Design Partner Program · 2026 cohort

Controlled agent execution for teams that answer for every action.

hestiaOS classifies, evaluates and traces agent actions before execution — with public evidence for implemented controls, limitations and human approval points. We are selecting a small number of design partners in regulated EU domains to validate the Enterprise runtime against real workflows.

Request technical walkthrough Review public evidence

3–4 design-partner slots

6 weeks structured validation

Local-first deployment scope

Execution decision Human gate

Actionfs.write · /reports/q3.csv

Policy basisPOL-204 · data-egress

Classificationsensitive · review

Actoragent://reporting-7

DecisionQUEUED → awaiting approval

Trace IDceg-7f3a…b21

Timestamp2026-06-15T09:41Z

Explanatory mockup. Not a production deployment. Implementation status and limitations are documented in Public Evidence below.

hestiaOS is a pre-alpha governance-first runtime in active validation. Our public evidence surfaces document what is implemented today, what is experimental, and where human approval remains required.

Agent autonomy is arriving faster than the ability to account for it.

From August 2026, EU AI Act obligations for high-risk and general-purpose AI phase in. Regulated teams will need to show how automated actions are governed, logged and reviewable. hestiaOS is built to make that record a property of the runtime — not a report written afterwards. We support AI-Act-relevant traceability and transparency; we do not claim compliance on your behalf.

NowValidate

Aug '26AI Act phase-in

2027Full scope

Why regulated teams talk to us

Three problems we hear from teams piloting agents in environments where actions have consequences.

“We can't reconstruct what the agent did.”

hestiaOS records input, actor, policy, decision, scope and timestamp as a causal trace — a replayable account of each governed action, not a log scraped together after the fact.

“Critical actions need a human in the loop.”

Actions are classified before execution. Sensitive or novel patterns are gated and fall through to human approval by design — the human gate is a runtime control, not a convention.

“Our data can't leave our environment.”

hestiaOS is designed for local-first, self-hosted deployment. The governance substrate runs where your data and your auditors already are — within a defined validation scope, not a cloud round-trip.

Where hestiaOS sits

Layer 7.5 — a deterministic governance substrate between probabilistic AI reasoning and real-world effects.

Layer 8

AI agent space

Probabilistic, untrusted, volatile. Model inference stays upstream.

Layer 7.5 — hestiaOS kernel

Deterministic governance substrate

DSGK, CEG, CausalTraceGraph, Moirai. Governed, auditable, replayable.

Layer 7

Application space

Typed contracts, MCP tools, OS interfaces.

Public evidence

Verified results from the SPRIND Next Frontier AI submission. Each claim is backed by tests, benchmarks or code — with status and scope shown, not hidden.

DSGK · Governance kernel

Deterministic semantic governance

195+

Governance tests passing · fail-closed gating

Internal due diligence

CEG · Execution graph

Intent lifecycle & execution gate

110/110

CEG-specific tests · R1–R4 pipeline

Internal due diligence

Moirai · Pattern reuse

Non-gradient knowledge accumulation

28/28

Unit tests in 1.33s · SHA-256 PRF

Verified

Science edition

Containerized reproducibility

98/0/1

PASS / FAIL / WARN · Podman slim

Verified

Memory system

Event-sourced vault · 10 invariants

I1–I10

Write-gate pure function · SHA-256 chain

Internal due diligence

CEG benchmark

Governed vs. ungoverned baseline

+0.78

Auditability score improvement

Internal due diligence

The Enterprise design-partner program

The Enterprise audit, compliance and operations layers are being built now. We build them with a handful of partners, against real workflows — so the first production-grade controls are shaped by teams who have to live with them.

What a design partner gets

Direct line to the lead architect — your use case shapes the runtime roadmap.
A scoped local-first deployment for one governed workflow you choose.
Evidence pack: traces, policy decisions and limitations for your reviewers.
Preferential terms when the Enterprise edition reaches general availability.

What we ask of you

One concrete agent workflow where actions actually matter.
A technical contact and a governance/compliance contact on your side.
Structured feedback across the six-week validation window.
Acceptance that this is pre-alpha: validation, not a production guarantee.

How the six weeks run

Week 1

Scope & fit

Pick one workflow, define the governance questions, agree what evidence success produces.

Weeks 2–3

Local deployment

Stand up hestiaOS in your environment. Wire policies, classification and the human gate.

Weeks 4–5

Run & trace

Execute the workflow under governance. Capture traces, decisions and limitations.

Week 6

Evidence review

Walk your reviewers through the record. Decide together on the path beyond the pilot.

One limitation, stated plainly

⚠ Known limitation

The Enterprise audit, compliance and operations modules are not yet production components. The governance core (DSGK, CEG, CausalTraceGraph) is implemented; the surrounding enterprise tooling is being built during this program.

Status: Experimental / in development Scope: Local validation environment Mitigation: Human gate catches fall-through Last reviewed: 2026-06

This limitation is disclosed, not hidden. It is part of how hestiaOS is governed — and it is exactly why a design partner shapes what gets built.

Trust & limitations

Trust is produced by evidence, not adjectives. This documents current maturity. It is not a compliance claim.

✓ Implemented

DSGK constraint solver, CEG intent lifecycle (QUEUED → COMMITTED), CausalTraceGraph audit records, Moirai pattern-reuse engine.

⚡ Experimental

Enterprise audit/compliance/operations layer, full integration pipeline, production hardening — under active development.

👤 Human approval required

Critical actions are gated. Novel action patterns fall through to human review by design.

🔒 Security assumptions

Pre-alpha validation environment. Production security hardening is a roadmap deliverable, scoped with each partner.

🇪🇺 AI-Act relevance

We support traceability and transparency relevant to the AI Act. We do not claim the system is “AI Act compliant” on your behalf.

🤖 Content disclosure

Diagrams and the execution card on this page are explanatory mockups, clearly labelled, not production screenshots.

Who you work with

A founder-led team. In a design partnership you talk to the people building the runtime, not a sales layer.

Christian Walter

Founder · Lead Architect & Principal Engineer

Owns the architecture, technology core and governance system. Leading the build of the SPRIND Stage 1 engineering team.

christian.walter@hestiaos.org

Christian Heilwagen

Co-Founder · Operations & Venture Execution Lead

Runs delivery, roadmap and partner management. 14+ years in industrial electrical/automation systems, operational excellence and BI. Your interface for scoping and the pilot itself.

christian.heilwagen@hestiaos.org

Planned Stage 1 expansion: 4 senior engineers + 1 ML researcher, an advisory board with frontier-lab expertise, and research collaboration with Forschungszentrum Jülich.

Questions reviewers ask

Is hestiaOS “AI Act compliant”?

No — and we won't say it is. Compliance is a property of your deployment and processes, not of a runtime. hestiaOS provides traceability, classification, logging and human-approval controls that are relevant to AI-Act obligations and make your own compliance work auditable. The scope of what we support is documented, not implied.

What does “pre-alpha” mean for a pilot?

The governance core is implemented and tested; the enterprise tooling around it is being built. A pilot is a structured validation against a real workflow, run in a local environment with a human gate on critical actions — not a production rollout. You see exactly what is implemented vs. experimental before you start.

Where does our data go?

hestiaOS is designed for local-first, self-hosted deployment. In a pilot, the governance substrate runs inside your environment within a defined scope. There is no requirement to send your workflow data to a third-party cloud.

What does it cost to be a design partner?

The 2026 cohort is about co-development, not licence revenue. We invest engineering time; you invest a real workflow and structured feedback. Commercial terms for the general-availability Enterprise edition are agreed separately, with preferential terms for design partners.

Who actually does the integration work?

You work directly with the founding team. Christian Heilwagen scopes and runs the engagement; Christian Walter owns the runtime and governance design. No hand-off to an account manager.

Governed

Auditable

Traceable

Modular

Local-first

Validate governed agents before you have to defend them.

If your team is piloting agents where actions have consequences, talk to us. A short technical walkthrough is the fastest way to see whether a design partnership fits.

Request technical walkthrough Review the code

hestiaOS · pre-alpha governance-first runtime in active validation · SPRIND Next Frontier AI