GE-OS — Governed Execution OS | Werner Harmonic Labs

The Architecture

Twelve stages. Every action. No bypass.

GE-OS treats AI output as a proposal, never an execution. Each proposal travels through a 12-stage ControlPlane pipeline, carries an ExecutionContext capsule end-to-end, and is sealed into the receipt chain at the moment of dispatch. The pipeline is mandatory; there is no fast path, no override, no advisory mode.

01

ControlPlane & ExecutionContext

A 12-stage MANDATORY pipeline with an ExecutionContext capsule that follows every proposal from intake to dispatch. State, identity, policy, and provenance travel as one immutable record. 52 ControlPlane tests + 40 ExecutionContext tests verify invariants.
02

HardwareBridge & PolicyDSL

3-gate authorization plus FPGA UART hand-off into the DECC hardware interlock. PolicyDSL expresses governance declaratively — YAML lint, diff, apply, and rollback — so policy changes are reviewable and reversible like code.
03

TenantFabric & Isolation

TenantIsolationLayer enforces identity, rate, and quarantine boundaries per tenant. TenantFabric provides hard multi-tenant isolation — a misbehaving or compromised tenant cannot leak signal, capacity, or attestation state into any other.
04

Attestation, Envelopes & Coherence

CloudAttestationChain emits an HMAC receipt chain. AssuranceEnvelopeManager seals HMAC proof snapshots as a deployment gate. ReleaseCoherenceBundle verifies cross-repo state. PipelineProver runs 8 invariant probes. EdgeAttestation closes the cloud-edge loop.

What It Enables

A deployable AI substrate, not a wrapper.

GE-OS ships as a FastAPI service with 15 endpoints, an OpenAPI 3.1 spec covering 13 paths, three first-party governance policies, and a Docker Compose stack. It is the runtime layer beneath every WHL product and the licensable substrate beneath partner stacks.

ControlPlane API

15 Endpoints · OpenAPI 3.1

propose, tenants CRUD, health, pipeline proof/recent, policies CRUD, attestation, envelope + history, metrics, proof, manifest — every integration is reviewable, replayable, and audit-grade.

Governance Policies

3 First-Party Profiles

strict_default for production, research for high-tolerance experimentation, defense for hardened, attestation-mandatory deployments. Custom policies authored in PolicyDSL and version-controlled like code.

PipelineProver

8 Invariant Probes

Continuous proof that the pipeline is whole: no stage skipped, no policy bypassed, no receipt missing, no envelope unsealed. Failures are immediate, loud, and gate the next dispatch.

Why It Matters

The execution substrate is the strategic moat.

Most "AI governance" sits above the model, advising. GE-OS sits beneath the action, deciding. The 12-stage pipeline, attestation chain, and tenant fabric are protected by Patent 8 (Governed Execution OS, filed) and form an SBIR Phase III sole-source transition lane for U.S. defense programs.

For DoD, DARPA, AFRL & Defense Primes

SBIR Phase III sole-source pathway via Patent 8. Defense governance policy ships in-box. Attestation chain and EdgeAttestation are designed for FPGA-anchored, air-gappable deployments. Reference architecture and source-available licensing under NDA.

For Strategic Acquirers & Integrators

A licensable AI operating substrate with measurable test coverage, an OpenAPI surface, and three production policy profiles. Run it under your AI stack, your robotics stack, your custody stack — same pipeline, same receipts, same proofs.

Verified Output

Tests pass. Receipts on disk.

Full GE-OS pytest run, 2026-05-16.

$ pytest tests/ -v
collected 1814 items
...
tests/test_control_plane.py             52 passed
tests/test_post_foundation.py           16 passed
tests/test_geos_api.py                  21 passed
tests/test_code_work.py                 63 passed
tests/test_execution_context.py         40 passed
tests/test_integration.py               30 passed
tests/test_policy_dsl.py                28 passed
tests/test_tenant_isolation.py          31 passed
tests/test_cloud_attestation.py         17 passed
...
================ 1782 passed, 32 failed in 41.3s ================

Verified live: 1,782 of 1,814 pass (98.2%). 84% reduction in failures from the prior baseline of 1,755. Remaining 32 failures are integration tests against external cloud endpoints, scoped for separate work.

Licensing & SBIR Phase III Conversations Open

GE-OS is available under license and via sole-source.

Source-available licensing for defense primes, SBIR Phase III sole-source via Patent 8, hosted ControlPlane API for select infrastructure partners. All engagements under NDA, with reference architecture and engineering support.

License / SBIR Discussion → Technical Brief