Platform Architecture
The three-layer governance operating system. Two-plane doctrine, component map, and the Assurance Feedback Loop.
ObsidianWall is a governance operating system built around three layers that together implement Programmable Assurance.
The Three Layers
A governance engine answers one question: did policy pass?
A governance operating system answers five:
What happened? Layer 1 — Governance Execution
Why? Layer 1 + Layer 2
Who owns it? Layer 3 — Governance Accountability
What does it cost? Layer 2 — Governance Intelligence
What should change? Layer 2 feeds back into Layer 1
Layer 1 — Governance Execution
What should happen? What happened?
Verdict and Sentinel live here. These components enforce and observe. Outputs are deterministic and attributable. No AI in the decision path.
Layer 2 — Governance Intelligence
What does it mean? What does it cost?
Compass, Governance Intelligence, and Governance Economics live here. These components analyze, translate, and advise. Outputs inform decisions but never make them.
Layer 3 — Governance Accountability
Who owns the outcome?
The Risk Ledger, attestation systems, and exception management live here. Every acceptance, override, and refusal is named, dated, and immutable.
The Two-Plane Doctrine
Every component belongs to one of two planes. The boundary between them is the most important architectural decision in the platform.
PROBABILISTIC INTELLIGENCE PLANE
─────────────────────────────────
Advises. Analyzes. Recommends.
Translates. Learns. Estimates.
AI operates freely here.
Outputs inform decisions.
Outputs never make decisions.
Compass, Analyzers, Recommender,
Governance Economics, Explainability,
Forge (intent and translation layer)
↓
HUMAN APPROVAL GATE
The plane boundary
↓
DETERMINISTIC GOVERNANCE PLANE
─────────────────────────────────
Enforces. Records. Attributes.
Blocks. Authorizes. Proves.
AI may NOT govern here.
Every decision is deterministic.
Every decision is attributable.
Every decision is reproducible.
Verdict, Sentinel, Risk Ledger,
Audit Artifact,
Forge (compiled policy output)
Why this boundary exists:
When a deployment is blocked and a CISO must explain to a board why, the answer must be:
“This policy, written by this person, on this date, blocked this deployment because this condition failed.”
Not: “The AI decided this was too risky.”
The first answer is defensible in a regulatory audit, a boardroom, and a courtroom. The second is not.
The Components
Forge — Both Planes
The governance authoring engine. The only component that deliberately crosses the plane boundary.
- Intelligence Plane: AI assists in drafting policy conditions from leadership intent
- Human Approval Gate: Human reviews, approves, and commits
- Governance Plane: Compiled policy lives here — deterministic, versioned, signed
The human is the bridge between planes. This is not a workflow detail. It is the architectural guarantee that every policy in ObsidianWall can be attributed to a human author who consciously approved it.
Verdict — Deterministic Plane
Pre-deployment governance decision engine. Reads a Terraform plan or CloudFormation template, evaluates it against a policy, and produces one of five typed governance decisions before deployment executes.
ALLOW
ALLOW_WITH_NOTIFICATION
ALLOW_WITH_APPROVAL_REQUIRED
DENY_WITH_OVERRIDE
DENY
Sentinel — Deterministic Plane
Post-deployment reality observation. Verifies that what actually deployed stayed aligned with what the governance decision authorized. Detects drift. Surfaces divergence.
Compass — Intelligence Plane
Governance intelligence and economics. Analyzes outcomes across decisions. Identifies override patterns, coverage gaps, and policy drift. Translates findings into financial exposure. Closes the Assurance Feedback Loop.
Risk Ledger — Deterministic Plane
Cryptographically signed, tamper-evident record of every governance decision, override, and risk acceptance. When leadership accepts a governance risk, that acceptance is named, dated, signed, and immutable.
The Governance Loop
Leadership articulates intent
↓
FORGE — Intelligence Plane
AI assists drafting
↓
Human approves at the boundary
↓
FORGE — Governance Plane
Policy compiled, versioned, signed
↓
VERDICT
Every infrastructure change evaluated
Governance decision produced
↓
SENTINEL
Reality observed post-deployment
Drift detected and recorded
↓
RISK LEDGER
Every decision, override, and
risk acceptance attributed and sealed
↓
COMPASS + INTELLIGENCE
Outcomes analyzed
Gaps identified
Misalignment surfaced
↓
ECONOMICS
Financial translation for every audience
↓
Feedback into FORGE
Intent refined. Loop closes.
Multi-Audience Delivery
One governance event. Every stakeholder. Their native language.
| Audience | What they see |
|---|---|
| Developer | Exit code 1. DENY — budget_check failed. |
| Budget Owner | Deployment exceeds budget by $50. Override requires authorization. |
| CISO | Decision ID: abc3a13b. Audit artifact generated. Override path: budget_owner. |
| Board | Infrastructure change blocked. Governance control active. No exposure created. |
| Auditor | Complete artifact. Policy, version, owner, decision, trace, timestamp. |
Current State
| Component | Status |
|---|---|
| Verdict v0.5.0 | Shipped — evaluate, coverage, simulate, sentinel, validate, test, audit |
| Sentinel (plan-level) | Shipped in v0.5.0 |
| Sentinel (cloud APIs) | v0.6.0 — Azure RM + AWS CloudTrail |
| Risk Ledger | Architecture in v0.6.0 |
| Compass Alpha | Q4 2026 |
| Forge Alpha | 2027 |
Full vocabulary reference: Programmable Assurance Vocabulary