Programmable Assurance

Modern infrastructure
became programmable.
Assurance did not.

Intent should align with outcomes.

ObsidianWall implements Programmable Assurance — the open discipline of continuously aligning organizational intent with outcomes. The discipline is independent of any single platform.

ObsidianWall Verdict evaluates your infrastructure plans against governance policies before deployment executes — catching budget overruns, policy violations, and compliance failures before they become incidents.

$ pip install obsidianwall-verdict

No spam. Unsubscribe any time.

You're on the list — we'll be in touch.

How it works today

Security recommendation made
Management refuses — no budget
Email thread lost
Breach occurs
Security team blamed
No evidence. No accountability.

With Programmable Assurance

Security recommendation made
Financial exposure translated
"Not enforcing MFA creates $3.4M HIPAA exposure"
Executive risk acceptance recorded
Named, dated, signed, immutable
If breach occurs — evidence exists
Decision is attributed
Evidence. Accountability. Protection.

What is Programmable Assurance?

Modern organizations run on software. Infrastructure is programmable. Identity is programmable. Security is programmable. AI systems are programmable. Governance is not.

Programmable Assurance is the discipline of continuously aligning intent with outcomes through executable governance, accountability, evidence, and feedback.

Four behavioral principles — regardless of topology:

01

Intent must be executable

02

Enforcement must be continuous

03

Every decision must be accountable

04

Outcomes must feed back into intent

Read the full definition →

evaluate

Should this deploy?

Evaluates Terraform plans and CloudFormation templates against governance policies. Auto-detects format. Five governance decisions. Full audit trail.

coverage

What controls are missing?

Maps your policy conditions to HIPAA, SOC 2, CIS v8, or NIST AI RMF. Shows which controls are covered and which are missing before an auditor finds them.

simulate

What if assumptions change?

Tests governance decisions against synthetic context without a real plan. Technical Risk and Governance Risk shown as separate dimensions.

sentinel

Did reality match the decision?

Verifies that post-deployment state stayed aligned with what the governance decision authorized. Detects drift before it becomes a violation.

All capabilities

validate

Policy schema validation before evaluation

test

Assert expected decisions in CI regression

audit

Governance history, patterns, and insights

analyzers

Cost, topology, architecture, utilization

explainability

Reasoning chain, trace graph, policy reasoning

notifications

Stakeholder routing manifest per decision

risk scores

Technical Risk and Governance Risk separately

telemetry

Local SQLite store — nothing leaves your environment

context

Full input and runtime context in every artifact

replay

Re-execute stored evaluations for audit verification

verdict — CI/CD governance gate
# Evaluate a Terraform plan against your budget policy
$ verdict evaluate --plan terraform_plan.json --policy policies/cost/budget.yaml --role engineer

policy basic_budget_verdict
condition budget_check ✗ FAILED
expression (current_spend + estimated_cost) <= budget.amount
evaluated (0 + 100) <= 50 → false

risk score 75 / 100 (critical)
Technical Risk 75/100
Governance Risk critical
notified budget_owner (email) engineering_lead (slack)

decision DENY_WITH_OVERRIDE
override budget_owner may authorize
decision_id abc3a13b-83d5-4fad-87d8

✗ Deployment blocked by governance policy.

Verdict

Live — v0.5.0

Pre-deployment governance decision engine. Evaluates plans. Produces decisions. Builds audit artifacts.

Sentinel

Live — v0.5.0

Post-deployment reality observation. Detects drift. Verifies outcomes match governance decisions.

Compass

Q4 2026

Governance intelligence and economics. Translates outcomes into financial exposure. Closes the feedback loop.

Forge

2027

Governance authoring engine. Translates leadership intent into executable policy through a human-gated AI layer.

Full architecture → obsidianwall.dev/architecture/platform

Design Principle

AI may advise.
AI may explain.
AI may optimize.
AI may correlate.
AI may recommend.


AI may NOT authoritatively govern.

Every governance decision in ObsidianWall is produced by deterministic evaluation of human-authored policies — never by a probabilistic model. Decisions are reproducible, explainable, and attributable to a named policy and a named human who wrote it.

verdict evaluate — live terminal