Operational AI Safety Kernel

AI Governance Control Plane

Noir OpenAI Guardrails is a comprehensive safety operating system providing verifiable governance, runtime enforcement, and continuous policy orchestration. It transforms safety from a subjective review into a verifiable infrastructure standard across the entire deployment lifecycle.

Initiate Probe Enter The Forge Access Control Plane

[01] / Introduction

How the platform fits together

Noir is organized into four authoritative domains: The Probe (external verification), The Forge (adversarial simulation), the Control Plane (centralized orchestration), and the Evidence Vault (immutable governance records).

ArchitectureLifecycleDeployment modes

Operating map

Current Implementation Surface

The Noir Codex documents the platform as it currently operates in production, focusing on verifiable assets and live API contracts. The Probe identifies drift and exposed states, The Forge reproduces failures in a sandbox, the Control Plane distributes policy, and the Evidence Vault preserves the record for release review.

The remediation loop is intentionally closed: The Probe Terminal finds the problem, but The Forge and Control Plane are where policies are tested, refined, and distributed back into the runtime path.

The ProbeConducts external surface audits to identify Grade D / EXPOSED states, semantic vulnerabilities, and PII leakage patterns.
The ForgeProvides a technical workbench for authoring and simulating safety logic, including Pyodide-powered replay of Probe-style failures.
Control PlaneCentralizes hot-swappable policy updates, emergency kill switches, global guardrail refinements, and runtime routing without requiring a CI/CD redeploy for each policy change.
Evidence VaultGenerates signed integrity hashes and maps evidence to ISO/IEC 42001 and EU AI Act review needs as a tamper-evident release artifact.
  • 01What is Noir? A kernel-level safety layer for agentic systems.
  • 02The Lifecycle: A closed-loop sequence: Detect → Simulate → Enforce → Verify → Govern.
  • 03Core Architecture: Unified governance across the Probe, Forge, Policy Manager, and OPA Engine.
  • 04Safety as Infrastructure: The Bifrost Proxy carries signed policy states to the edge, ensuring enforcement happens with effectively zero additional request latency.
  • 05Deployment Modes: Supports zero-SDK Bifrost patterns, local API contracts, and CI/CD workflow generation.
  • 06Glossary: Key terms including PDP (Policy Distribution Point), Bifrost, and AuditExport.

The Bifrost Advantage: Stop waiting for 15-minute CI builds to fix a safety leak. Use the Control Plane to hot-swap policies globally in under 1 second. Explore the API →

[02] / Runtime Verification — The Probe

Surface audits and safety evidence

The Probe Terminal performs external surface audits, translating raw runtime telemetry into structured safety evidence and Grade D / EXPOSED reports.

DetectTelemetryCertificates
  • 01Surface Audits
  • 02Understanding Risk Grades
  • 03Semantic Attack Detection
  • 04Prompt Injection Analysis
  • 05Safety Drift Detection, where represented by comparison/certificate workflows.
  • 06Exporting Safety Certificates
  • 07Continuous Assurance through repeatable Probe and CI workflow paths.

Live surface

The Probe Terminal

Existing UI provides endpoint locking, live probe sequencing, risk grading, and remediation payload generation. This is the entry point for identifying Safety Drift in production models.

Open The ProbeView Safety Certificate

[03] / The Forge — Adversarial Playground

Simulation and remediation workbench

The Forge branding is kept because the Playground already behaves like a lab: rail authoring, prompt evaluation, Bifrost mode, Pyodide, schema validation, red-team challenge, attack wall, and trace inspection.

SimulateSandboxReplay
  • 01Writing Rail Logic
  • 02Policy Simulation
  • 03Pyodide Runtime
  • 04Structured Output Enforcement
  • 05Red Team Gauntlet
  • 06Attack Replay
  • 07Remediation Validation

Live surface

Forge lab

The current browser surface supports lite and Bifrost modes, topology visualization, schema snippets, saved presets, challenge scenarios, and remediation handoff from The Probe.

Open The Forge

[04] / Control Plane — Operations

Policy authority and runtime control

The Control Plane is the centralized “Brain” of the ecosystem. It manages versioned policy sets and distributes them to Bifrost, the “Muscle” that enforces signed PDP state in the request path without requiring CI/CD redeploys.

EnforcePDPOPACI/CD
  • 01Policy Hot-Swapping
  • 02Runtime Enforcement and Bifrost Proxy path
  • 03Kill Switches and remote toggles
  • 04Multi-Environment Policies and traffic routing
  • 05CI/CD Gates via Safety-as-Code workflow generation
  • 06Deployment Enforcement through OPA import, simulate, export, publish flow
  • 07Audit Logging and Runtime Telemetry represented in Policy Manager and OPA UI.

Live surfaces

The Control Room

Centralizes hot-swappable policy updates, emergency kill switches, and runtime routing. It manages the OPA Control Plane to import, simulate, and publish Rego-backed logic to global subscribers instantly.

Open Policy ManagerOpen OPA Control PlaneBuild CI/CD Gate

[05] / Evidence & Governance — The Vault

Audit-ready operational records

The Evidence Vault preserves the integrity of your safety posture. It generates Automated Governance Artifacts and tamper-evident Safety Certificates for production sign-off.

VerifyEvidenceHashing
  • 01EU AI Act Alignment through Technical Evidence Attribution, not certification.
  • 02ISO/IEC 42001 Technical Evidence Attribution.
  • 03OWASP Top 10 for LLMs finding language.
  • 04Audit Governance and Automated Governance Artifacts.
  • 05Generates Signed Integrity Hashes (SHA-256) for every audit, ensuring that safety records satisfy ISO/IEC 42001 and EU AI Act review requirements.
  • 06Verification Certificates and governance workflows.

Evidence surfaces

Safety Certificate + AuditExport

The current schema defines AuditExport, AuditReport, AuditFinding, RemediationStep, EvidenceArtifact, and Bifrost response headers. The UI exposes a Safety Certificate and Policy Manager audit export action.

Open Safety CertificateInspect AuditExport

Legal Notice: The Noir Stack provides technical evidence and framework mapping to support internal and external governance reviews. This documentation does not constitute legal advice or a guarantee of regulatory compliance.

[06] / Developers — The Contract

Integration contracts and runtime APIs

Developer docs are kept separate from conceptual governance docs. They cover the actual API reference, OpenAPI spec, auth surface, runtime APIs, example policies, snippets, and zero-SDK Bifrost integration pattern shown in the code.

APIOpenAPIAuthRuntime APIs
  • 01The Runtime Control Plane Reference at /api/reference/.
  • 02OpenAPI Spec at /openapi.json.
  • 03Authentication pages and bearer-auth API contract.
  • 04Runtime APIs for policies, OPA imports, audit export, SMTP status, and registry data.
  • 05Example Policies and subscriber snippets in Policy Manager.
  • 06Integrations represented by code-backed workflow builders and registry entries.

[07] / Ecosystem & Registry

Compatibility map from indexed projects

Noir Compatibility Mapping: This registry defines the integration surface for the broader AI safety ecosystem, categorizing third-party projects into Native Integrations and Indexed Patterns.

RegistryOpenAIOPAMCPNeMo
  • 01OpenAI-compatible runtime traffic and Guardrails registry entries.
  • 02Anthropic, LiteLLM, LangChain, MCP, and gateway ecosystems as indexed registry topics.
  • 03NVIDIA NeMo Guardrails through registry data and existing blog coverage.
  • 04OPA as a first-class implemented Control Plane surface.
  • 05Hexarch Guardrails only if represented as registry/blog positioning; avoid overstating implementation.
  • 06Integrations matrix generated from actual entries and supported UI/API surfaces.

Indexed evidence

Registry-backed ecosystem

The repository includes a project registry with OpenAI, Anthropic, NVIDIA NeMo Guardrails, LangChain, MCP, OPA-adjacent, LiteLLM, gateway, observability, and governance entries. These entries provide ecosystem evidence without implying each item is a native integration.

Browse RegistryRead Ecosystem Analysis

Last updated: May 2026