KAiM — Audit-first AI governance framework

The five sacred lines

Non-crossable boundaries that survive every product decision, every commercial pressure, every architectural pivot. Each line is enforced structurally — in compile-time checks, IAM gates, and type-system constraints — not by policy.

Line 01

AI proposes, deterministic evaluators enforce.

LLM-driven agents may propose meaning, classifications, charter content, or routing recommendations. They may not directly govern runtime enforcement decisions. The Codex Engine compiler refuses to accept LLM output as authoritative input without explicit promotion through deterministic review.

Line 02

Herb Brain declares meaning. Helm enforces it.

Semantic memory authority (vocabulary, charters, provenance) is structurally separated from runtime enforcement. Neither side can collapse into the other. Provenance is preserved across the boundary.

Line 03

We don't promise not to surveil — we built it so we can't.

The Codex Engine intermediate representation refuses to compile rules that emit per-individual scores, classifications, or rankings. This is structural prohibition, not policy. KAiM cannot be used for employee surveillance because the architecture forbids it.

Line 04

No shadow agents.

Every deployed agent has a Charter — a typed contract with a named accountable business owner, declared kill switch, declared blast radius, HITL checkpoints, and sunset criteria. The build pipeline structurally rejects any agent submission lacking a valid Charter reference.

Line 05

No permanent decisions.

Every Charter, canonical term, governance rule, and architectural commitment carries an expires_review_at date. Re-review is continuous discipline, not a one-time event. Nothing is allowed to silently rot.

The four functional cells

Each cell does one job and writes to a shared substrate the next cell reads. No cell holds another's authoritative state. The boundary is the architecture.

       Business owner
            │
            ▼
    ┌─────────────────┐    ┌──────────┐    ┌─────────────┐    ┌──────────┐
    │  Atelier Cell   │───▶│  Forge   │───▶│ Bot Village │───▶│ Cobbler  │
    │  design+charter │    │  build   │    │  registry   │    │ maintain │
    └────────┬────────┘    └──────────┘    └──────┬──────┘    └────┬─────┘
             │                                     │                 │
             │ binds terms                         │ runtime         │ drift/sunset
             ▼                                     ▼                 ▼
    ┌──────────────────────┐              ┌─────────────────┐
    │ Lexicographer Cell   │◀────────────▶│ Forensics Cell  │
    │ Helm Meaning Layer   │   signals    │ continuous int. │
    └──────────────────────┘              └────────┬────────┘
                                                    │
                                                    │ proposals (typed)
                                                    ▼
                                          ┌─────────────────┐
                                          │  Codex Engine   │
                                          │ rules + IR + AI │
                                          └────────┬────────┘
                                                    │
                                                    ▼
                                          ┌─────────────────┐
                                          │  Helm Runtime   │
                                          │   enforcement   │
                                          └─────────────────┘

Cell 1 · Helm Meaning Layer

Lexicographer

Builds and governs the enterprise's canonical vocabulary, ontology, and taxonomy. Source of truth for both agent context and data-lake classification. Five agents, three load-bearing separations, four-level provenance.

Live

Cell 2 · Helm Studio

Atelier

Front-of-house Agent Factory. Takes a business owner from vision to signed Charter through phase-disciplined facilitation. The Critic stress-tests every Charter against ten documented enterprise-AI failure modes before publication.

Architecture complete

Cell 3 · Helm Codex

Codex Engine

Rules layer with twelve KAiM-native governance primitives: tier elevation, blast-radius, lexicon binding, expires-review-at, dissent flow. Compiles to mature substrates (CEL design-time, Cedar runtime). IR-first; no custom DSL.

ADR-001 Proposed

Cell 4 · Helm Forensics

Forensics

Continuous integrity layer. Aggregates drift, slop, and behavior signals from the other cells. Root-cause inference is typed as PROPOSAL — never FINDING. Corrective actions route through Codex compilation and Helm enforcement.

Intake brief drafted

Bot Village (registry), Forge (build), Cobbler (maintenance), and Helm Runtime (governance control plane) complete the operating topology.

The Charter contract

Every deployed agent has a Charter — the typed contract that crosses Atelier → Forge → Bot Village registry → Cobbler maintenance. No Charter, no deployment. This is the structural enforcement of "no shadow agents."

The Charter is what 95% of failed GenAI pilots in 2025 did not have. It carries seventeen required fields including:

Named accountable business owner (personal email, countersigned) — single biggest predictor of production conversion per Accenture/Wharton 2026 research
Measurable outcome KPI with baseline, target, and acceptable error rate — addresses the 41% of failures that trace to unclear success criteria
Declared kill switch with soft-pause, hard-stop, scoped-block, and rollback plan — enforcement surface must be external to the agent itself
Blast-radius declaration — access scope × action velocity × detection window; auto-elevation to T:0 for customer PII, financial, HR, or legal-relevant data
HITL checkpoints — EU AI Act Article 14 compliance as a structural property, not a policy assertion
Lexicon binding — every term the agent operates on must be a canonical term in the Helm Meaning Layer
Sunset criteria — quantified triggers for when the agent retires; sprawl prevention by design

The Critic — an adversarial agent — stress-tests every Charter against these ten documented failure modes before Provost gate. Override requires T:3 + T:0 co-sign with immutable rationale log.

Use-case walkthroughs

The framework applied to specific operational scenarios. Each walkthrough demonstrates the same audit-first discipline against a different vertical or function.

Insurance · Property & Casualty

Helm for Insurance Case Management

Six-stage claim workflow with Helm governance attached at every agent decision. Operator and examiner views, tier coordination, deterministic agent communication bus, GRC framework linkage. Demonstrates CEI, data-quality, bias, HITL, provenance, and audit chain on every privileged action.

Interactive demo · synthetic P&C scenarios · operator + examiner views

Cross-vertical · Vocabulary & Lexicon

Helm Meaning Layer

Enterprise vocabulary governance. Turn organizational language into testable controls. Material-incident walkthrough shows how a single ambiguous term ("material") becomes a governed canonical entry with classification rules propagating to fleet agents and data-lake content tagging.

Interactive walkthroughs · CIVS · material-incident · customer/partner/account

Coming soon

Financial Services Compliance

SR 11-7 model risk governance applied to agentic AI. Charter discipline for trading desk agents, compliance review automation with deterministic enforcement, audit trail mapped to federal examiner expectations.

In development · vertical use case

Standards we commit to

KAiM's audit-first framework is designed to satisfy or exceed the standards your compliance officer is already reading.

Standard	How KAiM aligns
NIST AI Risk Management Framework	The four functions (Govern, Map, Measure, Manage) map to Atelier (Map), Codex (Govern), Forensics (Measure), and Cobbler (Manage). Full alignment artifact published.
EU AI Act — Article 14 (Human Oversight)	HITL checkpoints are a required Charter field. Compliance is structural at design time, not policy at deploy time. Effective August 2026.
ISO/IEC 42001 — AI Management System	The KAiM Ethos document maps directly to the management-system clauses. Decision rituals, change discipline, and external vetting are encoded as operating constraints.
OWASP Top 10 for LLM Applications	Excessive Agency (LLM08), Overreliance (LLM09), and Insecure Output Handling (LLM02) are mitigated at design time by Charter discipline and Critic stress-testing.
GDPR · CCPA · Quebec Law 25 · NLRB guidance	Structural privacy posture: the Codex Engine refuses to compile rules emitting per-individual scores. KAiM cannot be used for employee surveillance because the architecture forbids it.

Request an executive briefing

A 60-minute working session with KAiM founder and the architecture team. Review the four cells against one of your live operational scenarios. Walk away with a concrete read on whether the framework fits your governance posture.

No sales script. No demo theater. A working session where your compliance officer, AI lead, and a relevant business owner sit at the same table and pressure-test the framework against a real operational question of yours.

What you bring: one operational scenario where AI agents are or will be making decisions that need governance. What we bring: the framework, an honest read on fit, and a written summary you can take to your board.

Request briefing →

Governed enterprise intelligence — by structural design.