AI Operating System Architecture

Not a collection of tools. An operating system.

WHL OS is the governed AI execution stack. Every task that enters the system is classified, routed through policy, assigned to the right executor, verified, and receipted into a tamper-evident audit chain. Nothing important happens unless it is allowed, routed, checked, and receipted. This is OS behavior, not application-layer guardrails.

7
Execution Layers
Fail-Closed
Default By Design
HMAC
Hash-Chained Receipts
Silicon
Hardware Enforcement Floor
The Stack

Seven layers. One governed path from request to receipt.

Each layer enforces governance at a different point in the execution path. A task cannot skip a layer. It traverses the stack, accumulates evidence, and either exits as a receipted action or is denied and logged. The hardware floor beneath the software stack means no software override can defeat the governance policy.

Hardware
Floor
Hardware & Physics Enforcement
Silicon owns the final enable line. The FPGA interlock sits below the software stack, software proposes, silicon decides. Physics-layer governance for wireless power. No software exploit can bypass this floor.
Kernel
/ OS
GE-OS, Governed Execution OS
The trust layer. 12-stage mandatory execution pipeline with fail-closed defaults, identity and attestation, receipt chain integrity, and policy precedence rules. 1,782 tests pass. Governance moves beneath the app layer, not bolted on top.
Compiler
Codex Sovereign, Command Compiler
One source compiles to six targets: FPGA frame, JSON workflow, Python call, mesh radio frame, REST endpoint, state-machine transition. Authorization is built into compilation itself, unapproved targets cannot be emitted.
Runtime
Governor
Cascade, The Glue That Makes The OS Work
The process supervisor and policy dispatcher. Every task is classified, routed through the right domain pack, assigned to the cheapest safe executor, verified against a 10-gate predicate, executed, and receipted. Every successful call trains the deterministic layer, inference cost decays toward zero. This is the layer that makes every other layer coherent.
SDK /
Packs
Supervision Pack SDK, Domain Rulebooks
The way new domains plug in. Each supervision pack declares what actions it may perform, what policy applies, what roles own which tasks, and what receipts must be written. Like app permission manifests, but for AI/workflow governance. Add a new domain without touching the system.
Executors
Executors, The Workers Cascade Governs
The programs, models, and tools that do actual work. Cascade does not replace them, it governs them. Local LLM, frontier model, CLI tool, domain-specific engine, each is assigned tasks only the routing policy allows. Cheap paths run first; expensive paths run only when necessary.
Receipts
& Audit
Receipts, Audit & Compliance Surface
Every action, including denials, is written into a hash-chained, append-only receipt ledger. The audit trail is the OS log. Compliance evidence, anomaly detection, alert routing, and the operator console sit on top of this chain. You cannot have governance without the record.
Why OS, Not Tools

Normal automation says "when X, do Y." WHL OS is different.

Normal automation

  • When X happens, do Y
  • One policy per workflow, hard-coded
  • Audit is a separate logging system
  • Governance bolted on at the application layer
  • No hardware floor, software can override itself
  • Cost scales linearly with usage forever
  • New domain = new codebase

WHL OS

  • When X happens: identify domain, apply policy, assign roles, check machine state, choose cheapest safe executor, require approval if risk is high, execute only if allowed, write proof, update state from outcome
  • Policy is a first-class object, swappable per domain, versioned, hash-signed
  • Receipt chain IS the audit, not a separate system
  • Governance enforced at kernel, compiler, runtime, and silicon simultaneously
  • Hardware floor beneath software, FPGA owns the final enable line
  • Cost decays toward zero, each LLM call trains the deterministic layer
  • New domain = new supervision pack, runtime unchanged
What A Task Looks Like

From request to receipt, every step governed.

Every task traverses the same path. The path is the OS. The receipt at the end is the proof the path ran correctly.

1
Task arrives
Request enters Cascade, text, API call, event trigger. Identity is established. The request is not yet trusted.
2
Domain classified
Cascade identifies which supervision pack owns this task, coding, compliance, capital, research, compute, or custom domain.
3
Policy applied
The pack's policy rulebook is checked. Roles assigned. Destructive actions flagged. Approval requirements evaluated. Human-in-the-loop threshold checked.
4
10-gate predicate evaluated
Size, safety, jailbreak, credentials, tier, entropy, budget, authorization, coherence, policy, all 10 gates must pass. Any single failure blocks execution. Weakest gate is surfaced for the operator.
5
Executor selected
Cheapest safe executor runs first, deterministic cache, then local model, then CLI, then frontier LLM. Cost decays as the deterministic cache grows.
6
Output verified
Generated output is graded before delivery. Smoke gate catches semantic bugs. If grade fails, the router escalates automatically, the output is never delivered unverified.
7
Receipt written
A hash-chained, HMAC-signed receipt is appended to the audit ledger. Denials are receipted too. The receipt is the system log, the proof the governed path ran.
8
Pattern cached
Successful outputs are cached at the deterministic layer. Next time this task type arrives, it routes from cache, no LLM call, no cost. Margin compounds automatically.
The Full Picture

Every product is a slot in the OS. None of them make sense in isolation.

A prospect who reads product pages sees tools. A prospect who reads this page sees a system. The products are the executors and surface layers. The platform is the kernel and compiler. Cascade is the system governor. The receipts are the OS logs. It is one architecture, not a portfolio of independent bets.

For CTOs

This is the governed AI execution infrastructure your team does not have time to build from scratch. The kernel, the compiler, the system, and the hardware floor are already built and patent-protected. You adopt the stack; you do not rebuild it.

For GRC & Compliance

The receipt chain is not a log export, it is the primary audit artifact. Every gate decision, every denial, every override is written into the chain before any output is delivered. The compliance evidence exists before the auditor asks for it.

For Federal / Defense

Hardware-enforced governance with formal proofs. No software override can defeat the silicon floor. SBIR Phase III transition pathway open for the OS and FPGA layers. Source-available licensing available under NDA.

Architecture Briefings Available

See the whole system, not just the products.

Architecture briefings cover the full OS stack, kernel, compiler, runtime governor, domain packs, executors, hardware floor, and receipt chain. Bring your CTO, your GRC officer, or your federal program manager.