For cloud, security, governance, and agent-platform reviewers

What can be shown today

The current proof stack is local-alpha / prepilot evidence: deterministic receipts, frozen review packets, test gates, and scoped branch history.

Current evidence

A verification substrate with an automated test suite of 1,000+ tests passing on a clean environment, including deterministic-replay and contract-invariant tests.
Decision contracts enforced at the data-model layer: invalid decision states cannot be constructed, and every decision record carries a content-integrity hash that is recomputed and checked on construction.
Service start is refused without signing keys — authority is proven, not assumed, including against the operator.
Local deterministic test and receipt patterns; frozen review packets and hash-bound scan records.
Scoped GitHub branches for public-safe website and documentation work; internal hardening recon kept separate from public claims.
A recorded two-host SSH-tunneled connector harness run (bounded harness proof; not production, not public-internet, not full-boundary wrapping).

What a reviewer should ask to see

Block

A candidate action that lacks enough source, authority, policy, or replay support should stop before it reaches the protected downstream target.

Receipt

The decision should leave a reviewable record: what was proposed, what boundary checks applied, what decision was made, and what identifier or hash binds the review to that run.

Replay

The same fixture and boundary rules should reproduce the same result. The point is not to prove universal truth; it is to prove that the release boundary behaves deterministically for the reviewed case.

What stays local

Private source material and internal working files.
Local databases, credentials, raw logs, and server state.
Implementation details that are not needed for a public claim-boundary review.

What can leave

Sanitized receipt summaries.
Hash, nonce, or packet references that bind a review to exact evidence.
Public-safe explanations of why a claim or action was allowed, blocked, or quarantined.

Demo/video path

This short walkthrough shows the public-safe demo harness: one allowed case, one blocked case, a receipt hash, and a replay record. The blocked case stays stopped at the boundary and is shown without exposing private data or implementation secrets.

45-second local-alpha/prepilot walkthrough: deterministic block, receipt, replay, and trust-boundary handling.

Honest limit: current public evidence is prepilot evidence, not formal review or released-service validation.