# Kamiwaza AI Orchestration Platform — 4+1 Layer AI Infrastructure Assessment

> Mapped to the 4+1 Layer AI Infrastructure Model  
> Version: v1.0 · Date: May 26, 2026  
> Source: Kamiwaza 1.0 launch (May 2026), Kamiwaza v0.9.3 docs, product pages, HPE Town of Vail whitepaper, Tracxn profile, SecurityBrief coverage, GitHub repos  
> Published by: The CTO Advisor LLC · thectoadvisor.com  
> Author: Keith Townsend

[Full interactive assessment](https://layer2c.web.app/assessment/kamiwaza) · [Methodology](https://layer2c.web.app/methodology) · [What Is Layer 2C?](https://layer2c.web.app/what-is-layer-2c)

## Executive Summary

Kamiwaza is a software-only AI orchestration platform that enters the buyer conversation at Layer 2C and works downward. It is one of only two vendors in the instrument — alongside Articul8 — whose primary product includes the reasoning plane. Where Articul8's Intelligence-2C focuses on mission decomposition and domain-specific agent routing, Kamiwaza's Intelligence-2C focuses on governance: cross-agent authority, relationship-based access control, and policy enforcement at execution time. The enterprise gets production-validated cross-agent governance that no other on-prem vendor provides independently.

The capture mechanism is governance-layer capture — a third pattern distinct from both coupled capture (data moves into the vendor's namespace) and decoupled capture (data stays open, proprietary opinion layer is captive). Kamiwaza's data stays in place, the infrastructure stays under enterprise control, and the enterprise feels free at the visible layers. What Kamiwaza captures is the authority to decide what the data means (the living ontology at Layer 1B) and what agents may do with it (the ReBAC governance at Layer 2C). These are arguably the most valuable layers to own — and the hardest to leave, because the ontology, relationship graph, and governance policies accumulate over time as proprietary Kamiwaza artifacts.

Three gap layers — L0 (compute), L1C (data movement), L2A (infrastructure orchestration) — are by design. A software-only vendor should not be at Layer 0. Kamiwaza's explicit 'no data movement' thesis means L1C absence is architectural, not accidental. L2A absence reflects that Kamiwaza orchestrates AI workloads and agents, not the underlying infrastructure. These gaps define Kamiwaza's scope, not its weakness.

The buyer's trade: production-grade cross-agent governance and distributed AI orchestration without moving data or committing infrastructure — in exchange for Ceding the governance and semantic layers to Kamiwaza's proprietary platform. The data is free. The understanding of the data is captive. A closed system is a closed system.

Kamiwaza's position in the instrument is structurally inverse to Dell's: Dell is strong at the bottom of the stack (L0, L1A) and absent at the top (L2C). Kamiwaza is strong at the top (L2C, L1B) and absent at the bottom (L0, L1C, L2A). HPE's Unleash AI program bridges the two — Kamiwaza as the Delegated Layer 2C partner on HPE's infrastructure substrate. That pairing is the only assessed combination that covers all eight layers with identified authority at each.

## Layer Status

| Layer | Status | Classification |
|---|---|---|
| Layer 0 | ○ Enterprise Responsibility | Compute & Network Fabric |
| Layer 1A | ◑ Derived Artifact Layer | Data Storage & Governance |
| Layer 1B | ● Kamiwaza Differentiator | Context Management & Retrieval |
| Layer 1C | ○ Enterprise Responsibility | Data Movement & Pipelines |
| Layer 2A | ○ Enterprise Responsibility | Infrastructure Orchestration |
| Layer 2B | ◑ Kamiwaza Runtime | Application Runtime & Execution |
| Layer 2C | ● Kamiwaza Core | Agentic Infrastructure — The Reasoning Plane |
| Layer 3 (+1) | ◑ Platform + Kaizen | AI Application Layer — The Value Plane |

## DAPM Profile

| Classification | Count | Meaning |
|---|---|---|
| Retained | 0 | Enterprise owns and controls this capability |
| Delegated | 3 | Provided by substitutable partner; enterprise retains swap authority |
| Ceded | 15 | Vendor controls this; enterprise has no governance authority |
| Absent | 0 | No capability at this layer |

## Strongest Layers

- **Layer 1B** (Context Management & Retrieval) — Kamiwaza Differentiator
- **Layer 2C** (Agentic Infrastructure — The Reasoning Plane) — Kamiwaza Core

## Gap Areas

- **Layer 0** (Compute & Network Fabric) — Enterprise Responsibility
- **Layer 1C** (Data Movement & Pipelines) — Enterprise Responsibility
- **Layer 2A** (Infrastructure Orchestration) — Enterprise Responsibility

## Layer-by-Layer Detail

### ○ Layer 0: Compute & Network Fabric

*Raw compute, networking, and acceleration fabric*  
**Status:** Enterprise Responsibility

**Gap Analysis:** Kamiwaza provides no compute hardware, networking, or acceleration fabric. The enterprise brings its own infrastructure — on-prem servers, cloud instances, edge nodes, DGX Spark — and Kamiwaza runs on top of it. The platform is validated on NVIDIA DGX Spark, Intel Gaudi 3, and Ampere processors, but these are deployment targets, not owned hardware.

The enterprise retains full responsibility for Layer 0. This is by design — a software-only platform vendor should not own the compute layer.

### ◑ Layer 1A: Data Storage & Governance

*Durable, governed data foundation — the Governance Catalog that Layer 2C queries*  
**Status:** Derived Artifact Layer

**Distributed Data Engine (DDE) Ingestion** [DAPM: Ceded]  
Connector-driven pipelines ingest from S3, Postgres, Kafka, SharePoint, Slack, file systems into Kamiwaza's vector stores. Scheduled or one-time runs. Credential management via Kamiwaza secrets (encrypted at rest). Job monitoring via observability dashboards. Proprietary ingestion pipeline — connector logic and scheduling captive to Kamiwaza platform.

**Data Catalog** [DAPM: Ceded]  
Metadata catalog for ingested documents and data assets. Tracks connector provenance, security markings, ingestion status. Proprietary catalog — metadata schema and query interface captive to Kamiwaza.

**Security Markings System** [DAPM: Ceded]  
Document-level security classification enforcement. system_high clearance validation, default_security_marking per connector, X-User-System-High header validation at retrieval time. Designed for regulated environments (federal, healthcare, financial services). Proprietary security model captive to Kamiwaza platform.

**Vector Store Substrate (Milvus / Qdrant)** [DAPM: Delegated]  
Open-source vector databases for embedding storage and retrieval. Enterprise could extract vector data and operate Milvus/Qdrant independently. The vector data artifacts are portable; the pipeline that produced them is not.

**Gap Analysis:** Kamiwaza does not govern the enterprise's source data stores — they remain in place under whatever authority already manages them. What Kamiwaza does provide is a derived artifact layer: the DDE ingests from source systems (S3, Postgres, Kafka, SharePoint, Slack, file systems) into Kamiwaza's own vector stores (Milvus/Qdrant) and application database (CockroachDB). The Data Catalog indexes metadata. The security markings system (system_high, X-User-System-High header, default_security_marking) enforces classification at the artifact level.

This is a genuine 1A function — Kamiwaza creates and governs its own data artifacts — but it operates alongside the enterprise's existing data governance, not in place of it. Comparable to how Palantir's Ontology creates a governed semantic layer over open data substrates without replacing the underlying storage.

The vector store substrate is open-source (Milvus, Qdrant) — the data artifacts are technically portable. But the ingestion pipeline logic, connector configurations, chunking strategies, and security markings are Kamiwaza IP.

### ● Layer 1B: Context Management & Retrieval

*Low-latency retrieval for RAG — vector/hybrid search, context windows, semantic understanding*  
**Status:** Kamiwaza Differentiator

**Context Manager / Living Ontology** [DAPM: Ceded]  
Automatically builds and maintains a knowledge graph across all data sources — entities, relationships, insights spanning organizational boundaries. No manual mapping or data centralization. Grounds AI in up-to-date enterprise context, reduces hallucinations. Proprietary ontology engine — the semantic understanding of enterprise data is captive to Kamiwaza.

**Inference Mesh** [DAPM: Ceded]  
Routes LLM reasoning to distributed data sources without moving the data. Decentralized inference adds intelligence to retrieval within the enterprise's security perimeter. Model-agnostic — supports multiple LLM providers via litellm integration. Proprietary routing and orchestration logic captive to Kamiwaza.

**Retrieval Service** [DAPM: Ceded]  
RAG pipeline connecting DDE-ingested vector data to LLM inference. Integrates with Milvus/Qdrant vector stores and the Context Manager ontology. Proprietary retrieval orchestration captive to Kamiwaza.

**Gap Analysis:** Kamiwaza's primary product differentiator. The Context Manager automatically builds a living ontology across distributed data sources — a knowledge graph connecting entities, relationships, and insights that span organizational boundaries without manual mapping or data movement. The Inference Mesh routes LLM reasoning to data sources without moving the data, adding intelligence to retrieval without the security risk of sending internal data to public cloud APIs.

The living ontology is the most architecturally significant 1B capability in the instrument alongside Palantir's Ontology. Both build a semantic layer over distributed data. The difference is architectural: Palantir pulls data into its namespace and operates the platform; Kamiwaza queries data in place and the enterprise operates the software on its own infrastructure. Both are Ceded — the semantic understanding is proprietary in both cases.

The litellm fork on GitHub suggests open model routing for inference — Kamiwaza is model-agnostic at the inference layer, routing to whatever LLMs are available locally. This is a genuine differentiator vs. vendors locked to specific model providers.

Open question: is the ontology exportable in an open format (RDF, OWL, JSON-LD)? If yes, the ontology data is portable even though the maintenance engine is captive. If no, both the engine and the accumulated knowledge graph are captive. This single fact would determine whether L1B capture is hard (nothing leaves) or soft (the snapshot leaves but the living maintenance doesn't). Either way, DAPM is Ceded — the ongoing ontology maintenance is proprietary regardless.

### ○ Layer 1C: Data Movement & Pipelines

*Move/transform data — ETL/ELT, lineage, cost-aware movement, KV cache tiering*  
**Status:** Enterprise Responsibility

**Gap Analysis:** Kamiwaza explicitly does not move data — that is the product thesis. 'Stop moving data. Start running AI where your data lives.' ETL/ELT pipelines, lineage tracking, cost-aware data movement are not in scope. The enterprise's existing pipelines (Airflow, Spark, whatever they have) continue to operate.

The DDE does ingest data into Kamiwaza's vector stores, but this serves Layer 1B retrieval, not Layer 1C data movement as the model defines it. There is no general-purpose pipeline orchestration, no lineage graph, no cross-system ETL.

This absence is architectural, not accidental. A vendor whose core value proposition is 'we don't move your data' cannot also provide a data movement layer. The enterprise retains full responsibility for L1C.

### ○ Layer 2A: Infrastructure Orchestration

*GPU scheduling, quotas, RBAC, infrastructure lifecycle management*  
**Status:** Enterprise Responsibility

**Gap Analysis:** Kamiwaza does not provision, schedule, or lifecycle-manage infrastructure. GPU scheduling, quota enforcement, VM lifecycle, cluster provisioning — none of this is Kamiwaza's domain. The enterprise's existing infrastructure orchestration (Kubernetes, VMware VCF, GreenLake, Run:ai) operates beneath Kamiwaza.

The platform runs on Docker Swarm with Traefik, managed by Kamiwaza's own orchestration — but this manages Kamiwaza's internal services, not the enterprise's broader infrastructure estate. The enterprise retains full responsibility for infrastructure orchestration.

Compare to VAST (Polaris manages the VAST fleet), VMware (VCF manages the entire estate), or HPE (GreenLake manages hybrid infrastructure). Kamiwaza has no equivalent — it is a tenant on the enterprise's infrastructure, not a manager of it.

### ◑ Layer 2B: Application Runtime & Execution

*Model serving, agent execution, inference APIs, distributed inference*  
**Status:** Kamiwaza Runtime

**Workrooms (v1.0)** [DAPM: Ceded]  
Bounded collaboration spaces for teams and AI agents. Users and agents operate within existing permissions. Each Workroom contains its own data and tools available only to authorized users. Access boundaries enforced at the platform architecture level, not through manual policy changes. Proprietary runtime — execution model captive to Kamiwaza.

**Kaizen Agent** [DAPM: Ceded]  
Configurable AI coworker that works across internal data sources through the Context Manager. Skills library defines what the agent can do and under which conditions. Multi-modal analysis and output. Expanded in v1.0. Proprietary agent framework captive to Kamiwaza.

**Tool Shed** [DAPM: Ceded]  
Governed tooling platform enabling AI to access data and take action through controlled tools. Security enforced at the tool level — at execution time, AI can only perform actions the requesting user is authorized to take. ReBAC ensures permissions enforced when actions execute. Every action logged for audit. Proprietary governance model captive to Kamiwaza.

**Infrastructure Substrate (Open-Source)** [DAPM: Delegated]  
Ray Serve (model serving), CockroachDB (application database), Milvus/Qdrant (vector stores), Keycloak (authentication), etcd (service discovery), Docker Swarm (orchestration), Traefik (reverse proxy). Open-source components the enterprise could operate independently — though the Kamiwaza services layer that composes them is proprietary.

**Gap Analysis:** Kamiwaza provides a genuine agent runtime: Workrooms (bounded execution environments with architecture-level access enforcement), Kaizen agent (configurable AI coworker with skills library), Tool Shed (governed tooling with ReBAC enforcement), and the Inference Mesh (local model serving). Chainguard-hardened containers provide attested infrastructure with SLSA Level 3 pipelines and verified SBOMs.

What Kamiwaza does not provide is the broader model serving infrastructure — no NIM-equivalent optimized inference containers, no Triton, no KServe, no distributed training framework. The Inference Mesh serves models locally via Ray Serve, but the model serving story is thinner than a full 2B vendor like VAST AgentEngine or AWS Bedrock.

The self-deploy model is notable: .deb packages for Ubuntu, .rpm for RHEL, MSI for Windows, macOS tarball. Enterprise Edition adds Terraform deployment. The enterprise operates the full platform on its own infrastructure with no Kamiwaza SaaS dependency at runtime. But self-deployable does not make it Retained — the runtime opinions are proprietary and captive.

Authentication is built on Keycloak (open-source OIDC/JWT). RBAC policy is YAML-based. These substrates are open — the ReBAC governance layer above them is proprietary Kamiwaza IP.

### ● Layer 2C: Agentic Infrastructure — The Reasoning Plane

*Policy-driven placement and resource coordination — the Autonomy Layer*  
**Status:** Kamiwaza Core

**Living Ontology (Governance Layer)** [DAPM: Ceded]  
The ontology that determines what data means, how it relates across systems, and what policies apply — updated in real time across distributed sources. This is the governance foundation that the ReBAC layer and Tool Shed query to make authorization decisions. Proprietary semantic governance captive to Kamiwaza.

**ReBAC Enforcement (Relationship-Based Access Control)** [DAPM: Ceded]  
Constrains agent permissions based on relationship context, not just role. Emerged from production behavior — traditional RBAC breaks when autonomous agents cross department boundaries. Enforced at execution time with full audit logging. Proprietary governance model captive to Kamiwaza.

**Cross-Environment Evaluation** [DAPM: Ceded]  
Rather than treating anomalies or requests as isolated events, Kamiwaza evaluates what else is happening across the environment to determine appropriate response. Agents surface relevant information, trigger correct workflows, and support operators as conditions change. Validated in Town of Vail fire detection coordination. Proprietary orchestration logic captive to Kamiwaza.

**Agent Lifecycle Governance** [DAPM: Ceded]  
Determines which agents run, in what sequence, with what inputs, under what constraints. Enforces human-in-the-loop checkpoints. Manages agent lifecycle at the execution layer. Mission decomposition and decision authority placement. Proprietary agent governance captive to Kamiwaza.

**Gap Analysis:** Kamiwaza is one of two vendors in the instrument — alongside Articul8 — whose primary product includes Layer 2C. Both are strong at Intelligence-2C; they address different facets of the same layer function.

Kamiwaza's Intelligence-2C is governance-first: the living ontology determines context, the ReBAC enforcement constrains agent actions at execution time, the Tool Shed governs what tools agents can invoke, and every action is logged for audit. Kamiwaza asks: 'may this agent act, on this data, under this policy?' Town of Vail production evidence validates this across multiple agent types — accessibility auditing, document processing, fire detection coordination — with cross-departmental authority boundaries and human-in-the-loop checkpoints.

Articul8's Intelligence-2C is reasoning-first: mission decomposition, domain-specific agent routing, policy-constrained execution planning. Articul8 asks: 'which intelligence should handle this mission, and how should it be decomposed?' These are complementary, not overlapping capabilities.

Infrastructure-2C (where inference physically runs at request time): Partial for Kamiwaza. The Inference Mesh routes inference requests across available models and compute, which is adjacent to live placement. But the documentation frames this as locality-aware data access rather than multi-variable infrastructure placement reasoning (cost + compliance + latency + data residency simultaneously). Neither Kamiwaza nor Articul8 provides full Infrastructure-2C — Articul8 explicitly acknowledges this as the responsibility of hyperscalers and platform vendors.

The RBAC-to-ReBAC evolution is architecturally significant. Traditional role-based access breaks when autonomous agents operate across department boundaries. Relationship-Based Access Control, which emerged from Kamiwaza's production behavior at Town of Vail, constrains agent permissions based on context, not just role. This validates the 4+1 model's claim that Layer 2C requires governance architecturally distinct from Layer 2A infrastructure RBAC.

Compare to:
• Dell: Layer 2C gap. Enterprise retains responsibility.
• HPE: Delegated to Kamiwaza via Unleash AI. Production-validated.
• Articul8: Ceded (Intelligence-2C strong — mission decomposition, domain-specific agent routing. Complementary to Kamiwaza's governance focus).
• Google: Ceded (Agent Platform — productized, comprehensive, captive).
• VAST: Ceded (PolicyEngine + Polaris — announced, GA end 2026).
• Palantir: Ceded (Ontology + Apollo — Intelligence-2C strong, Infrastructure-2C adjacent).
• Kamiwaza: Ceded (governance-first 2C; cross-agent authority and ReBAC capture).

### ◑ Layer 3 (+1): AI Application Layer — The Value Plane

*AI-powered business capabilities — business logic, workflow automation*  
**Status:** Platform + Kaizen

**Kaizen Agent (v1.0)** [DAPM: Ceded]  
Configurable AI coworker with skills library. Multi-modal analysis and output. Works across internal data sources through Context Manager. The primary Layer 3 application Kamiwaza provides. Proprietary agent — captive to Kamiwaza platform.

**App Garden** [DAPM: Ceded]  
Platform for discovering and deploying pre-packaged AI applications and services. Curated marketplace model. Deployment surface for enterprise and partner applications. Proprietary marketplace — captive to Kamiwaza platform.

**Use Case Templates and Deployment Patterns** [DAPM: Delegated]  
Compliance automation, document processing, legal, HR, supply chain, sales acceleration, knowledge construction, smart cities. Templates and reference implementations, not packaged applications. Enterprise builds on these using Kamiwaza platform primitives.

**Gap Analysis:** Kamiwaza provides one first-party Layer 3 application — the Kaizen agent, a configurable AI coworker with a skills library, multi-modal analysis, and integration across internal data sources via the Context Manager. Kaizen is the primary user-facing surface for enterprise AI interaction.

Beyond Kaizen, the App Garden provides a deployment surface for additional applications, and the Tool Shed enables governed tool composition. The use-case library is extensive — compliance automation, document processing, legal, HR, supply chain, sales acceleration, knowledge construction — but these are deployment patterns and templates, not packaged applications.

Kamiwaza is primarily a platform vendor, not an application vendor. The analogy is closer to VMware (platform that enables enterprise-built applications) than to ServiceNow (application vendor with a platform). Layer 3 applications will be built by the enterprise's own teams or partners using Kamiwaza's platform primitives.

The HPE Unleash AI partnership positions Kamiwaza-built applications (ARIA accessibility agent, deed restriction processor, fire detection coordinator) as reference implementations — proof points for what the platform enables, not the platform's Layer 3 offering.

Partner integrations: Dell + Intel Gaudi 3 joint solution, HPE Unleash AI program, DHS deployment. These are delivery partnerships, not ISV ecosystem depth comparable to Dell's (5,000+ customers, OpenAI/Palantir/ServiceNow) or HPE's (26+ Unleash AI members).

---
*Layer2C · AI Infrastructure Decision Intelligence · The CTO Advisor LLC · thectoadvisor.com*