Architecture

Technology Overview

Attested Governance Artifacts transform passive audit logging into active compliance enforcement with cryptographic proof generation.

Three-Phase Architecture

Seal. Enforce. Prove.

01

Policy Artifact

Cryptographically signed governance object defining integrity baselines, telemetry policies, and enforcement mappings.

  • Ed25519 signatures
  • Deterministic hashing
  • Time-bounded validity
02

Sentinel Runtime

Local Governance Engine that monitors subjects, detects drift, and executes enforcement actions with signed receipts.

  • Launch Gate validation
  • Continuous monitoring
  • Automatic enforcement
03

Evidence Bundle

Portable verification package containing all cryptographic proofs. Verifiable offline in air-gapped environments.

  • Offline verification
  • Chain integrity
  • PASS/FAIL verdict

Cryptographic Primitives Policy

Industry-standard primitives. No proprietary algorithms.

Hash algorithm is explicit in the artifact schema and included in signatures. Verifiers MUST reject mismatched algorithms. This ensures algorithm agility while maintaining strict verification semantics.

SHA-256

Primary
FIPS 180-4

Default hash algorithm for content addressing and integrity verification

BLAKE2b-256

Alternative
RFC 7693

Optional high-throughput alternative for performance-critical applications

Ed25519

Primary
RFC 8032

Policy artifact and receipt signatures

RFC 3161

Primary
TSA Protocol

Trusted timestamp attestation

RFC 8785

Primary
JCS

Deterministic JSON canonicalization

Core Capabilities

Runtime Integrity

Continuous measurement of governed subjects against sealed baselines. Drift detection triggers immediate enforcement.

Signed Receipts

Every policy decision generates a cryptographically signed receipt. Hash-linked into tamper-evident chains.

Offline Verification

Evidence bundles verify without network access. Designed for air-gapped and classified environments.

Time Attestation

RFC 3161 timestamps provide trusted temporal ordering. Critical for regulatory and legal evidence.

Technical Specification

Review the complete protocol specification including schemas, verification algorithms, and implementation requirements.

View DocumentationPatent Claims