Architecture
System Overview
HestiaOS uses a governance-kernel model where all agent actions must pass through explicit decision boundaries before producing external side effects.
User / Operator
|
v
Intent / Proposal
|
v
Policy Decision
|
v
DecisionTrace
|
v
Approval Gate
|
v
ExecutionCommit
|
v
Side Effect / External SystemThis flow is not optional — every path that produces a side effect must go through the governance boundary.
Governance Kernel Boundary
The Governance Kernel sits between intent and execution. It enforces the following invariants:
- Every intent is registered before processing
- Every intent is evaluated against explicit policy rules
- Every evaluation produces a DecisionTrace — a structured, replayable artifact
- No external side effect occurs without a valid ExecutionCommit
- Every ExecutionCommit is linked to a DecisionTrace
Evidence Flow
Intent Registry
|
v
Policy Evaluation
|
v
DecisionTrace (immutable)
|
v
Causal Bridge
|
v
Public Evidence ArtifactEvidence is generated at each stage. Public evidence (this site) is a sanitized subset of the internal audit store.
Agent Proposal Flow
- Proposal Created — Agent or operator submits an intent
- Policy Check — Kernel evaluates against active policy rules
- Decision Recorded — DecisionTrace is written (always, even for rejections)
- Gate Check — If approved, requires ExecutionCommit for side effects
- Execution Logged — Side effect is recorded with causal link to DecisionTrace
Execution Commit Boundary
The ExecutionCommit is the critical boundary in the system:
- Without ExecutionCommit → no external side effect is permitted
- With valid ExecutionCommit → side effect proceeds under governance
- Read-only operations may be approved without ExecutionCommit
This means even a fully approved intent cannot produce side effects without explicitly crossing this boundary — and that crossing is always recorded.
Public vs Private Components
Public Layer
| Component | Visibility |
|---|---|
| Architecture overview | Public |
| Benchmark summaries | Public (redacted) |
| Synthetic traces | Public |
| Demo screenshots | Public (sanitized) |
| This website | Public |
| Public repositories | Public |
Private Layer
| Component | Visibility |
|---|---|
| Governance kernel runtime | Private |
| Private repositories | Private |
| OpenProject MCP | Private |
| Nextcloud instance | Private |
| Local agents | Private |
| Credentials & keys | Private |
| Internal audit store | Private |
| Production infrastructure | Private |
The public layer is deliberately narrow. What is shown here represents the contracted boundary — what HestiaOS commits to producing as evidence, not what it uses internally to produce it.