Security Posture

All demo data is public-safe. No classified material. No CUI. No ITAR-sensitive content. No FOUO. Demo corpus consists of publicly available documents and synthetic scenario data constructed from open-source operator reference material. The demo proves the architecture, not the data.

The demo runs entirely on local hardware. No cloud services, no remote inference APIs, no telemetry. Retrieval, composition, verification, and evaluation execute on-machine. The architecture assumes disconnected operation as the baseline.

The demo contains no export-controlled technology. Architecture is described at the design level. No encryption code, no weapons-systems interfaces, no classified algorithms. Full export-control review planned before any prototype that touches controlled technical data.

Every query, retrieval, composition, and verification event is logged with timestamp, operator ID, input hash, and output hash. Logs are append-only and content-addressed. The receipt ledger provides the canonical audit surface — logs are the raw event stream; receipts are the verifiable summary.

Planned: CycloneDX SBOM generation at build time for all Phase I deliverable software. Every dependency declared with version, license, and provenance. SBOM included in the evidence package alongside test results and evaluation metrics.

Pre-commit and pre-build secrets scanning planned. No API keys, tokens, or credentials in the demo codebase. The architecture uses local models and local storage exclusively — no remote service credentials exist to leak.

Every document in the demo corpus carries provenance metadata: origin URL or source reference, retrieval date, and processing pipeline version. The source registry enforces provenance at ingest — documents without provenance are rejected.