JacqOS
Get started

AI Agents guaranteed
not to break your
business rules

JacqOS puts a mathematical boundary between AI reasoning and real-world action. Agents reason freely inside a secure inner world — but only actions that satisfy your declared invariants for the current evaluator can reach the outside.

See a blocked action Read the docs Talk to us
jacqos.studio / blocked-action-receipt 01/04

Failure modes · 01

Most agent stacks break in the same four places.

Four expensive failure modes show up in almost every agent deployment. They're not prompt problems — they're structural gaps between reasoning and action. Start here, then inspect the boundary that closes each one.

01

Unsafe actions

A wrong answer becomes a wrong promise, refund, payout, or mutation that reaches the real world.

02

Pilot purgatory

The demo looks plausible but nobody can explain how to trust the thing in production.

03

Hidden state

Graphs and scratchpads become the truth surface instead of one explicit derived reality.

04

No evidence story

Without replay, provenance, and fixtures buyers get claims instead of evidence.

The analogy · 02

A physics engine
for your business logic.

Game engines don't let players pass through solid walls — not because the game politely asks, but because the simulation refuses to produce that state. Physics holds.

JacqOS does the same for enterprise action. Your policies, authorities, and invariants are the laws of the world. Every proposed action is tested against them before it can leave the simulation. Violations don't happen — they can't.

Rigid bodies
Agents, users, services
Forces
Proposed actions
Collision constraints
Policies & authorities
Laws of physics
Named invariants

The paradigm · 03

The AI stack,
re-imagined.

Today's agent stacks treat observability as a footnote and memory as a database you bolt on. JacqOS puts the immutable log at the foundation, turns memory into a derivation from that record, and fuses security with the domain ontology — so the boundary is the architecture, not a wrapper around it.

Most agent stacks today Built on sand The log is an afterthought. Memory is a service. Guardrails are scattered across multiple surfaces, fallable LLMs are treated as the brain.
06
Memory
bolted-on vector store
05
Agent Orchestration
graphs, loops, retries
04
Tools / Function Calls
raw capability to act
03
LLM
probabilistic reasoning
02
Guardrails
text filters, prompts, DB rules, DDD aggregates
01
Logs / Traces
observability, after the fact
no durable ground truth · every layer re-invents state
JacqOS Built on bedrock The log is the foundation. Everything else derives from it with a structural invariant boundary. The guarantee is bounded by the current evaluator and lineage, not delegated to prompt policy.
06
Agents & Tools
LLMs treated as sensors/tools rather than the brain
05
Memory
derived from the record, not stored
04
Ontology + Authorities
who may do what, to what
03
Invariants (the boundary)
named laws — violations cannot execute
02
Derivation
facts computed from observations
01
Immutable Observation Log
append-only. single source of truth.
one record · replayable · signed · ground truth for the entire system
Observability isn't a sidecar.
The immutable log is the system's substrate. Traces, audits, and replay all fall out of it for free.
Memory is derived, not stored.
What the system "remembers" is whatever the current observations imply — never a stale cache, never a dangling vector.
Security lives in the ontology.
Authorities and invariants are part of the domain model, not a middleware layer. The rules engineering ships are the rules risk reads.

The boundary · 04

Five primitives.
One provable boundary.

Observations go in. Facts derive. Agent proposals get checked. Only transitions that satisfy your declared invariants reach real systems — and the whole thing replays.

01

Observe

Every input — a customer message, a tool response, an effect receipt — is recorded as an append-only observation.

A new support message arrives → it becomes part of the permanent record.
02

Derive

Policies, approvals, and operational state are computed from the record with plain logical rules.

If the cited policy exists, and the timing matches, then this refund is eligible.
03

Propose

The model can only suggest. Anything it generates stays a proposal — never a real-world action — until the domain accepts it.

The agent drafts a refund → the refund is a proposal, not a payment.
04

Check

Every proposal is tested against named invariants. If the invariant isn’t satisfied, the action cannot execute.

If a refund is proposed and it is not eligible, then the action is blocked.
05

Replay

The same sequence of observations always produces the same derived world — every block, approval, and effect, reproducible on demand.

Same observations in → same decisions out. Every time.

The guarantee

For a fixed evaluator and lineage, an action that violates a named invariant cannot execute — not because the model was asked nicely, but because the transition is structurally unsatisfiable in the ontology layer.

Blocked transitions don't just fail — they produce an inspectable receipt showing the proposal, the derived facts, and the invariant that refused it. Every receipt is replayable.

The rules · 05

Rules your risk team can actually read.

Policies, authorities, and invariants live as plain logical statements — not hidden prompts, not buried middleware. Legal, security, and engineering read the same rules. The dream of BDD, upgraded for the AI-era.

Observation
A refund policy is published on 2026-01-12.
Recorded — never edited, never forgotten.
Derived rule
If the customer cites a policy, and that policy exists, and the timing matches — then the refund is eligible.
Computed from observations. No magic.
Invariant
No refund may be issued unless it is eligible under a real, cited policy.
The boundary. A violating action cannot execute.
Authority
Tier-1 support may propose refunds and messages. It may send messages. It may not commit refunds alone.
Each agent's blast radius, declared up front.
Decision
A refund is ratified only when it is eligible and a human has approved it.
Only an explicit decision lifts a proposal into an action.
Effect
Once ratified, the refund executes — and the payment processor's receipt becomes a new observation.
The loop closes. Everything is replayable.

Authorship & audit · 06

Authored by AI, audited by humans.

JacqOS systems are written by AI coding agents; humans review the surfaces that actually matter — BDD-style scenarios and invariants. Rust, Datalog, and decades of logic programming do the heavy lifting. Logic programming is the most powerful piece of the puzzle — AI models already speak Datalog fluently.

01
Authorship

AI coding agents write the system.

Agents generate .dh ontology rules and Rhai mappers — a stratified Datalog surface and a sandboxed scripting language that LLMs already handle well. No hand-written Rust, no hidden prompts, no bespoke DSL to learn.

Built on Rust, authored in Datalog.
02
Pre-deployment review

Humans review invariants and fixtures.

Before anything ships, you review two things: named invariants — your business rules as plain logical statements — and golden fixtures — BDD-style scenarios that replay behavior deterministically. You never read line-by-line generated code.

The review surface humans actually own.
03
Post-deployment audit

Studio makes production inspectable.

Every production deployment gets Studio: replayable observability, provenance, and audit evidence. Trace any blocked action or derived fact back to the exact observations that caused it. Replay a recorded lineage. Export artifacts your risk team can inspect.

Observability · provenance · auditability.

Your week · 07

What changes in your week.

JacqOS doesn't just change what the system does. It changes what you spend your time on — on both sides of the shipping line.

01 Developer building the agent
Before JacqOS
  • Prompt-engineer a scenario, hope the demo holds in front of real users.
  • Bolt on a new filter every time the agent surprises you in production.
  • Debug regressions by tailing logs at 2am and guessing what the model saw.
With JacqOS
  • Write a rule. Add a fixture. See the replay. Ship it.
  • Invariants refuse the action at the boundary — no retry loop, no patchwork filter.
  • Click backward through provenance to the exact observation that derived the fact.
02 Risk, security, or compliance reviewer
Before JacqOS
  • Audit by spot-checking traces the engineering team hands you after the fact.
  • Take engineering's word on what the AI “won't” do in production.
  • Write a coverage checklist that's stale the day a new prompt ships.
With JacqOS
  • Read one file of named invariants — the full set of rules the agent cannot cross.
  • Run the fixtures yourself. Get deterministic pass/fail on every covered path.
  • Sign a verification bundle that replays on any machine, at any time.

Use cases · 08

Designed for when failure is not an option.

Same operating model — different expensive mistakes. Pick the risk surface that already keeps your ops team up at night.

01
Customer Support
AI handles messy conversations while invented policies never become real refunds or concessions.
Explore →
02
Financial Services
Payouts, claims, and approvals sit behind declared thresholds, signed-off facts, and replayable evidence.
Explore →
03
Healthcare Ops
Intake, scheduling, and triage stay provisional until clinician acceptance ratifies accepted truth.
Explore →
04
Incident Response
Agents propose fixes. Catastrophe invariants stop destructive remediations from reaching production.
Explore →
05
Sales & Procurement
Negotiation drafts stay offers — not commitments — until policy and authority checks let them through.
Explore →

Category lines · 09

Where JacqOS draws the line.

Workflow orchestrators coordinate. Prompt guardrails suggest. Autonomous loops improvise. JacqOS enforces — structurally.

 
LangGraph
Prompt Guardrails
JacqOS
Truth surface
Mutable workflow state
Prompt text
Derived from append-only observations
Decision authority
Node code
Model output
Explicit domain relations
Unsafe action
Best-effort
Hint, can be ignored
Structurally unsatisfiable
Replay contract
Partial
None
Deterministic across re-runs
Multi-agent
Rewire graph
Independent prompts
Shared derived reality
Audit evidence
Logs
Logs
Verification bundle, provenance, effect receipts
See full comparison 20-min evaluation path

Proof, not claims · 10

Three actions that should have never reached the world.

Every example ships with deterministic fixtures, replayable observation logs, and the exact invariant that refused the action.

blocked in proposal space
Air Canada — the bereavement refund that never happened.
A hallucinated policy exception collides with the declared refund ontology. The customer never sees the wrong promise.
1 invariant · 2 facts BLOCKED
blocked in proposal space
Chevy dealer — the $1 Tahoe that stayed in proposal.
Authority check refuses agent-initiated commits; the discount-floor invariant refuses absurd prices.
2 invariants · 1 capability BLOCKED
blocked in proposal space
SRE copilot — the remediation that would have taken prod offline.
A tier_0 scale-to-zero collides with the catastrophe invariant, with full postmortem replay.
1 catastrophe · 1 blast radius BLOCKED

Proof surfaces · 11

Evidence, not adjectives.

The boundary exports artifacts. Your security, risk, and audit teams inspect the same files engineering ships.

01 Verification Bundle Invariants, fixtures, replays, and declared capabilities in one artifact you can ship to risk teams. 02 Studio Track The human review loop built around invariants, fixtures, replay, and provenance. 03 Trust Surface Guarantees, non-guarantees, and the verification paths in plain language for buyers.

Built from the ground up for
safe AI integration.

Run the Studio demo Start a 20-minute evaluation Talk to us about your compliance requirements one binary · deterministic replay · self-hosted