Safety Kernel

Every action evaluated.

The policy decision point for every operation. No job executes without a decision record.

Decision Types

Predictable outcomes.

The Safety Kernel evaluates context against policy and returns one of four decisions.

ALLOW

Job proceeds immediately. Decision logged to audit trail.

DENY

Job rejected. Reason logged. Dead Letter Queue entry created.

REQUIRE_APPROVAL

Job paused. Notification sent. Waits for human review.

ALLOW_WITH_CONSTRAINTS

Job runs with attached limits (budget, retries, paths).

Features

Policy-as-code for SecOps.

Simulate changes before they go live. Explain decisions to auditors. Roll back instantly.

Policy bundles with versioned snapshots

Evaluate, explain, and simulate endpoints

Approvals bound to snapshot and job hash

Constraint enforcement (budgets, egress)

Bundle fragments from packs

MCP allow/deny via labels

Decision recorded with reason

Last-known-good rollback

safety-policy.yaml

tenants:
  acme-corp:
    allow_topics:
      - "job.incident-enricher.*"
    deny_topics:
      - "sys.*"
    
    rules:
      # Require approval for prod writes
      - match:
          risk_tags: ["prod", "write"]
        decision: REQUIRE_APPROVAL
        
      # Constrain patch capabilities
      - match:
          capability: "*.patch.*"
        decision: ALLOW_WITH_CONSTRAINTS
        constraints:
          max_lines_changed: 500
          deny_paths: 
            - "/etc/*" 
            - "/var/secrets/*"