Why the operating system isn't enough
The operating system was designed on the assumption that humans wrote the code. Process isolation, file permissions, crash recovery, user-level access control — all of it built around the failure modes that human-written code produces.
AI-generated code breaks that assumption. It doesn't fail the way human code fails. It might produce output that looks correct but doesn't match intent. It might pass every test it was checked against and still violate constraints that were never tested. It might work today and behave differently tomorrow against the same input. The operating system has no defence against any of this.
Guardian sits above the OS and below the application, providing what the OS doesn't: intent isolation (not just process isolation), validated data flow (not just file permissions), verified reconstruction (not just crash recovery), behavioural trust (not just user-level access control).
Six-layer validation stack
- Schema validationStructural correctness of inputs and outputs.
- Value validationPermissible values within the schema's structure.
- System rules validationSystem-wide constraints that apply across all operations.
- Business rules validationDomain-specific rules defined by the deploying organisation.
- Intent complianceOutput matches the originating intent the module was specified against.
- Behavioural analysisBehaviour validated against historical baselines and expected patterns.
Every input checked at every layer. Every output checked before it leaves. Failures escalate to human review at the layer that catches them.
Self-describing messages as core primitive
From self-describing messages, execution, replication, replay, and distribution all derive. The execution log is simultaneously the audit trail, the backup, and the geo-distribution mechanism.
This is genuinely architectural rather than featural. The audit trail isn't a feature added to a working system — it's a property of correct architecture. The backup isn't a separate process — it's what the message log already is. Geo-distribution isn't a separate concern — it's message replication.
Framework Registry
Governs AI participation in the runtime — which AI services can be invoked, with what credentials, under what audit requirements. This is what makes "AI participation in production" auditable rather than opaque.
Triple Modular Redundancy for critical modules
Three independent implementations vote on the result. Trust is worst-case, never averaged. A high-confidence majority cannot offset a low-confidence dissenting path.
This is the discipline borrowed from safety-critical control systems: the worst component's confidence sets the result's confidence, not the best or average. For systems where failure isn't an option, this matters.
Continuous behavioural monitoring
Behaviour monitored against both original specification and historical baselines. Drift and tampering detected continuously, not at point-in-time audits. Slow deviation is as detectable as sudden break.
Most monitoring approaches detect outliers against current behaviour. Guardian also detects drift against historical baseline — the slow deviation pattern that point-in-time audits miss.
Progressive legacy migration
Existing systems can adopt Guardian incrementally rather than requiring full rewrite. Modules wrapped in Guardian's runtime gradually; legacy systems coexist with Guardian-managed systems during transition.
This matters because the alternative is "rewrite everything" which is rarely commercially viable. Progressive adoption makes Guardian's discipline accessible to organisations with substantial existing system investment.
Universal runtime
All AI-generated code runs under Guardian. Whether the code was built by Forge as part of a major customer engagement or generated thirty seconds ago in response to a Proxy module failure, it runs in the same enforcement environment with the same validation, monitoring, and audit guarantees. No exceptions.
This is the third architectural commitment that produces the platform's coherence. Forge generates; Guardian enforces; user-facing components delegate to Forge; all output runs under Guardian. Every AI-generated module in the platform passes through Guardian's runtime.
Status
In development. Architecture document exists; implementation in progress. Post-Guardian components (Wingman, Acumen, Lighthouse) depend on Guardian being mature enough to host their runtime.