Architecture

GEORGE — The Governed Decision Layer

A unified multi-agent architecture for industrial execution: GEORGE orchestrates specialized agents across ISA-95 levels — governed by contracts, constrained by policy, and grounded in a Single Source of Truth.

TRUTH-LOCKED UI PR-only execution No decision without trace Phase 10 focus: GEORGE Contract v1+
Architecture diagram

The diagram shows the unified architecture. Below, we make it explicit and audit-grade: boundaries, inputs/outputs, and governance rules.

Story: why GEORGE exists

Core idea: the real conflict is not ERP vs. MES — it’s the absence of a neutral, governed decision layer. ERP optimizes intent. MES optimizes physical reality. Without an explicit decision architecture between them, optimization turns into structural conflict, hidden trade-offs, and silent inconsistency.

ERP optimizes intent

Cost, delivery commitments, sourcing constraints, inventory, contractual obligations — the “economic plan” of the enterprise.

Examples
  • Expedite vs. cost trade-off
  • Supplier constraints & lead times
  • Order priorities and promise dates

MES optimizes reality

Takt time, downtime, quality gates, scrap/rework loops, OEE, WIP — the “physical truth” of the factory.

Examples
  • Line stop, rework routing
  • Quality containment decisions
  • Capacity and resource availability

GEORGE makes trade-offs explicit

GEORGE does not “integrate systems”. It orchestrates decisions: ranks priorities dynamically, applies constraints, enforces authority, writes a decision trace, and produces auditable action proposals.

One sentence

GEORGE is the governed decision layer between ERP intent and MES reality.

ERP ↔ MES: where they stop — and GEORGE starts

ERP (Intent Signals)

Financial intent, plan commitments, sourcing and inventory constraints.

Provides
  • Order priorities & promise dates
  • Cost targets & budget constraints
  • Supplier/contract constraints

GEORGE (Decision Layer)

Neutral decision architecture: governed, traceable, auditable.

Produces
  • Decision drafts (ranked options)
  • Gate verdicts (allow/block)
  • PR-only action proposals

MES (Reality Signals)

Real-time production truth: events, quality, throughput, availability.

Provides
  • Events: downtime, alarms
  • Quality: scrap, rework, containment
  • Throughput & WIP

Phase-10 implication: decisions must be machine-checkable before they can become operational — across abstraction layers (UI → system → factory).

RAG is memory — SSOT is truth

SSOT (Single Source of Truth)

Operational reality. The UI must render only what is in the truth source — and show an explicit “truth missing” state if it isn’t available.

Normative rule
  • No UI fallbacks
  • No “partial truth” rendering
  • Schema-validated snapshots

RAG (Organizational Memory)

Context, procedures, historical cases, standards, supplier specs, and prior decision traces — helpful for reasoning, never authoritative for truth.

Governance rule
  • RAG can suggest, not assert truth
  • Decisions must reference evidence + SSOT
  • No decision without trace

Practical implication

If RAG says “likely cause is X” but SSOT and evidence don’t support it, the system must treat it as a hypothesis — not an operational fact.

GEORGE Contract v1+ (Spec inside the story)

Phase 10 prepares the normative boundary: inputs, outputs, guarantees, and non-negotiable constraints. The point is not “smart automation”, but governed autonomy.

Inputs (what GEORGE is allowed to read)

Truth & Reality

  • SSOT.state — current snapshot of reality
  • MES.events — real-time production signals
  • Evidence links — logs, measurements, audit files

Intent & Constraints

  • ERP.intent — commitments, cost, sourcing constraints
  • Policies — authority matrix, escalation rules
  • Constraints — safety, legal, physical, economic
  • RAG.context — memory (non-authoritative)
Outputs (what GEORGE is allowed to write)

Decision Outputs

  • decision_draft — ranked options + rationale
  • decision_trace.jsonl — append-only audit trail
  • gate_result.json — allow/block + reasons

Execution Outputs

  • action_proposal — PR-only change proposal
  • no silent execution — execution requires governance
Guarantees (non-negotiable)
  • No decision without trace.
  • Authority enforcement. Guardian gating is binding.
  • Deterministic artifacts. Same inputs → same trace format.
  • PR-only production changes. Governance approves execution.
GEORGE never…
  • …writes UI/HTML
  • …bypasses Guardian
  • …treats RAG as truth
  • …executes production changes silently
  • …decides without a trace

Audit-grade artifacts (what makes autonomy governable)

Truth artifacts

  • /ops/reports/system_status.json — SSOT snapshot
  • /ops/reports/latest.json — pointer/summary

The public status UI is a strict mirror of these artifacts.

Decision & governance artifacts

  • /ops/reports/decision_trace.jsonl — append-only trace
  • /ops/decisions/gate_result.json — allow/block verdict
  • /ops/agent_activity.jsonl — evidence of runs

Governance is not “documentation” — it is machine-readable evidence.

Consistency before autonomy: autonomy without consistency is just fast inconsistency. A system’s intelligence is only as reliable as the consistency of its underlying truth.

How orchestration works

GEORGE orchestrates specialized agents (Root Cause, Quality, Procurement, Finance, etc.) and binds them to governed contracts. The agents may propose actions — execution is PR-only and gate-controlled.

Orchestration flow

Runtime loop (supervised)

  • Read SSOT + events
  • Evaluate constraints + policies
  • Ask specialized agents for options
  • Produce decision draft + trace
  • Gate verdict (allow/block/escalate)

Change loop (PR-only)

  • Create action proposal as PR
  • Governance CI validates contracts & artifacts
  • Human approval required
  • Deploy changes via governed workflow