Security & trust
The current product is a sandbox governance demo. These are the principles it is built on — stated plainly, without overclaiming.
Sandbox-only demo
The current product is a governance demo. Every rail, provider and integration is simulated.
No secrets, anywhere
The credential vault stores mock status metadata only. No API keys, tokens or credentials exist in the product or repository.
No real integrations
No payment, EHR, LMS, device, model-provider, repository or CI/CD system is ever contacted.
Fail-closed by default
Any predicate that cannot be resolved blocks the action. Unknown providers, missing attestations, absent justifications — all fail closed.
Human approval gates
High-impact actions (E4–E5) always pause for a human decision before a ticket can exist.
One-time execution tickets
Execution authority is single-use and expiring — issued only after an allowed decision.
Evidence capsules
Every decision — including rejections and fail-closed blocks — produces a tamper-evident (mock) record.
Audit-first architecture
Replay, quarantine and compliance export are built into the same pipeline, not added later.