trust spine · positioning
Compare — Project-AI vs the field
Side-by-side against OPA, Anthropic Constitutional AI, Guardrails AI, and NVIDIA NeMo Guardrails. Each claim is testable. Where we say yes, the deep link is in the cell.
sourcingComparison is architecture-level, drawn from each project's public documentation and written from a Project-AI perspective. It is not a benchmark, an endorsement, or a security audit of any other project. Where a competitor's documentation is ambiguous, we mark the cell
partial rather than guess. Corrections welcome via /contact.property | Project-AI execution-governed | OPA policy engine | Constitutional AI Anthropic | Guardrails AI output validators | NeMo Guardrails NVIDIA |
|---|---|---|---|---|---|
| Enforcement model | |||||
Governance runs BEFORE execution Decision must precede side-effects, not annotate them after. | 9-gate kernel, deny-by-default | depends on integration; advisory by default | shapes training; runtime is advisory | output rewriters / validators | dialog-flow rails, app-level |
Deny-by-default Absence of an explicit allow = no execution. | policy-dependent | ||||
Three signed verdicts (ALLOW · DENY · SAFE_HALT) Bounded verdict space, no 'soft fail' middle ground. | allow/deny, no SAFE_HALT | ||||
| Audit | |||||
Append-only signed receipt chain Every decision hash-linked to prior, signed by published key. | see /witness | decision logs, optional | |||
Public verification key + TSA roots Anyone can verify any receipt offline. | /keys | ||||
Deterministic replay from receipt id Same inputs + policy_version → same verdict. | /reproduce | with bundle pinning | |||
| Identity & capability | |||||
Capability tokens with AC0–AC5 tiering Authority class explicit, not implied by role string. | you must model it yourself | ||||
Cryptographically attested identity gate Identity verified before policy even loads. | Galahad | ||||
| Continuity | |||||
State continuity gate (STATE_REGISTER) SAFE_HALT on missed heart-tick, not silent retry. | |||||
| Policy authoring | |||||
Constitution hash-anchored Validators load policy from signed Code Store; no in-band edits. | bundle signing supported, not default | constitution baked into weights | |||
Declarative DSL with formal grammar | Thirsty-Lang / TSCG | Rego | RAIL spec | Colang | |
| Threat surface | |||||
Survives prompt-injection in the governed payload Policy is not in the model's context window. | shares context with payload | ||||
Survives a zero-day in the model itself Kernel denies even if model is fully compromised. | |||||
| Transparency | |||||
Open red-team bounty with signed challenges | /challenge | private red-team | |||
Public live decision stream | /witness | ||||
honest distinctions
- · OPA is excellent at policy. It is not a model-aware kernel.
- · Constitutional AI shapes the model. It does not contain a runaway one.
- · Guardrails AI validates outputs. It does not gate execution.
- · NeMo Guardrails structures dialog flow. It is not an audit substrate.
- · Project-AI overlaps all of them at the layer none of them occupy: execution.
if you only remember one row
Three signed verdicts. Everything else has two states (allow/deny) or a soft third one (warn, rewrite, flag). Project-AI's third verdict — SAFE_HALT — is the difference between a kernel and a checklist.