The governance suite

Operate. Direct.
Verify.

A well-run company separates three powers: the people who do the work, the board that sets direction, and the auditor who checks the books. Business OS gives an AI-operated business the same constitution: three separate minds around one gate that none of them can bypass.

The architecture of oversight

Three minds. One gate.

The Governance and Auditor apps are separate products that install next to Business OS and connect from above, through the same API and MCP surfaces as everyone else. There is no privileged backdoor. Whatever sits on top, the gate answers to you.

directs

Governance app

The boardroom. Owns objectives and policy, reviews strategy on a slow cadence, proposes direction.

verifies

Auditor app

The independent examiner. Reads every receipt, verifies conformance, co-signs the decisions that matter.

the gate · every proposal parks here · nobody approves their own
operates

Business OS

The operations arm. Heartbeats, reflexes, briefs and receipts: the deterministic engine of record that does the actual work, and logs every step of it.

All three are drivers and observers upstream of the same single gate. A high-stakes proposal from any of them still parks for a human.

The Governance app sibling product · in development

A board that reads every number.

Most boards govern from a slide deck someone prepared last week. The Governance app governs from the live operational record: every KPI, every outcome, every dollar of cost and return, straight from the receipts.

Owns objectives and policy

“Keep accounts-receivable days under 30.” “Never auto-spend above €500.” Objectives and approval policies live here, versioned and explicit.

The slow strategic review

A deliberate, periodic reasoning pass over trends, risks and progress against targets. Strategy on a board cadence, not a chat cadence.

Directs, never operates

It proposes direction and config changes through the normal approval path. The day-to-day stays with the deterministic core, where it's cheap and legible.

Goal-aware, not goal-seeking

It measures and narrates against the objectives humans set. It does not invent its own goals. That line is structural, not a promise.

Reports in plain language

“AR days 38 against a target of 30, driven by two late enterprise invoices.” Every claim traceable to a receipt in the log.

Cannot approve itself

A board-level proposal is still a proposal. It parks at the gate like everything else, and a human resolves it.

The Auditor app sibling product · in development

An examiner that never sleeps on the job.

Traditional audits sample a fraction of transactions, months after the fact. The Auditor app reads the decision stream as it happens, because Business OS produces evidence continuously: append-only, provenance-stamped, exportable.

Reads every receipt

The full decision stream: what fired, what was proposed, who approved, what it cost. Not a sample. All of it.

Co-signs the big ones

For high-stakes actions your policy can require a countersignature. The co-sign is a native gate primitive, so it cannot be skipped or worked around.

Genuinely independent

A separate install, run by a separate party if you wish: your accountant, an external assurance firm, or a regulator's tool. It observes the OS; it doesn't live inside it.

Checks conformance, flags drift

Do the actions match the policy? Did anything act outside its authority? Deviations surface as findings with the trace attached.

Trust-tiered evidence

Every decision record carries where its inputs came from: verified internal state or raw external input. The auditor sees which claims rest on what.

Built for the accountancy channel

For accountants and assurance firms, this is a new service line: continuous assurance over clients who run on Business OS.

How the three work together

One objective,
followed through the system.

Watch a live decision circulate. Every line runs through the gate in the middle; there is no path around it.

objectives in, receipts out, one gate in the middle

  1. 01
    The Governance app sets direction.

    The board review lands on an objective: keep accounts-receivable days under 30. It becomes typed, versioned config, confirmed by the owner.

    governance
  2. 02
    Business OS operates against it.

    Heartbeats watch invoice ages. Reflexes send reminders on schedule, at $0.00. A stubborn late payer becomes a brief with a grounded rationale.

    operations
  3. 03
    A high-stakes action parks at the gate.

    Writing off a €2,400 invoice crosses your threshold. Policy for write-offs requires two signatures, and never the proposer's.

    the gate
  4. 04
    The Auditor app countersigns.

    It verifies the full trace: the aging history, the reminder attempts, the rationale. It co-signs; the owner approves. Two independent signatures on the record.

    assurance
  5. 05
    The loop closes in plain language.

    The weekly summary reports AR days moving from 38 to 31 against the target of 30, with every number traceable to a receipt. The board adjusts, and the cycle repeats.

    governance

Available today: the slot they plug into.

The Governance and Auditor apps are in development as separate products, but everything they stand on ships in the open core now: the versioned API and MCP surfaces, co-sign and segregation-of-duties policies, decision provenance on every receipt, and the rule that no proposer ever approves. You can even fill the slot yourself today, with your own AI assistant or your own tooling.

Run the operations arm
the suite will govern.

The richer your operational record, the more the Governance and Auditor apps can do the day they arrive. Start now with the open core; the suite lands on top.