Platform architecture

OmegaOS™

Sovereign decision platform. OmegaOS Kernel is the deterministic runtime inside it.

Whitepaper Technical Artifact

System scope and public invariants.

Platform layer Deployment framing, operator control, replay, verification, and governance surfaces.

Kernel runtime Evidence evaluation against versioned policy with ALLOW, DENY, and INDETERMINATE outcomes.

Record model Decision records bound to evidence references, policy version, and execution context.

Deployment model Overlay deployment with Observe, Shadow, and Enforce progression.

Platform Scope

OmegaOS is the platform. OmegaOS Kernel is the runtime inside it. Collapsing the two makes the product smaller than it is.

OmegaOS

The platform layer. It frames deployment, operator boundary, replay, proof packaging, and public verification surfaces.

OmegaOS Kernel

The deterministic runtime inside OmegaOS. It resolves recorded evidence against versioned policy and emits ALLOW, DENY, or INDETERMINATE.

Decision Record

The persisted output of evaluation, linked to evidence references, policy version, and execution context so the result remains reviewable.

Layered System

Interfaces at the boundary. Deterministic evaluation and recorded history in the center. Governance and review around them.

Operator and review surfaces Operator workspace, external review, exported artifacts, and bounded verification paths.

Interface boundary Authentication, validation, routing, and controlled system ingress.

Deterministic evaluation core Resolution path, recorded context, append-only history, and operator isolation.

Governance and review services Deployment control, replay, monitoring, reporting, and review packaging.

Operating Model

The platform separates concerns along trust boundaries. Each boundary owns a defined scope and delegates nothing outside it.

Deterministic core

The narrow trust boundary where evaluation happens. Evidence enters, policy applies, a recorded decision exits. The core owns determinism, integrity binding, and append-only history.

Operator boundary

Everything outside the deterministic core remains operator-controlled. Deployment mode, policy versioning, environment scope, and access configuration stay under institutional authority.

Review surfaces

Replay, exported artifacts, lineage, and audit packaging exist so that decisions can be challenged, verified, and reported from recorded material rather than from system memory.

Public Invariants

These invariants should remain stable across the site, the codebase, and future technical review.

Invariant	Meaning	Primary public surface
I is primitive	ALLOW and DENY appear only as outputs of evaluation. Uncertainty remains explicit.	Technical Artifact
Append-only history	Decision records and associated proofs exist for review, replay, and challenge rather than retrospective rewrite.	Product / Verify Offline
Determinism	A fixed evidence set and fixed policy version must reproduce the same result.	Technical Artifact / Performance
Tenant isolation	Storage and review paths preserve operator boundaries.	Security
Human-in-the-loop	The system produces decisions and artifacts. It does not execute irreversible external actions.	Integration / Non-Goals

Primary Flows

How the platform behaves, not only what it claims.

Flow	What happens	Why it matters
Resolve	Evidence enters with a policy version. OmegaOS Kernel evaluates it and records the resulting decision state.	The decision becomes attributable instead of anecdotal.
Replay	Historical records are replayed against recorded inputs or alternative policy for review and counterfactual analysis.	A review can challenge the original result with the same material.
Verify export	Exported artifacts remain bound to integrity checks so verification can happen outside the live system.	External review does not require trust in a remote control plane.
Monitor and package	Distribution, drift, incidents, lineage, BOM, and audit sections can be assembled from recorded system history.	Institutional review works from artifacts, not memory.