Efe Baran Durmaz
← Work

Yula

A control layer that classifies every agent tool call by how reversible it is, signs the authority behind it, then blocks it, holds it for approval, or runs it, with a timeline to verify, undo, or replay.

Working core, hardening TypeScript, Next.js, Hono, Convex code ↗

What it is

Yula (YULA OS) is a deterministic control layer that wraps every tool call an AI agent makes. It is the general version of the idea behind Sardis: where Sardis governs payments, Yula governs any consequential action by the same rule, decide and prove before the side effect happens.

The problem it solves

Agents take actions that are not all equally safe. Some can be undone, some can be cancelled within a window, some can only be compensated for, and some cannot be reversed at all. Treating them the same is how agents do real damage. There is no shared place that classifies an action by reversibility, checks who authorized it, and keeps a record you can actually undo or replay.

How it works

The production spine is one path: classify the tool call by reversibility (undoable, cancelable window, compensatable, approval only, or irreversible blocked), sign the authority behind it with FIDES, write an AGIT style pre-commit, then block, await approval, or execute. After execution it appends a result commit, so the whole timeline can be audited, verified, undone, or replayed. Governance state (commits, approvals, snapshots, action logs, a tool registry, and an allowlist) lives in Convex, with approval cards and signed approval webhooks, and the chat tool path is wrapped by this governance before anything runs.

Where it fits

Yula is the layer that ties the trust stack together for everyday agent work. It uses FIDES for signing and identity and AGIT style commits for the reversible record, and exposes timeline, verify, undo, and approval surfaces across web, desktop, and mobile apps. Sardis is the money specific instance of the same control flow.

Status

Working core, in production readiness hardening rather than feature expansion. The deterministic classify, sign, commit, execute, verify flow is implemented in the core package with Convex governance tables, approval handling, and fail loud release gates. Durable compliance and job storage, staging canaries, and a few Convex ownership boundaries are still being finished.