System Walkthrough

End-to-End Governance Workflow

From artifact creation through runtime enforcement to offline-verifiable evidence. Eight steps, fully autonomous, cryptographically proven.

Step 01

Artifact Creation

A governance artifact is created during system approval containing integrity parameters, permitted operations, measurement rules, enforcement policies, and a validity period. All fields are cryptographically signed with Ed25519. Once sealed, the artifact is immutable.

Step 02

System Launch

The Governance Portal retrieves and verifies the Policy Artifact signature, confirms time validity, and parses enforcement parameters. If any verification fails, execution is blocked. Default state is denial.

Step 03

Initial Measurement

The portal computes an initial integrity measurement and compares to the sealed baseline. If the measurement does not match, execution is not permitted. Only the attested version can run.

Step 04

Continuous Monitoring

During execution, the portal collects measurements at the cadence specified in the artifact. Measurement classes include binary integrity, configuration integrity, dependency checksums, environment metadata, and system-specific telemetry.

Step 05

Drift Detection

If any measurement deviates from the sealed baseline, drift is detected through deterministic cryptographic hash comparison. The portal identifies which measurement class triggered the deviation.

Step 06

Enforcement Action

The portal executes the enforcement action defined in the artifact: TERMINATE, QUARANTINE, SAFE_STATE, or ALERT_ONLY. For safety-critical systems, SAFE_STATE triggers graceful degradation. Enforcement is autonomous.

Step 07

Receipt Generation

Every enforcement decision generates a signed receipt containing measurement result, policy decision, timestamp, previous receipt hash, and portal signature. Receipts are hash-linked into a tamper-evident chain.

Step 08

Evidence Bundle & Verification

Execution produces a portable evidence bundle containing the governance artifact, complete receipt chain, Merkle inclusion proofs, and checkpoint references. Anyone can independently verify everything without network access.

Sample Data

End-to-End Trace

drone-governance-trace

1. Artifact Created 2026-03-17T14:00:00Z sealed_hash: sha256:3a1f...b7c2

2. Subject Launched 2026-03-17T14:00:01Z initial_hash: MATCH

3. Monitoring Active cadence: 100ms 847 measurements: PASS

4. Drift Detected 2026-03-17T14:01:25Z hash: sha256:9f4b...d12a != sealed

5. Quarantine Engaged 2026-03-17T14:01:25Z outputs severed, inputs continue

6. Receipt Generated seq: 848 prev_leaf: sha256:00ab...ff91

7. Chain Updated leaf_hash: sha256:d7e2...4c03

8. Bundle Verified PASS (artifact: OK, receipts: 3/3, chain: CONSISTENT)

All hashes truncated. Sample data from the reference implementation drone governance scenario.

Explore the Architecture

Dive deeper into the cryptographic primitives, enforcement mechanisms, and verification algorithms that power each step.

View Technology Overview Request Info