Explicit goals, dated calendar, visible mess
Goals & calendar
Data governance is not a clean story, so this page does not tell one. It shows what shipped, on what dates, and what is targeted next — with the estimation method stated out loud.
The goals, explicitly
MCP tool-call gateway
Wrap any MCP server with a deterministic gate: every tool call is checked for source, authority, and pinned policy before it moves, and leaves a signed, replayable receipt. Zero code change to client or server.
Agent-platform data movement
The same gate generalized to agent frameworks: payload-level, provenance-bound decisions wherever an agent moves data across a trust boundary, with receipts an auditor can replay.
Governed data movement
A provenance-bound gate for data movement broadly: no datum crosses a governed boundary without proof of where it came from, who had authority to move it, and which policy version applied.
Shipped — dated goalposts
Each entry below is bound to a dated commit, artifact, or document and can be shown in a bounded private review. This is the messy part of governance work — phase gates, red-team passes, reconciliations — shown rather than smoothed over.
Project origin. Dated workspace snapshots begin; v0.4-line architecture takes shape.
First boundary-enforcement artifact: edge-guard adapter v0.1 result recorded.
Adversarial review formalized: post-envelope red-team backlog opened and worked.
Canonical object schemas recorded; the governor decision contract hardened through adversarial review so that invalid decision states cannot be constructed.
MCP release-gate prepilot: a working gate over MCP-style tool actions with admission, replay, and receipt guards — one day after the contract baseline.
Capability waves land every 1–3 days: integrated loop proof, benchmark spec draft, post-execution quarantine, durable replay wiring, production-readiness gate phases.
Public site shipped with claim-boundary discipline, recorded two-case demo, and guided reviewer Q&A.
Substrate verification on a clean environment: an automated suite of 1,000+ tests passes in under a minute; the service boots and refuses to start without signing keys.
Targeted — the forward calendar
Estimates below are calibrated on the measured cadence above, not aspiration. They are targets, stated publicly for accountability — not commitments to any third party.
MCP gateway MVP: wrap a real MCP server with zero code change; demonstrate one allowed call, one blocked call, and the signed receipt for each.
Hardened and packaged: signed receipts with key rotation, tamper-evident ledger verification, published latency numbers, installable build.
MCP security benchmark published: named attack classes and a conformance suite anyone can run, plus receipts mapped to audit and record-keeping frameworks.
First design-partner pilot delivered: one real MCP workflow gated end-to-end, receipts and replay evidence in the partner's hands.
How the estimates are made (and where they can fail)
- Method: each forward target cites the closest comparable shipped goalpost and assumes the same cadence. No target is sourced from optimism alone.
- Solo-founder risk: one person is a single point of failure; the calendar carries that risk and says so.
- Counterparty risk: the pilot date depends on a partner's calendar, which is not controllable from here.
- Interop buffer: real-world clients do messy things; one buffer round (~1 week) is included in the targets above.
- Review gates: patent counsel review gates any public code release. The gates are slower than not having gates. They stay.