Skip to content

The governance doctrine

Promotion, not deployment.

Agents are not pushed to production. They are promoted through a governed gate a human owns — so every capability in the mesh is one someone chose to stand behind. That is the difference between a demo and a system you can run a business on.

I.

The gate is human.

Every agent release passes a human approval gate. Not a policy file, not a threshold — a named person who reviews the release and chooses to stand behind it. Accountability that can say no.

II.

The trail is complete.

A full audit trail across every action. Builds, approvals, promotions, calls — recorded and attributable. When an auditor asks what happened, the answer is a query, not a reconstruction.

III.

The boundary is the database.

Tenant isolation is enforced in the database, not the UI. A boundary that lives in the interface is a suggestion; a boundary the data layer refuses to cross is a guarantee.

IV.

Production is one-way.

A one-way promotion from build to production — immutable and attributable. What was approved is exactly what runs; nothing edits production in place. Rolling back means promoting the previous approved release, never editing the live one.

V.

Capabilities are promoted too.

The same gate governs models. In Cognition Factory, a cognition earns its place in the mesh by passing the Model Breach — checksum, license, provenance, a real load probe. Cognitions are promoted, not shipped.

one cognition → a live node

VI.

Credit is governance.

We credit our tools by name — human, AI, and open source alike — because a company that hides how it works is a company asking you to trust it blind. How this was built →

For domain experts who are accountable for what their software does — build an agent your auditors would approve.