Roadmap

Built around a simple product truth: AI systems moving into regulated workflows need signed evidence, deterministic governance, and operational controls that can survive audit.

What We Are Building

A cryptographic audit and governance layer for AI systems: signed Trust Receipts, independent verification, deterministic kernel decisions, and enterprise control plane workflows.

What We Are Not Building

Not a foundation model company
Not another AI chat interface
Not a replacement for model providers
Not just an observability dashboard

Phase 1: Verifiable Trust Receipts

Cryptographic evidence for governed AI interactions, designed to verify independently of the platform operator.

DeliveredComplete

Ed25519 Trust Receipt Signing

Receipts are signed with real cryptographic signatures, not just hashed and logged.

RFC 8785 Canonical JSON

Canonical receipt payloads ensure signing and verification operate over the same byte-level representation.

Hash-Chained Ledger Continuity

Each new receipt advances the chain so tampering becomes evident across receipt history.

Independent Verification Endpoints

Public key and proof endpoints allow third parties to verify receipts without authenticated backend access.

Canonical Receipt Minting Path

Receipt generation now flows through one canonical minting path instead of multiple drifting implementations.

Receipt Crypto Contract Tests

Architectural invariant tests enforce the signing and verification contract across the platform.

What This Enables

Portable, tamper-evident audit artifacts for regulated AI workflows.

Phase 2: Canonical Governance Kernel

A two-tier governance model where semantic risk signals feed a deterministic kernel that remains the final authority.

DeliveredComplete

Semantic Classification Layer

Model-based classification detects domain, stakes, and risk signals before policy composition.

Deterministic Trust Kernel

Domain packs, rule caps, thresholds, and decision composition remain deterministic and inspectable.

Canonical Trust Evaluation Path

Product trust evaluation is unified behind one kernel path so callers cannot silently drift.

Structured Kernel Trace Output

Receipts capture rationale, rule triggers, signal gaps, and score composition in a reviewable trace.

Caller Contract Enforcement

Architecture tests ensure receipt-producing trust flows call the canonical evaluation path.

Review-Ready PASS / PARTIAL / FAIL Semantics

Governance outcomes are explicit, signed, and visible in both product UI and exported artifacts.

What This Enables

Auditable, reproducible governance outcomes instead of black-box trust scoring.

Phase 3: Enterprise Hardening

Enterprise deployment controls around signing, content handling, auditability, and receipt lifecycle management.

DeliveredComplete

Signer Abstraction

Receipt signing can use local keys or delegated external signer infrastructure.

External Signer Timeout & Startup Verification

Delegated signing fails fast on timeout and verifies signer metadata on startup to catch configuration drift.

Hash-Only Receipt Mode

Receipts can sign prompt and response hashes instead of embedding raw content directly.

Detached Content Archive

Prompt and response content can be archived separately with tenant-scoped retrieval controls.

Receipt Provenance Metadata

Receipts record signer source, timestamp source, content mode, and related provenance details.

Anchor Lifecycle Tracking

Queue, submit, refresh, and confirmation state are tracked for anchored receipt workflows.

Receipt Access Audit Logging

Content reads and anchor operations are explicitly logged for enterprise audit review.

What This Enables

Production readiness for security-sensitive and regulated customer environments.

Phase 4: Governance Orchestration

A constraint-aware governance control plane that coordinates sensing, analysis, action planning, and intervention workflows.

DeliveredComplete

Overseer Advisory & Enforced Modes

The orchestrator can recommend actions or execute constrained governance actions automatically.

Tenant-Safe Brain Cycle Locking

One overseer cycle runs per tenant at a time, closing multi-tenant race conditions.

Constraint-Aware Action Execution

Actions are checked against safety constraints before they are executed or persisted.

Suppression of Refused / Reverted Actions

The planner no longer re-proposes recently blocked or reverted actions in repeated loops.

Configurable Cadence & Mode

Scheduler cadence, cooldowns, and execution mode are externalized to deployment configuration.

Operator Review & Override Workflows

Governed actions remain visible, reviewable, and auditable with explicit human override pathways.

What This Enables

Tenant-safe operational governance beyond single-turn scoring and receipt issuance.

Phase 5: Federation & Advanced Controls

The next expansion is about broader deployment control, shared verification, and policy portability across organizations.

PlannedPlanned

Customer-Managed Signing Defaults

Make delegated signing through signer-service, KMS, or HSM-backed infrastructure the standard production posture.

Retention & Export Governance Policies

Policy-driven retention, archival, and export controls for enterprise data governance programs.

Cross-Organization Verification

Support shared verification workflows between organizations without requiring a shared operator backend.

Governance Simulation Sandbox

Replay historical governed sessions under new policy configurations before rollout.

Portable Policy Templates

Reusable governance packs and deployment patterns for sector-specific requirements.

Expanded Anchoring & Federation Options

Broader external anchoring and evidence portability for customers that need stronger external attestations.

What This Enables

Cross-organization verification, stronger deployment defaults, and governance operations at larger scale.

Experimental Research, Separated Clearly

We now separate production-critical controls from exploratory research work. That distinction is deliberate. Signed receipts, verification, runtime evidence, and the trust kernel are product-critical. Emergence-style heuristics remain experimental.

Bedau Index and related emergence-style metrics remain exploratory research signals.

Phase-Shift Velocity is treated as a heuristic research artifact, not a calibrated production safety control.

Experimental signals are intentionally separated from the platform's canonical trust-kernel decision path.

About This Roadmap

Delivered phases represent capabilities implemented in the current platform and supporting infrastructure. Planned phases are the next hardening and expansion steps, focused on customer-managed signing defaults, stronger policy portability, and cross-organization verification.

Current Platform Footprint

The platform already includes signed Trust Receipts, independent verification, deterministic kernel decisions, and a governance orchestration layer. The next phase is about deployment defaults, federation, and advanced control surfaces.