The governance stack: advisory rules at the base, deterministic enforcement in the middle, validated knowledge at the top
AWACS OS gives your engineering team AI agents with runtime enforcement, validated operational knowledge, and operations that compound with every session. No faith required.
An AI agent modified sshd_config on a production node and locked out SSH access for hours. Vendor docs said to use CiTool to deploy a security policy — the orchestrator silently deleted it within 90 minutes. A backup alert system auto-created so many tickets that the NOC team demanded it be shut off in a week.
Every failure had the same root cause. The AI operated on instructions, not constraints. Instructions are suggestions. Constraints are gates. AWACS OS builds the gates.
Runtime hooks intercept tool calls before execution. The agent cannot write to the knowledge base without a validated command log, a passed admission gate, and a recorded decision. Exit code 2 blocks the action. Not a warning. A wall.
Every knowledge base entry was produced by running a command and observing the output. Not copied from docs. Not inferred from training data. Three trust tiers separate executed truth (Class A) from vendor docs (B) and community content (C). They never mix.
The gotcha your team discovered at 2 AM becomes a Class A entry that prevents the same incident next week. Knowledge carries trust state that degrades when environments change. The system knows when its own knowledge is stale.
The governance stack: advisory rules at the base, deterministic enforcement in the middle, validated knowledge at the top
Seven steps from command execution to validated knowledge. Each step is enforced at runtime. Skipping a step is not possible — the system blocks it.
Command runs. Output is captured with sha256 hash for tamper detection. The command log is the source of truth.
The analyzer must articulate intent, expected output, actual output, and match quality. Structured reflection before admission.
Five questions. All must pass. Was it executed? Is it reusable? Is it structured? Is it worth remembering? Reject is permanent.
Only after an explicit admit decision. The hook checks the decisions log before allowing the write. The AI cannot decide to skip the gate.
Knowledge trust pipeline: community sources never promote to execution-validated truth without passing through the execution chain
These outcomes are from running AWACS OS on live infrastructure. Not simulations. See the raw evidence in The Lab →
100+ daily backup alerts across Rubrik-protected VMs. Engineers had stopped reading them. Genuine failures were buried in noise and went unaddressed until users reported data loss.
Zero manual triage. Transient failures filtered. Persistent issues routed to ServiceNow automatically.
Read the case studyAn AI agent restricted sshd to IPv4 on an Arc-connected node. Arc SSH uses IPv6. The node became unreachable for hours. No out-of-band recovery without a support ticket.
AWACS captured it as anti-pattern entry G-001. Prevented recurrence in every subsequent session.
Read the case studyVendor documentation said to use CiTool.exe to deploy WDAC supplemental policies. That works on standalone Windows Server. On Azure Local, the HCI Orchestrator silently deletes it within 90 minutes.
AWACS captured the correct path. Stored in Class A with trust state tracking and revalidation triggers.
Read the case studyHook runtime (Python) not found in subprocess environment. Hooks exit with code 127. Claude Code treats exit 127 as non-blocking — the tool call proceeds. All enforcement silently bypassed.
Pre-flight check verifies enforcement is active before every session. 28+ checks. All must pass. No hooks = no pipeline.
Read the write chain specThe AWACS pipeline runs on a cron trigger and updates its own status page. This is not manually maintained. The AI writes it.
You manage Azure, on-prem HCI clusters, backup systems, and a growing stack of vendor APIs. You need your AI tooling to remember what actually works in your environment — not what the docs say should work.
You are standardizing how your org uses AI agents. You need guardrails that are mechanical, not behavioral. AWACS gives you an enforcement model you can audit: every hook is a script, every gate decision is logged, every entry has a provenance chain.
Your team keeps hitting the same gotchas. The fix exists in someone's head or a Slack thread from six months ago. AWACS captures those fixes as structured, searchable knowledge — so the org learns permanently, not per-person.
The trust tiers, write chain, and enforcement architecture are documented on GitHub. Building it for your stack — with your vendors, your APIs, your compliance requirements — is what we do.