Public demonstrator version: 0.1.1
AOS Kernel is a model-agnostic decision-evidence kernel. It converts bounded signals into deterministic operational decisions with replayable evidence. Decision-time evidence is the current claim; runtime assurance is the direction, not a shipped capability.
signal -> policy -> PASS / WARN / BLOCK -> JSONL record -> SHA-256 hash
This repository is the curated public kernel release surface. It contains the reference kernel, a minimal CLI, Trusted Output v0, Lean proof surface, contract tests, and compact evidence examples needed to inspect the public demonstrator.
Workflow products built on top of the kernel live separately, for example RafineriaAI/aos-workflow-gate.
After v0.1.1, this repository is in scope-locked maintenance mode. See
docs/MAINTENANCE_POLICY.md.
AOS does not replace scanners, guardrails, reviewers, operators, or final decision-makers. It sits after upstream tools and before downstream workflow use.
scanner / CI / evaluation signal -> AOS Kernel -> decision + evidence
| Kernel capability | Public artifact |
|---|---|
| Deterministic PASS/WARN/BLOCK decision | core/aos_public_core.py |
| Replayable evidence packet | build_signal_evidence() and tests |
| Integrity anchor | SHA-256 digests in evidence and Trusted Output v0 |
| Tamper detection | verify_signal_evidence() and aos trust verify |
| Abstract formal surface | lean/AOSPublicCore.lean |
| Publication boundary | SCOPE_OF_PROOF.md, COMMERCIAL_BOUNDARY.md |
A scanner, eval, or CI job can produce a bounded signal that needs a repeatable
handoff decision before downstream workflow use. AOS Kernel does not decide that
an artifact is safe. It turns the bounded signal into a deterministic
PASS / WARN / BLOCK decision and a replayable evidence record.
The practical aha moment: later reviewers can inspect the exact input digest, policy id, decision, and wrapper verification status instead of reconstructing a one-off CI judgment from logs.
python -m pip install -e .[dev]
aos demo --output-dir .tmp/aos-demoExpected output:
AOS demo completed.
Verdict: WARN
Decision: REVIEW_REQUIRED
Signals: 1
Evidence: .tmp/aos-demo/check-record.jsonl
Summary: .tmp/aos-demo/check-summary.md
Verify the unsigned Trusted Output wrapper:
aos trust emit \
--record .tmp/aos-demo/check-record.jsonl \
--output .tmp/aos-demo/trusted-output.json
aos trust verify \
--input .tmp/aos-demo/trusted-output.json \
--record .tmp/aos-demo/check-record.jsonlCurrent public verification status:
signature_status: UNSIGNED_NOT_OFFICIAL
official_aos_output: false
That is expected. Public Trusted Output v0 is structure-checkable and record-checkable, but not an official signed RafineriaAI/AOS verdict.
python tools/run_validation_gate.py --standard --skip-installThe standard gate runs formatting/lint checks, type checks, tests, integrity verification, and the public Lean surface build when Lean is available.
For release-surface audit precheck:
python tools/audit_precheck.pyThe public kernel demonstrates that a bounded input can be converted into a stable decision and replayable evidence record, and that tampering with the record or wrapper is detectable by the included verifiers.
It does not prove production readiness, clinical or regulated-use readiness, security of a target repository, absence of vulnerabilities, compliance, SLA, commercial ROI, or Python-Lean refinement correctness.
RafineriaAI is the publishing brand and ownership boundary. AOS is the kernel. Products are concrete applications built on top of that kernel.
This repository is source-available and proprietary. It intentionally excludes private production policies, calibration logic, enterprise integrations, signing keys, deployment hardening, customer workflows, and commercial scoring.
| Path | Purpose |
|---|---|
core/ |
Reference kernel implementation |
aos_cli/ |
Minimal CLI and Trusted Output v0 utilities |
lean/ |
Abstract public formal surface |
tests/ |
Contract and tamper-detection tests |
examples/reports/ |
Sanitized replay example |
tools/run_validation_gate.py |
Canonical local validation entrypoint |
tools/audit_precheck.py |
Release-surface audit precheck |
evidence/integrity_manifest.json |
Public integrity manifest |
This repository is published under a proprietary demonstrator notice. Viewing the repository does not grant rights to copy, modify, distribute, host, commercialize, or create derivative works without written permission.