cloud-governance prepilot | patent-pending | local-alpha evidence | no third-party affiliation claimed
unFragged mark
unFragged
Maker of DVS — deterministic verification for AI governance and agent boundaries.

Reviewer Q&A

Hard questions I expect

These are the questions I want technical reviewers, security teams, platform teams, and founders to ask. The answers stay at the boundary level: enough to evaluate the idea without exposing private implementation details.

Cloud security and governance

What problem does DVS solve that ordinary access control does not?

Access control decides who can call a tool or system. DVS focuses on the next question: whether a specific machine-generated claim or tool action has enough source, authority, policy, replay, and receipt evidence to move into trusted downstream state.

Is DVS replacing identity, network security, or policy engines?

No. DVS is designed as a boundary layer around AI and agent outputs. It should sit beside existing identity, logging, policy, review, and deployment controls, not replace them.

What leaves the environment?

The intended prepilot posture is narrow: keep sensitive source data local or inside the controlled environment, export only bounded receipts or review artifacts, and make egress explicit instead of implicit.

How does this help a security team?

It gives security reviewers a concrete object to inspect: the proposed action, the supporting source path, the authority basis, the policy result, the replay result, and the final allow, block, or quarantine decision.

MCP and agent boundaries

Why call this an MCP security wrapper?

MCP connects AI systems to tools, files, data, and automation. DVS is positioned as the wrapper at the point where an MCP or agent workflow wants to turn output into action. It treats that output as untrusted until the boundary checks pass.

Does DVS trust MCP server output?

No. The public design posture is to treat MCP server output as evidence to be checked, not as authority by itself.

What happens when an action is blocked?

The goal is for the protected downstream target not to receive the blocked action, while the attempted action still leaves a reviewable receipt explaining why it stopped.

How does this address prompt injection or tool-output manipulation?

DVS does not claim to eliminate those risks. It reduces blind trust by requiring boundary checks before output is treated as executable, authoritative, or safe to forward.

Internal architecture without exposing internals

What are the core checks?

At a high level: source, authority, policy, review state, deterministic replay, and receipt. The internal implementation details are not published on this page.

Is this a model, a prompt, or an application?

DVS is better described as a release-boundary substrate. It is not the model itself and not just a prompt. It is the control layer around whether output or action can cross a trust boundary.

Can it work with more than one model or tool provider?

The architecture is intended to be provider-neutral. The important unit is not the model brand. The important unit is the action or claim trying to cross the boundary.

How much of this is available to inspect?

Current public material is intentionally bounded. A private technical review can walk through the evidence shape, receipts, and boundary behavior without exposing unrelated private source material.

Evidence and maturity

What can you prove today?

The current public claim is local-alpha / prepilot evidence: deterministic boundary behavior, receipts, replay-oriented checks, and a documented claim boundary. It is not presented as a released service.

What would make it stronger?

A clean two-node proof, a private prepilot integration, independent security review, and repeatable evidence bundles that show allowed and blocked actions across a real boundary.

What should a reviewer challenge first?

Ask whether the blocked action truly fails closed, whether the receipt is bound to exact bytes, whether replay gives the same result, and whether unsupported claims are prevented from crossing the boundary.

What is not being claimed?

No third-party approval, formal review, commercial-listing, sponsor, customer-proof, uptime, independent-validation status, or issued-patent status is claimed.

Founder and adoption questions

Why should a founder care?

Because agent automation can move faster than a small team can manually review. DVS is aimed at the moment where a team needs confidence that machine output will not silently become operational state without a check.

What is the first useful conversation?

A bounded technical review: one representative workflow, one protected action, one allowed case, one blocked case, and the receipts that show why each result occurred.

What if I ask something not covered here?

Use the review form. If the answer requires private implementation detail, the right next step is a private technical review rather than a public page.

Submit a questionReview MCP boundary