GE-OS is a Governed Execution Operating System: a 12-stage mandatory pipeline through which every action, human, agent, or autonomous, must pass before any resource is dispatched. ControlPlane, HardwareBridge, PolicyDSL, TenantIsolation, attestation chain, and cross-repo coherence are all enforced deterministically, not advisorily.
GE-OS treats AI output as a proposal, never an execution. Each proposal travels through a 12-stage ControlPlane pipeline, carries an ExecutionContext capsule end-to-end, and is sealed into the receipt chain at the moment of dispatch. The pipeline is mandatory; there is no fast path, no override, no advisory mode.
A 12-stage MANDATORY pipeline with an ExecutionContext capsule that follows every proposal from intake to dispatch. State, identity, policy, and provenance travel as one immutable record. 52 ControlPlane tests + 40 ExecutionContext tests verify invariants.
3-gate authorization plus FPGA UART hand-off into the DECC hardware interlock. PolicyDSL expresses governance declaratively, YAML lint, diff, apply, and rollback, so policy changes are reviewable and reversible like code.
TenantIsolationLayer enforces identity, rate, and quarantine boundaries per tenant. TenantFabric provides hard multi-tenant isolation, a misbehaving or compromised tenant cannot leak signal, capacity, or attestation state into any other.
CloudAttestationChain emits an HMAC receipt chain. AssuranceEnvelopeManager seals HMAC proof snapshots as a deployment gate. ReleaseCoherenceBundle verifies cross-repo state. PipelineProver runs 8 invariant probes. EdgeAttestation closes the cloud-edge loop.
GE-OS ships as a FastAPI service with 15 endpoints, an OpenAPI 3.1 spec covering 13 paths, three first-party governance policies, and a Docker Compose stack. It is the system layer beneath every WHL product and the licensable substrate beneath partner stacks.
propose, tenants CRUD, health, pipeline proof/recent, policies CRUD, attestation, envelope + history, metrics, proof, manifest, every integration is reviewable, replayable, and audit-grade.
strict_default for production, research for high-tolerance experimentation, defense for hardened, attestation-mandatory deployments. Custom policies authored in PolicyDSL and version-controlled like code.
Continuous proof that the pipeline is whole: no stage skipped, no policy bypassed, no receipt missing, no envelope unsealed. Failures are immediate, loud, and gate the next dispatch.
Most "AI governance" sits above the model, advising. GE-OS sits beneath the action, deciding. The 12-stage pipeline, attestation chain, and tenant fabric are protected by Patent 8 (Governed Execution OS, filed) and form an SBIR Phase III sole-source transition lane for U.S. defense programs.
SBIR Phase III sole-source pathway via Patent 8. Defense governance policy ships in-box. Attestation chain and EdgeAttestation are designed for FPGA-anchored, air-gappable deployments. Reference architecture and source-available licensing under NDA.
A licensable AI operating substrate with measurable test coverage, an OpenAPI surface, and three production policy profiles. Run it under your AI stack, your robotics stack, your custody stack, same pipeline, same receipts, same proofs.
Full GE-OS pytest run, 2026-05-16.
$ pytest tests/ -v
collected 1814 items
...
tests/test_control_plane.py 52 passed
tests/test_post_foundation.py 16 passed
tests/test_geos_api.py 21 passed
tests/test_code_work.py 63 passed
tests/test_execution_context.py 40 passed
tests/test_integration.py 30 passed
tests/test_policy_dsl.py 28 passed
tests/test_tenant_isolation.py 31 passed
tests/test_cloud_attestation.py 17 passed
...
================ 1782 passed, 32 failed in 41.3s ================
Verified live: 1,782 of 1,814 pass (98.2%). ~84% reduction in failure count versus the prior 1,755-test build. Remaining 32 failures are integration tests against external cloud endpoints, scoped for separate work.
Source-available licensing for defense primes, SBIR Phase III sole-source via Patent 8, hosted ControlPlane API for select infrastructure partners. All engagements under NDA, with reference architecture and engineering support.