GOVERNANCE // OVERVIEW

Governance

ostk is governed by signed documents, not by permissions dashboards. Trust is cryptographic. Enforcement is invisible.

GOVERNANCE_DOCUMENTS

HUMANFILE

Models, secrets, trust policy, pin defaults, operator identity

T0 only

ENTITYFILE

OS identity, key registry, fleet state, laws

T0 only (negotiate protocol)

.primefile

Root of trust, kernel version, signing authority, lineage

Kernel (dual-signed by T0)

Agentfile

Agent model, prompt, tools, limits, isolation, attestation

T0 or T1 (signed)

All governance files are protected by the modify-governance deny token. Agents at T1 or below are blocked from writing to them. → Capability Pins

Trust Tiers

Identity is determined by GPG cross-signatures. Four tiers from full governance to anonymous.

Full governance

Dual-signed. Can modify everything.

Write access

Cross-signed. Write source, not OS.

Read-only

GPG present, not cross-signed.

Anonymous

No GPG key. Read-only (writes blocked).

Full details: Trust Model

The Five Laws

01 The write path is invisible

02 Agents are ephemeral

03 Coordinate through the filesystem

04 Optimistic concurrency

05 Invisible infrastructure, always

Every feature proposal is tested against all five. No exceptions. → Five Laws

SIGNING_CHAIN

DEVELOPMENT

Commits signed by the developer's personal GPG key

RELEASE

Repository commit signed by the institutional key (@ostk.ai)

BINARY

Release binaries signed by the CI key (cross-signed by root)

VERIFICATION

Any user can verify any artifact against the public key

Source Availability & Open Source Transition

The ostk framework has transitioned to public repositories. All runtime elements — the daemon CLI (ostk), prompt cache (ostk-cache), and memory MCP server (ostk-recall) — are open-source under the GNU Affero General Public License v3.0 (AGPL-3.0).

The userspace client library (libostk) is licensed under the permissive MIT License to allow seamless programmatic integrations.