Veilfire
About Veilfire

Production Governance for
Agentic AI

Runtime enforcement, evidence trails, and human controls so teams can ship autonomous workflows without the “I hope it behaves” as the safety model.

Founder
Jesse C , founder of Veilfire

Jesse C

Founder, Veilfire

Jesse C, founder of Veilfire

I work at the intersection of security engineering, distributed systems, and applied AI. I build systems for teams that want the upside of autonomous agents without the quiet failure modes that show up later: drift, privilege creep, unsafe tool use, and compliance ambiguity.

My stance is simple: governance has to live at the action boundary, not as an after the fact dashboard and not as transcript archaeology. Enforcement + evidence + escalation are defaults. That’s how agentic AI becomes trustworthy in production.

Trust Contract

  • Explainable, auditable decisions: policy verdicts with evidence, tied to versions.
  • Explicit control for high-risk actions: step-up auth, HITL, approvals. No vibes.
  • Privacy-preserving observability: metadata-first, raw prompts and content stay put.
Results: clarity on risk policy packs controls that matter evidence you can ship

Proof of Work. Writing and artifacts that show how I think about production governance for agentic AI.

PyromancerAn operator-first AI terminal built on safe, secure, ethical AI.EU AI Act complianceWhat you need to know about AI agents and the EU AI Act.Threat modelingA practical walkthrough for agent threat modeling.Lens runtime demoHotel CS agent demo: HITL escalation and policy blocking with Lens.HITL & privacyWhy oversight defaults to full exposure and how to stop it.
Vision

Mission, values, and what “production governance” means

Production governance means the safety model lives inside runtime execution, not in a checklist. Policy is enforced where actions happen, evidence is generated as part of operation, and escalation paths exist before incidents occur.

Veilfire exists to close the gap between AI capability and operational trust: runtime enforcement + evidence + human control.

1Evidence over assumptions. Decisions should be provable, not just plausible.
2Least privilege by default. Agents stay inside bounded authority.
3Fail closed when risk is high. Sensitive actions require explicit approval.
4Privacy-preserving by design. Raw content stays with you.
5Humans stay in the loop. Escalation is a control surface, not an afterthought.

Veilfire's Operator Context

  • Security + distributed systems background focused on production controls, not just prototypes.
  • Applied AI / agent workflows where autonomy meets real operational constraints.
  • Built the Veilfire governance stack: Ember, FireDeck, Lens, and Insight.
  • Publishes practical field notes, threat modeling, drift, and runtime governance patterns.
Trust

Privacy

  • Metadata-first observability by default.
  • Raw prompts and sensitive content stay in your environment.
  • Data minimization is a design constraint, not a feature toggle.

Security Stance

  • Least privilege + bounded autonomy for every agent.
  • Enforcement at tool / action boundaries.
  • High-risk operations escalate to approval / HITL.

Evidence + Retention

  • Evidence over transcript hoarding.
  • Tamper-evident audit trails tied to policy versions.
  • Retention follows risk + compliance intent.
Pyromancer
Pyromancer

A direct contribution to the community

Pyromancer is Veilfire’s values made tangible. An operator-first AI terminal built on safe, secure, ethical AI. It’s not a demo or a prototype. It’s a production tool, available at no cost and hosted on GitHub, that proves governance and capability are not at odds.

We built Pyromancer as a direct introduction to the Veilfire ethos. Enabling everyone to build amazing things together with AI that respects the operator, enforces boundaries, and keeps evidence of what it does. That’s what it looks like when a tool embodies the values behind it.

Operator Control

Human-in-the-loop by default. Three execution modes from step-by-step approval to bounded autonomy. You set the boundaries, the agent stays inside them.

Privacy & Security

No telemetry. No cloud dependency. Secrets stored in your platform's secure vault, terminal output redacted before the AI sees it, and tamper-evident audit trails.

Open & Auditable

Available at no cost on GitHub for macOS and Windows. Cryptographic audit logs. Every AI action, permission decision, and command execution, all verifiable locally.

Explore PyromancerView on GitHub
Writing

Featured writing

Ongoing proof-of-work on agent threat modeling, drift detection, and production governance. If you want the implementation thinking, this is where it lives.

Pyromancer: An Operator-First AI Terminal

Built on safe, secure, ethical AI. An AI terminal designed with operator control and governance at its core.

Read article

EU AI Act Compliance + AI Agents

What you need to know about AI agent compliance under the EU AI Act.

Read article

Human-in-the-Loop Is a Privacy Trap

Why HITL oversight defaults to full exposure and how graduated disclosure keeps surveillance out of safety workflows.

Read article

Threat Modeling AI Agents

A practical threat modeling walkthrough of a hotel customer support agent.

Read article

From Threat Model to Runtime Control

Continuing the hotel CS agent story — a hands-on demo of HITL escalation and policy blocking with Veilfire Lens.

Read article

Tracking Drift

How autonomy creep happens, and how to detect it.

Read article

Why Guardrails Fail

Where most stacks break under real pressure.

Read article (part 1)Read article (part 2)Read article (part 3)
Read all writing on Medium

Make agentic AI production-grade.

Put guardrails where they matter: runtime enforcement, audit-ready evidence, and human control for high-risk actions, all without capturing raw prompts.

Read the writing

Proof, not promises.