🦅 ATLAS — The Governance Kernel for AI Agents


> v10.0.0 — KERNEL PROD • AGPL-3.0 License

ATLAS is a Ring-0 Governance Kernel for autonomous AI operations. It sits between an Agent and the World, strictly enforcing institutional policies, audit logging, and fail-close security boundaries.

ATLAS is not a wrapper. It is an immutable compliance hypervisor that panics and halts execution upon violation.

---

🏛️ Governance Status: PROD READY

As of Q1 2026, ATLAS v10 is fully hardened and certified for production.

| Component | Status | Guarantee |
|-----------|--------|-----------|
| Kernel | 🟢 Hardened | Fail-Close, Ring-Isolated |
| Execution | 🟢 Deterministic | Bit-for-bit Replay, Unforgeable Logs |
| Trust Root | 🟢 Sealed | Config Hashed at Boot, Signed by Sentinel |
| Sandbox | 🟢 Isolated | No Network, Mocked Time/Entropy |

👉 View Official Governance Reports (CAP)

---

🏗️ Architecture: The Ring Model

ATLAS employs a strictly layered "Ring" architecture to isolate decision-making from execution.

1. Ring-0 (The Kernel):
* The Constitution: Immutable invariants (Fail-Close).
* The Sentinel: Cryptographic authority (Ed25519 Signatures).
* The Log: Hash-chained, framed, atomic audit trails.
Nothing in Ring-0 can be bypassed.*

2. Ring-1 (The Bridge):
* Safe I/O handling.
* Policy translation.

3. Ring-2 (The Agent):
* LLM Cognition (Untrusted).
The Agent proposes actions; the Kernel approves or denies* them.

---

🛡️ Key Features

$3

If the Kernel cannot prove an action is safe and authorized, it STOPS. There are no warnings in PROD. There are no "soft fails".

$3

Every execution is mathematically deterministic.
* Seeding: Entropy is derived from SHA256(Input + Code).
* Time: Mocked and frozen relative to the seed.
* Audit: An auditor can replay the log and get the exact same result.

$3

Every high-risk action requires a Sentinel Signature.
* The Sentinel is an external authority (Policy Server / HSM).
* ATLAS verifies the signature against a local Trusted Key Registry.
* The Kernel refuses to boot if the Registry is missing or tampered.

$3

AURORA+ enables governed automation via Sentinel-signed delegation.
* Not a scheduler: Automation is delegated authority, not cron jobs.
* PROD-only: Completely blocked in DEV mode.
* Kernel-enforced: Frequency, cost, and scope limits enforced at Ring-0.
* Replay-verifiable: All executions are hash-chained and deterministic.

| Property | Guarantee |
|----------|-----------|
| Authority Source | Sentinel-signed grants |
| Frequency Limit | Kernel-enforced (INV-AUTO-FREQ-001) |
| Scope Limit | Panic on violation |
| Revocation | Snapshot at boot |

👉 AURORA+ User Guide • Technical Reports

---

� Modes: DEV vs PROD

ATLAS operates in two distinct modes. A DEV success does not guarantee PROD success.

| Feature | 🟡 DEV MODE | 🟢 PROD MODE |
| :--- | :--- | :--- |
| Enforcement | Advisory (Warn Log) | Fail-Close (Panic/Halt) |
| Sentinel | Optional / Bypassed | MANDATORY (Hard Dependency) |
| Hardware | Simulated | MANDATORY (TPM/HSM) |
| Config Integrity | Warn on Change | PANIC on Change |
| Symlinks | Allowed | PANIC (Security Violation) |
| Log Durability | Standard | Atomic / Fsync |

$3

* Role: Governance Hypervisor.
Behavior: Deny-by-Default. If the Kernel suspects anything* is wrong (network flake, config drift, bad signature), it halts execution immediately.
* Use Case: Live operations, high-value asset handling.

$3

* Role: Rapid Iteration Sandbox.
* Behavior: Permissive. Allows ATLAS_DEV_BYPASS to skip Sentinel, uses mock time/randomness, and tolerates config changes.
* Use Case: Unit testing, local debugging.

> CRITICAL: Never treat DEV mode as a security boundary. It is a velocity tool.

---

�📦 Documentation

All governance documentation is centralized in the Compliance Assurance Package (CAP).

* System Status: Operational health.
* PROD Certification: Detailed security guarantees.
* DEV vs PROD: Critical environment differences.
* Ops Runbook: Incident response and key handling.

---

🚀 Quick Start (DEV Mode)

> WARNING: DEV mode is for experimentation only. It bypasses critical security checks.

$3

``bash
npm install -g @atlasnomos/atlas
`

$3

`bash
atlas doctor
`

$3

`bash
atlas build "Analyze this codebase for security flaws"
``

---

📄 License

ATLAS is licensed under the GNU Affero General Public License v3.0.
* Commercial Use: Allowed.
* Modification: Allowed (must stay open source if networked).
* Distribution: Allowed.

See LICENSE for full terms.

---
ATLAS NOMOS — 2026. Authority. Governance. Control.