VAREK.

What VAREK is

VAREK is an open-source compiled language and runtime that verifies what an AI agent is about to do, against an explicit policy, before the action takes effect.

Policies compile to a satisfiability-modulo-theories decision procedure that returns one of three results — SATISFIED, UNSATISFIED, or UNKNOWN. The runtime is fail-closed: an action proceeds only on an explicit SATISFIED. v1.8.1 unifies kernel-boundary enforcement and cross-action data-flow verification into one vertical stack, from observed runtime behavior at the system boundary to a formal decision over agent plans.

In medicine, "usually right" gets people killed. Agentic systems that act in the world deserve the same standard of rigor.

The founder is a physician. The thesis is that probabilistic, "usually right" guardrails are the wrong safety model for agents that take real actions — and that deterministic, provable authorization is a category that does not yet have a credible open-source standard.

The gap

Autonomous agents call tools, move data, and chain actions toward goals. The prevailing safety posture is statistical — classifiers, prompts, and reviews that are usually right. The failures that matter live in the tail, where an unverified action causes irreversible effect.

• Authorization before execution. An action is checked against an explicit policy, with a determinate result, before it is permitted to take effect.
• No silent guessing. When the procedure cannot prove compliance, it reports UNKNOWN rather than coercing a pass. The runtime refuses to proceed.
• Verifier, not heuristic. The guarantee is relative to the policy as written and the fidelity of the action model — and that boundary is stated, not blurred.

One vertical stack

Runtime behavior observed at the system boundary is lifted into structured actions; those actions, individually and as plans, are checked against compiled policy; and a determinate decision gates execution. The same policy a developer reasons about is the policy enforced against the agent's actual behavior.

Three-state decision semantics

A two-state system must convert every UNKNOWN into a false pass or a false block. VAREK refuses that conversion. This is the difference between a verifier and a heuristic, and it is the core of the safety claim.

Kernel-boundary integration (v1.7)

The verification layer binds to runtime enforcement at the system boundary: observed low-level behavior is intercepted, mapped to semantically meaningful actions, checked against policy, and gated before completion. This is what makes the stack vertical rather than a separate, weaker approximation bolted alongside the agent.

Cross-action data-flow verification (v1.8)

Verification reasons across sequences of actions, not only individual ones. The subsystem tracks where data originates and where it is permitted to travel, so a policy can constrain how information moves through an agent's work — for example, that data from a sensitive source cannot reach a particular sink — rather than judging each action in isolation. Current coverage is explicit information flow; implicit-flow coverage is on the roadmap and is not claimed in this release.

Trajectory to v1.8.1

v1.8.1 — stable release candidate

Builds are sanitizer-clean on every supported platform, and CI fails closed on platforms where the enforcement backend cannot be guaranteed rather than degrading silently. Integration and threat-model documentation are published, and a private vulnerability-reporting channel is in place.

Demo. The eight-scenario narrated demo runs the stack end to end — authorization, denial, fail-closed on UNKNOWN, and cross-action data-flow scenarios where a sequence is blocked on the basis of data provenance. It runs locally from source:

# Local clone — POSIX shell (git + make)
git clone https://github.com/kwdoug63/varek.git
cd varek/v1_7
make check
make demo

make check runs the verification suite; make demo plays the narrated scenarios.

Source: github.com/kwdoug63/varek  ·  Site: varek-lang.org

Patent-pending portfolio

Three provisional patent applications on file, mapping to the three layers of the stack. Non-provisional conversions begin March 2027. The project is patent-pending; nothing is granted.

Licensing

VAREK is released under the MIT license, chosen to avoid an inadvertent patent grant. Relicensing considerations are deferred pending non-provisional conversion.

Registrations and programs

• SAM.gov — registration complete.
• SBA SBIR Company Registry — complete.
• Research.gov — complete.
• NSF SBIR Phase I Project Pitch — prepared; submission pending portal reopening.
• Defense-prime supplier registration — complete.
• DARPA TA2 track — active business-development engagement (in progress; no award represented).

Federal pursuit is stated at the program level. Named relationships and current pipeline detail available to qualified diligence on request.

External audit plan

A core part of the credibility thesis: a verification product should itself be independently audited. Vendor candidates under evaluation include Trail of Bits, NCC Group, Doyensec, Cure53, and Atredis, targeting Q3 2026.

Who is behind it

Kenneth Wayne Douglas, MD — Founder & CEO

Physician-founder. The medical framing — that systems which are "usually right" are unacceptable where the tail is catastrophic — is the design principle, the positioning, and the discipline applied to

Where this lands

VAREK targets the assurance layer for agentic AI: teams deploying autonomous agents that take consequential actions and cannot accept a "usually right" safety posture — regulated, safety-critical, and government-adjacent settings first, where determinism and auditability are requirements rather than preferences.

Ideal customer profile

The early buyer is an organization putting agents into a position to take irreversible action and carrying accountability for the outcome. Three concentric tiers:

• Government and defense. Programs deploying autonomous systems under explicit assurance and accreditation requirements, where a provable authorization decision and an audit trail are procurement preconditions. This is the wedge: the federal track is already in motion and the buyer's standard already matches the product's thesis.
• Regulated enterprise. Healthcare, financial services, and critical infrastructure teams whose agents touch protected data or move money, and whose compliance posture cannot rest on probabilistic guardrails.
• AI-platform and tooling vendors. Builders of agent frameworks who need a credible, independent verification layer to put in front of their own customers, and who would rather adopt an open standard than build one.

Pipeline

The company is pre-revenue and pre-design-partner; the pipeline is early and being built deliberately rather than represented as closed. Live top-of-funnel:

• Federal. DARPA TA2-track business-development engagement in progress; SAM.gov, SBA SBIR Company Registry, Research.gov, and defense-prime supplier registration complete; NSF SBIR Phase I Project Pitch prepared, pending portal reopening.
• Advisory-led introductions. Caganco engagement (executed March 2026) for operating and governance reach; a verification, validation, and assurance advisor in pipeline.
• Inbound from open source. Public MIT release on github.com/kwdoug63/varek and varek-lang.org, with the eight-scenario narrated demo as the qualifying artifact for technical evaluators.

Pricing and packaging

Open-core. The verification standard must be open to be trusted; commercial value sits in the operational and assurance layer around it.

• Open core (MIT, free). The var:: language, the verification core, a reference isolation backend, and the demo. Drives adoption and establishes the standard.
• Commercial (planned). Hardened and independently-audited release builds, priority security response, enterprise enforcement and integration support, and assurance/attestation packages for regulated and accredited buyers. Priced as enterprise subscription plus assurance engagements; figures to be set against the first design-partner deployments.
• Non-dilutive. SBIR/federal program funding (NSF, DARPA track) as both capital and procurement channel.

Open vs. commercial boundary

The line is deliberate: the open core is the guarantee — the verifier, the language, and the decision procedure are open because no one should be asked to trust a closed verifier. The commercial surface is everything around deployment that an accountable buyer needs and cannot self-assemble: certified builds, support SLAs, compliance attestation, and integration. The open verifier remains the single source of truth; the company does not gate the core safety decision behind a license.

Capitalization & the round

Corporate snapshot

Capitalization

• Kenneth Wayne Douglas, MD — 100% of issued shares. Sole founder and shareholder; no outside equity issued.

Funding to date

No institutional capital has been raised. The company is founder-funded, and burn is nominal: with the founder uncompensated and no payroll, costs to date are limited to infrastructure, the three USPTO provisional filings, and legal. There is no meaningful runway constraint at the current burn — which is precisely the constraint the round removes, by funding the founder's full-time focus and the assurance milestones rather than stretching a zero-cost posture.

Use of funds

Capital is directed at the three highest-leverage moves, not speculative features. Illustrative allocation (scales with round size):

The ask

Contemplated pre-seed of approximately $1.0M–$1.5M on a SAFE, sized to reach an independently-audited v1.x release, the first design-partner deployments, and the non-provisional patent conversions with roughly 18 months of full-time founder runway. No outside capital is committed.