3 [Operational Reliability & Testing] · Measure 2.1 [System Robustness] |
| AG-006 | Observability | Agent outputs are logged before use | Tier S | Art. 12 · Art. 25(3) |
| AG-007 | Guardrails | Error handlers are non-empty (no silent pass) | Tier S | Art. 9 · Art. 25(1) |
| AG-008 | Decision Boundary | Every irreversible action has a declared owner | Tier S | Art. 14 |
| AG-009 | Decision Boundary | Human override exists for high-impact actions | Tier S | Art. 14 · GV-6 |
| AG-011 | Decision Boundary | Fallback path exists and is reachable | Tier S | Art. 15 · Art. 25(2) · DE-3 |
| AG-012 | Replayability | Model version is pinned | Tier S | Art. 9 · MS-1 |
| AG-014 | Replayability | External inputs are snapshotted before agent acts | Tier S | Art. 12 |
| AG-017 | Observability | Input-output trace is complete | Tier S | Art. 12 · Art. 25(3) |
| AG-020 | Observability | Confidence score participates in control flow | Tier S | Art. 9, 15 |
| AG-021 | Guardrails | Fallback path is non-LLM | Tier S | Art. 15 |
| AG-032 | Data Provenance | Input source is declared | Tier S | Art. 9, 12 |
| AG-036 | Policy | Explicit policy exists in execution path | Tier S | Art. 9, 14 |
Showing 17 of 17 active rules · 49 total invariants planned
AG-005Rule definition — YAML format
id: AG-005
dimension: Decision Boundary
semantic: Agent outputs must be validated before use
severity: CRITICAL
message: "Decision made on agent output without validation."
applies_to: decision_sinks
rule: dominated_by_validation == true
tags: [safety, accuracy, robustness]
# Multi-Framework Alignment Mapping
eu_ai_act_article: "Art. 15 [Accuracy and Robustness]"
dora_pillar: "Pillar 3 [Operational Reliability & Testing]"
nist_framework: "Measure 2.1 [System Robustness]"
iso_iec_42001: "ISO/IEC 42001 [AI System Integrity]"
us_executive_order: "Executive Order 14110 [AI Risk Management]"
§ 03 — Integration
Code-first.
Three paths in.
Install once. Run everywhere — local dev, CI/CD pipeline, or IDE. No agents at runtime, no instrumentation, no vendor lock-in.
CLI · Docker
Docker · CLI
Pull and run against any Python codebase. Provenance written to
.maxwell/provenances/$ docker pull ghcr.io/cernent/maxwell:0.4.1
$ docker run --rm -v $(pwd):/src \
ghcr.io/cernent/maxwell verify /src
→ provenance written to .maxwell/
CI/CD · GitHub
GitHub Action
One-liner PR check. Maxwell runs on every push, blocks merge on CRITICAL violations.
# .github/workflows/maxwell.yml
uses: cernent/maxwell-action@v1
with:
framework: langchain
fail-on: CRITICAL
IDE — coming 2026
IDE Extension
Inline invariant warnings as you write. Highlights structural gaps before you commit.