IOA Core v2.5.1 is now live and available to the community. This release represents months of refinement, testing, and community feedback to deliver a production-ready AI governance kernel.
What is IOA Core?
IOA (Intelligent Orchestration Architecture) Core is an open-source framework for governed AI orchestration that brings verifiable policy enforcement, cryptographic evidence generation, and complete audit trails to every AI workflow. It's the only governance kernel that treats compliance as a runtime property rather than a post-deployment concern.
Runtime Governance Kernel
Policy enforcement happens in-loop. during AI execution, not after. Every decision is validated against governance rules before it reaches production.
Cryptographic Evidence Generation
Every AI interaction produces signed evidence bundles that auditors can verify. No more reconstructing decisions after incidents. evidence is generated at the moment of execution.
Vendor-Neutral Orchestration
Works with OpenAI, Anthropic, Google Gemini, DeepSeek, xAI, and Ollama. Switch providers without rewriting compliance logic. governance stays consistent across all AI models.
Open Source Principles
IOA Core is open source under the Apache 2.0 license. We believe governance infrastructure should be transparent, auditable, and community-driven.
Auditability
Every line that governs AI is inspectable. No black boxes in the runtime governance kernel.
Interoperability
Vendor-neutral interfaces keep policy and evidence portable across providers and platforms.
Community
Patterns for governed AI improve fastest in public. Contributions help harden real-world safety.
How IOA Core Works
Policy Definition
Define governance rules using IOA's Seven System Laws: transparency, consent, fairness, security, auditability, accountability, and sustainability.
Runtime Enforcement
IOA intercepts every AI request, validates against policies, and either allows or blocks the operation before it reaches the model.
Evidence Generation
Every decision generates a cryptographically signed evidence bundle containing the request, policy evaluation, and response. immutable and auditable.
Audit Trail
Evidence bundles are stored in an immutable audit chain. Compliance teams can verify any decision at any time with tamper-proof records.
Technical Foundation
- Python 3.10-3.12: Modern, type-safe Python with full async support
- AES-GCM Encryption: At-rest encryption for sensitive data in memory fabric
- Multi-Tier Storage: Hot (in-memory) and cold (persistent) storage with SQLite, S3, or local JSONL backends
- 6 Major LLM Providers: Unified interface for OpenAI, Anthropic, Google, DeepSeek, xAI, and Ollama
- Educational Framework: IOA Core provides governance primitives; full compliance cartridges available separately
Why is IOA Core Free?
IOA Core is Apache 2.0 licensed and always will be. Here's why we believe governance infrastructure should be open source:
Transparency Builds Trust
When your AI governance depends on closed-source black boxes, you're replacing one trust problem with another. Open source lets you audit every line of the kernel that governs your AI.
Governance is Infrastructure
Just like Linux powers the internet, governance infrastructure should be a public good. AI systems need standardized, auditable foundations. not proprietary vendor lock-in.
Community Innovation
The best governance patterns emerge from collective intelligence. By open-sourcing IOA Core, we enable the community to build, test, and refine governance approaches together.
Enterprise Adoption
Enterprises need to verify security and compliance claims. Open source provides the transparency required for regulatory approval and enterprise deployment.
Note on Business Model: IOA Core is free forever. OrchIntel offers enterprise support, compliance cartridges (HIPAA, SOC 2, GDPR), and the QiX application suite as commercial offerings. The governance kernel remains open and free.
Why Should You Join?
Whether you're building AI products, ensuring compliance, or researching governance. IOA Core gives you production-ready infrastructure and a community solving the same challenges.
For Developers
- Six copy-paste examples to get started in minutes
- Vendor-neutral API. switch AI providers without code changes
- Full async support and modern Python 3.10+ features
- Comprehensive documentation and active Discord community
For Compliance Teams
- Immutable audit trails with cryptographic verification
- Evidence bundles that auditors actually trust
- Educational framework aligned with GDPR, HIPAA, SOC 2 requirements
- Runtime policy enforcement prevents non-compliant operations
For Researchers
- Open-source kernel to study governance patterns
- Reference implementation of Seven System Laws
- Contribute to evolving AI governance standards
- Academic-friendly Apache 2.0 license
For Enterprises
- Production-ready from day one (v2.5.1)
- Commercial support and compliance cartridges available
- Deploy in regulatory sandboxes (preparing regulatory application)
- Vendor-neutral reduces AI infrastructure risk
What's New in v2.5.1
Six Working Examples
Copy-paste ready examples covering real-world scenarios from basic policy enforcement to multi-provider orchestration. Each example is fully tested and documented.
Immutable Audit Chains
Every AI decision generates cryptographically signed evidence bundles with full audit trails. Complete visibility with tamper-proof records.
Governance Primitives
Build custom compliance frameworks using IOA's governance primitives: System Laws, policy enforcement, evidence generation, and runtime assurance scoring.
Vendor-Neutral
Orchestrate AI providers (OpenAI, Anthropic, DeepSeek, and more) through a unified governance layer. Switch providers without rewriting compliance logic.
SPDX Compliant
Every file properly licensed under Apache 2.0 with complete SPDX headers. Clean, auditable, and ready for enterprise adoption.
Try IOA Core Today
Get started with AI governance in minutes. View the code, read the docs, or join our community.
Join the Community
We're building IOA in the open and would love your feedback, contributions, and ideas.
What's Next
Since this release, we've delivered comprehensive compliance cartridges including HIPAA, SOC 2, ISO 27001, and many others. The QiX application suite is now production-ready with frameworks for healthcare, pharmaceuticals, and legal citation validation.
Stay tuned for updates, and thank you for being part of the IOA community!