Security
Human authority
is architecture.
O-Matic is designed so the human is always in the loop — not as a checkbox, but as the architectural principle. Governance isn’t bolted on. It’s built in from the spec up.
Framework Alignment
How O-Matic aligns
with current frameworks.
GDPR · Article 22
Human oversight of automated decisions
GDPR requires meaningful human oversight of automated decision-making. O-Matic’s architecture makes this structural — every agent action requires operator approval at defined decision gates. The human isn’t a reviewer after the fact. They’re built into the execution path.
EU AI Act · Article 14
Human oversight for AI systems
The EU AI Act mandates human oversight mechanisms for AI systems. The Closed Factory is built to align with this — agents have defined roles, Sig numbers enforce version integrity, and no agent operates outside its lane without operator direction.
NIST AI RMF
Govern · Map · Measure · Manage
The NIST AI RMF organizes AI governance across four functions. O-Matic addresses all four — Session Rhythm provides the audit trail (Govern), Knowledge Boundary enforces privilege separation (Map), Sig regression halts flag integrity failures (Measure), and the Closed Factory manages agent behavior within defined lanes (Manage).
Knowledge Boundary
Only Probot and Fred navigate storage. All other agents operate in their domain only and request files by description. Privilege separation by design.
Sig System
Every agent has a Sig number. On startup, installed Sig vs state Sig is compared. Upgrades auto-resolve. Regressions halt and alert. Version integrity is enforced.
Session Rhythm
Every session flushes. Every agent logs. The factory always knows what happened, what changed, and what’s next. No silent state drift.