Skip to content
FileMayorby Chevza
Download
← Back to writing

Security · architecture

Inside the Chevza Doctrine: six layers between an AI plan and your filesystem.

How FileMayor allows intelligent planning without risking uncontrolled execution.

2026.04.26 · 7 min read

FileMayor operates on one of the most sensitive surfaces in computing — your filesystem. It can move files, rename them, delete them, reorganize entire directory trees. Introducing AI into this environment creates a problem.

How do you allow intelligent planning without risking uncontrolled execution?

The answer is the Chevza Doctrine — a layered safety architecture that sits between intent and action.

The principle

No single component should have the authority to decide, validate, and execute. Instead, FileMayor splits responsibility across six layers.

1. Jail

The Jailer constrains scope. It is symlink-aware. It ensures operations are limited to allowed directories and refuses any path that escapes the intended boundary, including indirect paths through symlinks.

2. Vault

The Vault holds secrets — license keys, AI provider credentials, webhook signing secrets. They live in the OS keychain, never on disk in plaintext.

3. Guardrail

The Guardrail inspects every batch the AI returns, before validation. It pattern-matches against destructive shapes — mass-deletes beyond a threshold, recursive renames over protected paths, ambiguous overwrites. These are hard constraints, not suggestions.

4. Halt

The Halt layer treats the journal as durable state. Every move writes its intent to disk before the move happens, and writes its completion after. Forced shutdown mid-operation always rolls back cleanly. There is no half-applied state.

5. Architect

The Architect validates the plan as a whole. It refuses domain-scattering moves that would split semantically related files. It detects circular dependencies between operations. Plans that fail validation never reach execution.

6. Security

The final boundary. Path traversal checks, rate limiting, input validation. The layer with the fewest interesting decisions and the most consequential bugs if it ever fails.

Why layers matter

A single safety check is fragile. Layered systems are resilient because failure in one layer is caught by another, responsibilities are isolated, and behavior is easier to reason about.

AI plus safety

AI systems are powerful because they generalize. They are risky for the same reason. The Doctrine ensures that AI can propose, but cannot directly execute. There is always a boundary.

What this means in practice

When you run FileMayor: the AI suggests a plan, the Doctrine validates it, the execution engine applies it safely, and you can undo it. At no point does a single component control the entire flow.

Closing

Most tools treat safety as a feature. FileMayor treats it as architecture. The Chevza Doctrine is not visible in the UI. You will not see it when things go right. But it is the reason things do not go wrong. And when you are dealing with your filesystem, that is what matters.

For the canonical reference — code locations, exit codes, vulnerability disclosure process — see /docs/security.