A minimal safety kernel and operating model for irreversible decisions.
This repository defines a Decision Kernel and a Decision Operating System (D-OS) —
a way to reason about when a decision may be made, not what the decision should be.
It is designed for domains where decisions are high-risk, time-constrained, and irreversible,
and where failures often occur despite competent people, good intentions, and formal procedures.
Decision Kernel defines the minimum execution invariants required to treat decisions as first-class objects.
It does not prescribe governance, policy evolution, or organizational processes.
Across medicine, aviation, AI systems, policy, and large organizations, the same pattern appears:
-
Highly trained people still make catastrophic decisions.
-
Procedures are followed, yet failures happen.
-
Post-incident analysis focuses on who or what, not whether the decision should have been made at that moment.
Most systems implicitly assume that a decision must always be made.
This repository starts from a different question:
Was it safe to commit a decision at that moment?
Many failures are not caused by poor judgment, but by decisions made under conditions where
decision capacity was already exhausted, time pressure was extreme, or
irreversibility was underestimated.
This project does not make decisions, recommend actions, or optimize outcomes. It only defines when committing a decision is safe.
flowchart TB
%% =========================
%% Decision State
%% =========================
subgraph S["Decision State (Dynamic)"]
C["🧠 Capacity\n(Green / Yellow / Red)"]
B["⏱ Budget\n(Time / Cognitive / Resource)"]
I["↩ Irreversibility\n(Rollback possibility)"]
end
%% =========================
%% D-OS Decision Flow
%% =========================
subgraph D["D-OS · Decision Operating System"]
E["Evidence\n(What do we know?)"]
G["Guard\n(What must not be violated?)"]
R["Reason\n(What options exist?)"]
V["Validation\n(Is it safe to commit now?)"]
end
%% =========================
%% Decision Kernel
%% =========================
K["Decision Kernel\n(Commitment Gate)\n\nALLOW · HOLD · BLOCK · ESCALATE"]
%% =========================
%% Commitment & Execution
%% =========================
D0["Decision\n(Commit Event)"]
A["Action / Execution\n(World changes)"]
%% =========================
%% Flows
%% =========================
E --> G --> R --> V --> K
K --> D0 --> A
%% =========================
%% State influences kernel
%% =========================
S --> K
Decisions are events.
Safety lives in state.
The Decision Kernel protects the moment of commitment.
This repository does not aim to:
-
optimize decisions,
-
automate decisions,
-
or replace human judgment.
Instead, it defines a minimal safety layer — a Decision Kernel — whose sole responsibility is to evaluate whether a decision may be committed at all under current conditions.
In short:
-
We do not decide what to do.
-
We decide whether a decision may be safely committed.
To avoid confusion, this repository is not:
-
a workflow engine
-
a decision automation system
-
an AI agent or recommender
-
a governance checklist
-
a performance optimization framework
-
a compliance tool
It is intentionally below those layers.
The Decision Kernel is a minimal, stateful safety primitive.
It evaluates decision conditions using signals such as:
-
Decision capacity (e.g. Green / Yellow / Red),
-
Time, cost, and cognitive budget,
-
Risk and uncertainty,
-
Irreversibility (ability to undo or recover).
Based on these signals, the kernel produces one of four outcomes:
-
ALLOW — a decision may be committed
-
HOLD — delay, gather more information, or wait
-
BLOCK — committing a decision is unsafe
-
ESCALATE — responsibility must be transferred or shared
The decision kernel does not decide what to do.
It decides whether a decision may be committed.
This distinction is intentional and foundational.
While the Decision Kernel defines minimum safety logic, D-OS defines how humans reason with it.
D-OS treats a Decision as a first-class object, with an explicit lifecycle:
Evidence → Guard → Reason → Validation → Commit
Key concepts include:
-
Decisions as irreversible state transitions
-
Explicit handling of budget, risk, and irreversibility
-
Recognition that not deciding is itself a decision
-
Clear separation between judgment and execution
D-OS is not software.
It is an operating model for human judgment that can be implemented in many forms.
This repository intentionally contains no executable code.
The Decision Kernel is a conceptual safety primitive, not a library.
Its implementation must be domain-specific, respecting local constraints, laws, workflows, and human factors.
Providing a generic implementation would obscure the core idea and create false confidence.
The same kernel logic appears in very different domains:
-
Emergency medicine
A decision to accept a patient may be blocked not by lack of beds, but by exhausted decision capacity under irreversible risk. -
Aviation
After certain thresholds (e.g. V1), decisions are no longer allowed — not because they are wrong, but because they are unsafe. -
AI systems
High-impact actions with low confidence and no rollback path should be delayed or escalated, regardless of model accuracy.
These are not optimizations. They are decision safety boundaries.
This repository is intended for people who are responsible for irreversible decisions, including:
-
clinicians and emergency physicians
-
engineers building AI or autonomous systems
-
safety and reliability engineers
-
policy and governance designers
-
anyone accountable for decisions that cannot easily be undone
This repository is not meant to be “installed”.
It is meant to be:
-
read,
-
adapted,
-
translated into local practice,
-
and used to change how decisions are framed and protected.
If it helps you ask better questions before committing decisions, it has done its job.
decision-kernel-dos/ │ ├─ README.md ├─ manifesto.md ├─ release_note/ │ ├─ v0.1.md │ ├─ decision-kernel/ │ ├─ overview.md │ ├─ core-spec.md │ └─ guards.md │ ├─ d-os/ │ ├─ overview.md │ ├─ decision-flow.md │ └─ state-model.md │ ├─ examples/ │ ├─ emergency-room.md │ ├─ aviation.md │ └─ ai-system.md │ └─ faq.md
This work is not about being smarter.
It is about being safer when intelligence, speed, and pressure collide.
If that resonates, you are in the right place.