Skip to content

About

Programmable Assurance is an emerging discipline in governance engineering.

It emerged from a recurring observation: organizations consistently define intent in one place, execute it somewhere else, measure it somewhere else, and explain it nowhere. That gap — between what organizations intend and what actually happens — is where governance failures live.

The discipline provides a behavioral model for closing that gap: making governance intent executable, continuously enforceable, accountable, and closed-loop through feedback.


The insight behind Programmable Assurance did not come from a single moment.

It emerged from years of operating across every layer of the governance lifecycle simultaneously — establishing intent at the leadership level, authoring policies and controls at the platform level, implementing and operating those controls at the execution level, and being accountable for the financial consequences when governance broke down.

Most people see one layer. Operating across all of them makes the disconnect between them visible in a way it cannot be seen from any single seat.

The discipline was named and formalized in 2026.

Read the full founding story: The Founding Insight


ObsidianWall is the first platform built to implement Programmable Assurance, starting in the infrastructure domain with pre-deployment governance for Terraform and CloudFormation.

obsidianwall.com →


programmableassurance.org is the canonical home of the Programmable Assurance discipline.

Nothing on this site requires ObsidianWall to be true. The discipline is independent of any single implementation. Any platform, tool, or framework can implement Programmable Assurance.

Everything built on ObsidianWall assumes Programmable Assurance is true.


This site is open source. Contributions to vocabulary, principles, research, history, and the category map are welcome.

GitHub →

Content is licensed CC BY 4.0.