§ 01 ── SECURITY & TRUST
Trust-by-architecture. Not trust-by-policy.Verifiable by you.
Audit chain by default (F4 · L0 doctrine · ALWAYS applies). 6 canonical L8 architectural floors (F1–F6) + 0–3 optional (F7–F9) per pattern. Permission federation. Substrate-mirroring (I15) architecturally enforced at operator-tier. D7 §12 customer-invokable verification right (5 canonical steps · 1-week typical SLA). Humans at the edge where consequences are highest — Class A agents (T2 drafters) constrained by L8 floors in the middle · Class B agents (T4 stewards) protecting substrate discipline itself. Every guarantee on this page is testable — we publish how to test it.
§ 02 ── AUDIT CHAIN · F4 · L0 DOCTRINE
Append-only. Hash-chained. Sole-emission. Replayable. NEVER-deletable for severity:critical.
Every substantive system action writes to an append-only audit chain via the Audit Curator (Class B Architectural · T4 Steward · F4 sole-emission authority per tier). Each entry hash-links to the prior. Tampering breaks continuity end-to-end and is detectable. F4 (Audit Sole-Emit) is L0 doctrine — applies universally to every Company OS engagement. Direct-emission code path does not exist. Only Audit Curator writes. By construction · not by policy. severity:critical entries are filesystem-level append-only — no delete API exposed. Deletion attempts emit a new severity:critical entry (recursively) and themselves persist forever. Eval Suite Runner (Class B Architectural · T4) verifies hash continuity quarterly. κ ≥ 0.85 Cohen's weighted floor on all scoring + judgment agents · re-baselined annually by 7-seat customer-tier Methodology Council.
AUDIT CHAIN · APPEND-ONLY · HASH-LINKED · SOLE-EMISSION · NEVER-DELETABLE ON CRITICAL · F4 · L0 DOCTRINE
FIG.S1 — Append-only · hash-linked · sole-emission via Audit Curator (Class B · T4 · F4 L0 doctrine) · severity:critical NEVER-deletable · tamper attempts recurse.
FIG.S1 — Append-only · hash-linked · sole-emission via Audit Curator (Class B · T4 · F4 L0 doctrine) · severity:critical NEVER-deletable · tamper attempts recurse.
§ 03 ── L8 FLOORS · CODE-PATH ABSENCE · CANONICAL F1–F9
Commitments encoded as code-path absence. Resource-domain taxonomy.
L8 architectural floors are commitments that cannot be lifted by policy. They are encoded as the absence of the lifting code in the substrate — not as runtime checks, not as authorization roles, not as configuration flags. Per Jack Dorsey at Block: humans at the edge guiding the company, not in the middleware routing through it. The L8 caps are how the edge is enforced architecturally — Class A agents (T2 drafters) draft and synthesize; the lifting code does not exist. The L8-Enforcer (Class B Architectural · T4 Steward · recursively self-protected · cannot be silenced) surveils continuously. Refusal events emit severity:critical NEVER-deletable via Audit Curator. Self-tests run quarterly with all applicable floors PASS expected. Canonical taxonomy: F1–F9 are organized by resource domain (money · data · compliance · audit · cohort · code · multi-tenant · employee privacy), NOT by agent action. This is the canonical structure per L0 doctrine + L1 framework.
L8 ARCHITECTURAL FLOORS · CANONICAL F1–F9 · CODE-PATH ABSENCE · QUARTERLY SELF-TEST
FIG.S2 — 6 canonical L8 floors F1–F6 + 0–3 optional F7–F9 · resource-domain taxonomy · code-path absence · quarterly self-test 'all applicable floors PASS' · L8-Enforcer recursively self-protected.
FIG.S2 — 6 canonical L8 floors F1–F6 + 0–3 optional F7–F9 · resource-domain taxonomy · code-path absence · quarterly self-test 'all applicable floors PASS' · L8-Enforcer recursively self-protected.
OPTIONAL EXTENSIONS · F7–F9 · PER CUSTOMIZATION DECISION TREE
Activated based on customer pattern (unregulated status · multi-tenant SaaS · EU / multi-jurisdictional workforce · etc.).
Customer is unregulated SaaS / DevTools. Ceiling on auto-deploy frequency rather than per-PR review gate. Per Customization Decision Tree.
Customer operates multi-tenant SaaS for their own customers. Per-customer dedicated substrate · no admin backdoor across customer boundaries · no code path crosses tenants.
EU / UK / multi-jurisdictional workforce. Granular opt-in consent · revocable · 24 h revocation cascade · 72 h aggregate purge.
Stage-adapted thresholds per Customization Decision Tree (e.g., F1 money-movement approval routing escalates at higher dollar amounts for Series D+ vs Seed-A). Specific calibrations discussed at Phase 0.
FLOOR EVOLUTION · MAJOR CYCLE ONLY
Floors evolve only via MAJOR amendment cycle + domain-architectural redesign evidence + Methodology Council 2-of-2 (operator-tier) or 6-of-7 (customer-tier) concurrence. BOTH MAJOR + evidence required.
MAJOR cycle alone · refused · "policy without architecture is theater". Domain-architectural redesign evidence alone · refused · "structural change without versioned discipline". Either alone is refused per L0 §3.3.
§ 04 ── PERMISSION FEDERATION + DATA RESIDENCY
Three layers. Region-bounded. Each one revocable.
Permission federation enforces lawful basis at the source-scope level: source-level (OAuth scope · the floor) · user-level (query-time enforcement) · time-bounded (24 h cascade · 72 h purge). Per F2 (Customer Data) canonical floor enforcement. For the full layer-by-layer treatment see /integrations § 4.
PERMISSION FEDERATION · THREE LAYERS · REVOCABLE · F2 ENFORCEMENT
FIG.S3 — Three layers · source-level + user-level + time-bounded · revocable · F2 canonical enforcement.
FIG.S3 — Three layers · source-level + user-level + time-bounded · revocable · F2 canonical enforcement.
01 · SOURCE-LEVEL
OAuth scope · the architectural floor · F2 default = nothing · per-category opt-in only.
02 · USER-LEVEL
Query-time enforcement · per-user consent state · cross-category sharing blocked at code-path level.
03 · TIME-BOUNDED
24 h revocation cascade · 72 h aggregate purge · per F2 + F9 (if applicable).
§ ── DATA RESIDENCY
Substrate operational state stored in the region you select at provisioning. Customer tenant data never leaves the region without explicit consent.
EU CUSTOMERS
Substrate runs in EU regions — Frankfurt · Dublin. GDPR / UK GDPR by default. F9 (Employee Privacy) typically activates for EU workforce.
US CUSTOMERS
Substrate runs in US regions — us-east · us-west. HIPAA-eligible regions available with BAA.
CROSS-REGION
Migration requires customer-initiated MAJOR amendment cycle (30-day notice · κ ≥ 0.85 replay-test gate · stakeholder concurrence). Never operator-initiated. Per F-FW1 architectural floor at operator-tier (Customer L2 IP Isolation · enforced architecturally · not by policy).
§ 05 ── SUBSTRATE-MIRRORING (I15)
The substrate has no outside.
Every commitment the substrate enforces on customers applies recursively to our own operations. At operator-tier · I15 is architectural — not aspirational (per v3.0 transformation). We operate under our own audit chain · our own L8 floors · our own κ verification · our own tier framework · for every operation affecting customer substrate state. What scales with customer stage is the inspection surface (what customers can access via D7 §12 Step 01) — not the operator's I15 enforcement itself. Our discipline is architecturally enforced regardless of which customer stage we're serving.
I15 · SUBSTRATE-MIRRORING · OPERATOR-TIER ARCHITECTURALLY ENFORCED · INSPECTION SURFACE SCALES WITH STAGE
FIG.S4 — I15 architecturally enforced operator-tier (audit chain · L8 floors · κ verification · tier framework). Inspection surface scales by customer stage. Same disciplines applied at all stages.
FIG.S4 — I15 architecturally enforced operator-tier (audit chain · L8 floors · κ verification · tier framework). Inspection surface scales by customer stage. Same disciplines applied at all stages.
01
SEED–SERIES A · DOCUMENTED INSPECTION SURFACE
We publish our substrate operational state quarterly. Independent verification welcomed at Phase 0. D7 §12 Step 01 invokable via 3–5 BD notice.
02
SERIES B/C · SCOPED INSPECTION SURFACE
We run under our own tenant-isolated substrate (per F8-equivalent operator-tier discipline). Inspection on request via D7 §12 Step 01 · 3–5 BD notice · operator-side audit chain anonymized view.
03
SERIES D+ · FULL INSPECTION SURFACE
Customer Methodology Council seats hold standing D7 §12 Step 01 authorization. Operator-tier audit chain anonymized view available immediate. Cross-tier audit composition verifiable (hash continuity + watertight separation per D7 §12 Step 04).
§ 06 ── D7 §12 VERIFICATION RIGHT · CANONICAL 5 STEPS
Standing right · five-step canonical protocol per L0 doctrine.
Every stakeholder of the substrate retains standing authorization to invoke a five-step verification protocol at any time. Canonical per L0 doctrine. Reasonable notice for coordination-required steps; immediate for the others. The substrate is built to cooperate with verification · not to resist it.
D7 §12 · STANDING VERIFICATION RIGHT · CANONICAL 5 STEPS · STANDING AUTHORIZATION: BOARD · INVESTORS · REGULATORS · ACQUIRERS · METHODOLOGY COUNCIL SEATS
FIG.S5 — Canonical D7 §12 5 steps per L0 doctrine · Inspect · Replay · Verify · Cross-check · Escalate.
FIG.S5 — Canonical D7 §12 5 steps per L0 doctrine · Inspect · Replay · Verify · Cross-check · Escalate.
Read access to substrate + audit chain. Any agent contract · any audit chain entry · methodology overlay · L8 floor implementations · Methodology Council decisions log · KPI evidence bundles.
Re-execute any past decision via audit chain query (≤ 15 min SLA). Audit Curator + Knowledge Curator provide queryable interface · decision context · evidence set · 5-lens scorer output · diverge-and-reconcile trace · approver routing.
Confirm code-path absence for each L8 floor. L8-Enforcer's quarterly self-test logs reviewable. Engineering Steward + Eval Suite Runner walkthrough on demand. L8 pressure-test refusal traces available (refusal events emit severity:critical NEVER-deletable).
Verify κ against Methodology Council-ratified baseline. Eval Suite Runner re-computes κ on sampled decisions. Tolerance ± 0.02 PASS · ± 0.05 WARNING · beyond CRITICAL.
Route critical findings to operator-tier recursive anchor. Authority on bypass-discipline refusal · floor breach · F4 sole-emit violation · κ collapse. 72 h critical · 1 week warning.
§ 07 ── SCHEMA MIGRATION REPLAY
Versioned overlays. Tagged at write. Replay-tested at MAJOR.
Every customer overlay versioned. Audit entries tagged with the overlay version active at write time. MAJOR migrations require structural replay-test against the last 100 substantive audit entries with κ ≥ 0.85 against historical outputs.
OVERLAY SEMVER · NOTICE WINDOW · MAJOR REPLAY-TEST GATE · κ ≥ 0.85
FIG.S6 — Overlay semver · notice windows · MAJOR migration carries κ ≥ 0.85 replay-test gate · structural fingerprint discipline.
FIG.S6 — Overlay semver · notice windows · MAJOR migration carries κ ≥ 0.85 replay-test gate · structural fingerprint discipline.
Audit-emit only.
Pre-snapshot + stakeholder concurrence (1-of-N Methodology Council).
Pre-snapshot + structural replay-test (κ ≥ 0.85 gate) + Methodology Council quorum (6-of-7 customer-tier).
01
OVERLAY VERSIONED
Every customer overlay versioned (MAJOR / MINOR / PATCH per semver).
02
TAGGED AT WRITE
Every audit chain entry tagged with overlay version active at write time. Replay against any historical entry uses the historical overlay version.
03
REPLAY-TESTED
MAJOR migrations require structural replay-test against last 100 substantive audit entries. Structural fingerprint diff verifies substrate integrity. κ < 0.85 against historical outputs blocks migration. Per L0 § 4.2 replay-test outcome doctrine.
§ 08 ── COMPLIANCE
Compliance is a downstream property of the audit chain.
Per L1 framework Compliance Mapping Library · every regulatory framework tethers to L8 floor + audit chain enforcement. The audit chain architecture (F4 sole-emit · L0 doctrine · NEVER-deletable on critical) is the substrate of compliance evidence by default.
COMPLIANCE · DOWNSTREAM OF AUDIT CHAIN · EVIDENCE BY DEFAULT
FIG.S7 — Compliance is downstream of the audit chain · evidence by default. Sector-specific calibrations per L1 framework.
FIG.S7 — Compliance is downstream of the audit chain · evidence by default. Sector-specific calibrations per L1 framework.
§ 09 ── OPEN POSTURE
L0 doctrine open. L1 frameworks closed. L2 instances closed.
L0 doctrine is open. The five disciplines · the tier framework · the L8 floor mechanism · the κ verification protocol · the D7 §12 verification right · the diverge-and-reconcile pattern · the 6 evidence modes · the tether-pair discipline — all published · all forkable · all auditable. We publish the L0 documents at docs.queryable.company (coming soon). The L1 frameworks (operator IP · Queryable.Company "Company OS" + Fund AI OS sibling) and L2 instances (customer IP) are closed by design — that's the IP boundary per L0 § 3 + MSA § 8.3.
L0 · UNIVERSAL DOCTRINE
Five disciplines · tier framework · L8 mechanism · κ protocol · D7 §12 right · diverge-and-reconcile · evidence modes · tether-pair discipline · open methodology.
L1 · DOMAIN FRAMEWORKS
Operator IP. Two live L1 derivations: Queryable.Company "Company OS" (v3.1.0) and Fund AI OS (live at fund-ai-os.com). Closed by design.
L2 · CUSTOMER INSTANCES
Customer IP. Closed by design — yours · not ours · per MSA § 8.3. Architecturally enforced via F-FW1 (Customer L2 IP Isolation) at operator-tier.
§ 10 ── UNDER THE HOOD · NDA-TIER
Substrate-grade depth available to qualified prospects.
What's public on this page: F1–F9 canonical floor catalog · D7 §12 canonical 5 steps · κ ≥ 0.85 floor · 3-layer permission federation · data residency · compliance posture · I15 architectural at operator-tier · MSA § 8.3 customer IP retention. What's available in a 30-min technical deep-dive under NDA · or at Phase 0:
- 01Compliance Mapping Library · per-regulation L8 floor + audit chain tethering · per-jurisdiction (GDPR · HIPAA · SOC 2 · ISO 27001 · NIST AI RMF · EU AI Act · PSA · APPI · JFSA · FCA · sector-specific)
- 02Customization Decision Tree · how customer pattern routes to F1–F6 base + 0–3 optional F7–F9 activation
- 03D7 §12 protocol mechanics · drill format · pressure-test procedures · cross-tier composition verification · escalation routing
- 04Pre-flight validation toolkit · operator-side substrate discipline tooling
- 05Replay-test infrastructure · structural fingerprint methodology · model swap survival mechanics
- 06Penetration test reports · annual · last report available under NDA
- 07SOC 2 Type I report · v1.0 certification · Type II in progress (Q3-2026)
- 08Stage-adapted L8 floor thresholds · F1 money-movement approval routing · F6 code-shipping ceiling · per Customization Decision Tree
§ ── TRUST LEDGER
What's live. What's in flight.
Trust-by-architecture, not trust-by-policy. Listed here even when status is "in progress." Silence is not a posture.
Sole-emission via Audit Curator · NEVER-deletable on critical · F4 L0 doctrine
◆ LIVEPer-customer dedicated · region pinned at Phase 0
◆ LIVEAudit chain · severity-tiered (info 7yr · warning 10yr · critical NEVER-deletable) per F4
◆ LIVEDisclosed in Phase 0 charter · change-log on update
◆ LIVECertified at v1.0 launch
◆ LIVEAudit beginning Q3-2026
◇ IN PROGRESSScoped · gap analysis underway · A.5/A.8/A.12/A.18 mapped to F1–F9
◇ IN PROGRESSAnnual · last report available under NDA
◆ LIVEOn demand · stakeholder-initiated · canonical 5 steps · 72-h critical SLA
◆ LIVEQuarterly · L8-Enforcer · all applicable floors PASS
◆ LIVEEval Suite Runner · weekly samples · quarterly comprehensive · annual re-baseline
◆ LIVEStructural fingerprint discipline · model swap survival · MAJOR cycle gate
◆ LIVE§ END ── TRUST