DISCOVER THE FUTURE OF AI AGENTSarrow_forward
smart_toyAgent Park
arrow_backBACK TO PROJECTS

VERITAS OS

calendar_todayAdded Apr 23, 2026
categoryAgent & Tooling
codeOpen Source
PythonWorkflow AutomationAI AgentsAgent & ToolingSecurity & PrivacyFinance

Decision Governance and Bind-Boundary Control Plane for AI Agents, ensuring traceability and accountability in regulated environments via fail-closed pipelines and hash-chained audit logs.

VERITAS OS is a Decision Governance and Bind-Boundary Control Plane for AI Agents, designed for highly regulated scenarios such as financial services (AML/KYC) and healthcare. Current version: v2.0.0 (Beta), developed by Takeshi Fujishita.

Core Capabilities#

Decision Governance Pipeline#

End-to-end /v1/decide governance pipeline where AI decisions pass through reproducible, fail-closed, hash-chained governance flow: orchestration → gating → persistence → replay. FUJI Gate provides default fail-closed behavior, directly rejecting decisions on unsafe or undefined paths.

Bind-Boundary Control#

Innovatively extends governance lineage from "decision approval" to "execution commitment" by separating approval from execution. Wired on three operator-controlled paths: governance policy updates, policy bundle promotion, and runtime compliance configuration changes. Outputs BindReceipt (complete governance artifact) and bind_summary (compact binding summary).

TrustLog Audit Logs#

Tamper-proof hash-chained decision lineage logs with signature and hash-linking support, capable of divergence-aware replay. Production recommends PostgreSQL backend; development supports JSONL lightweight backend.

Runtime Posture Control#

Single variable VERITAS_POSTURE (dev / staging / secure / prod) controls all security defaults. In prod posture, all governance controls are forcibly enabled, override variables are ignored, and external secret managers (Vault/KMS) are required.

Compliance Export#

Compliance export paths and veritas-evidence-bundle CLI tool for evidence package generation, supporting external audit-ready documentation.

Typical Use Cases#

  • AML/KYC Compliance: 1-day PoC quick-start package with financial governance templates
  • Regulated Industry AI Deployment: Approval boundaries and post-hoc review evidence capture for finance, healthcare, etc.
  • AI Decision Audit & Accountability: TrustLog creates audit-grade decision lineage for post-hoc incident review
  • Security Operations: Production posture enforces external key management and transparent log anchoring

Architecture Overview#

  • Backend: Python 3.11+ / FastAPI + Uvicorn + Pydantic async architecture
  • Frontend: Next.js 16 Mission Control operator governance panel
  • Storage: PostgreSQL (production, with Alembic migrations) / JSON / JSONL (development)
  • LLM Integration: OpenAI default, optional Anthropic extra dependency
  • Observability: OpenTelemetry + Prometheus via observability extra
  • Signing: cryptography library via signing extra
  • CI/CD: GitHub Actions (main, CodeQL, Release Gate, Docker Publish to GHCR)
  • Test Coverage: Self-reported 87%
  • Container Image: ghcr.io/veritasfuji-japan/veritas__os

Installation & Deployment#

Prerequisites: Docker 20+, Docker Compose v2; local dev requires Python 3.11+, Node.js 20+, pnpm.

Docker Compose (recommended):

git clone https://github.com/veritasfuji-japan/veritas_os.git
cd veritas_os
cp .env.example .env
docker compose up --build

Endpoints: Backend API localhost:8000 (Swagger UI: /docs), Mission Control localhost:3000, PostgreSQL localhost:5432.

pip install (local dev):

pip install .                  # Core
pip install ".[ml]"            # + sentence-transformers / scikit-learn
pip install ".[full]"          # All dependencies

API & CLI#

Core API Endpoints:

  • PUT /v1/governance/policy — Policy update (governance-bound)
  • POST /v1/governance/policy-bundles/promote — Policy bundle promotion (governance-bound)
  • PUT /v1/compliance/config — Compliance config change (governance-bound)
  • GET /v1/governance/bind-receipts — List bind receipts
  • GET /v1/governance/bind-receipts/{id} — Bind receipt details
  • GET /v1/governance/bind-receipts/export — Export bind receipts

CLI Tools: veritas-trustlog-verify (verify TrustLog integrity), veritas-migrate (database migration), veritas-evidence-bundle (generate compliance evidence package).

Unconfirmed Items#

  • No public third-party production deployments or user testimonials found
  • No completed third-party security audit reports found
  • Zenodo papers are preprint platform releases; peer review status unconfirmed
  • Core uses proprietary EULA (free for Evaluation Use, written agreement required for Commercial Use), some directories use MIT — exact scope needs per-directory LICENSE verification
  • VERITAS_API_KEY / VERITAS_API_SECRET issuance process not clearly documented in README
  • Commercial licensing pricing not publicly available; contact veritas.fuji@gmail.com

Related Projects

View All arrow_forward

Basic Memory

Local-first knowledge management combining Zettelkasten with knowledge graphs, enabling LLM cross-session persistent memory via Model Context Protocol.

PythonKnowledge Base
VIEW DETAILS arrow_forward

vfs (Virtual Function Signatures)

AST-level code signature extractor and MCP Server, reducing AI coding agent token consumption by ~98.6% across 17 languages.

Model Context ProtocolGo
VIEW DETAILS arrow_forward

RexCLI

A local-first AI memory system and orchestration layer for existing coding agents like Codex CLI, Claude Code, and Gemini CLI

Node.jsWorkflow Automation
VIEW DETAILS arrow_forward

STAY UPDATED

Get the latest AI tools and trends delivered straight to your inbox. No spam, just intelligence.

rocket_launch