MK·II · SENTINEL · TRUST CENTER
Trust · Safety · Governance
// the safety story is the product

Five rails. Zero loose threads.

Every VoidLens agent operates inside an immutable safety perimeter. Five rails: Guardian-gated capabilities, spec-before-code, audit-every-action, the forty-eight-hour shadow ladder, and eval-driven deployment. The rails are not flags you can disable. They are why your compliance team will sign.

The five rails

Every agent. Every action. Every time.

1 · Guardian-gated capabilities

Every destructive or external action passes through Guardian's allowlist before it runs. The capabilities_forbidden_always list — payments, hard-deletes, unapproved web submits, security-permission changes — cannot be overridden by any agent prompt, any operator override, any time, ever. The forbidden list is published on the red-lines page.

2 · Spec-before-code

Every agent is a contract first. spec.json · worker.md · playbook.md · evals/eval-set.yaml. The code is the receipt of the spec. You can read the contract before the agent ships, and the eval set is the gate that confirms the code matches the contract.

3 · Audit every action

One canonical row per non-trivial action — timestamp, run_id, agent, action, target, outcome, cost, duration, reason, playbook, playbook_version. Nothing is silent. Lifetime audit log is the receipt every CFO and every auditor wants. See the live stream →

4 · Forty-eight-hour shadow ladder

No agent climbs the autonomy ladder without a clean forty-eight-hour window of read-only or propose-only firing. Any miss, any red-line touch, any unbudgeted spend resets the clock. The ladder is mechanical, not vibes. See the ladder →

5 · Eval-driven deployment

Behavior change ships against an eval set. Online sample too. Pass-rate below threshold blocks the promotion. The gate is mechanical, not vibes. Behavior regressions caught at merge time, not in production.

+ Budget & rate discipline

Daily cost cap per agent. Per-action rate limits. Fan-out budgets. The system halts cleanly before it overspends. Founder gets a one-line YELLOW before it ever turns RED. No runaway agent has ever crossed the budget perimeter.

The audit row

The receipt for every action.

Every non-trivial action lands as one row in state/audit.jsonl. Canonical schema, immutable, append-only, replicated to SQLite for fast queries. This is the receipt your CFO and your auditor both want. 

{
  "ts":           "2026-05-12T06:31:43.593Z",
  "run_id":       "3671a965-591a-49c8-8cd6-24bc8fb63caa",
  "instance_id":  "V1",
  "kernel_version": "spark-init+6674539",
  "agent":        "inbox-triage",
  "action":       "claude.call",
  "target":       "07-Inbox/void-health-2026-04-27-08.md",
  "outcome":      "success",
  "cost_usd":     0.002282,
  "duration_ms":  2357,
  "reason":       "model=claude-haiku-4-5-20251001",
  "playbook":     "inbox-processing",
  "playbook_version": "0.1.0"
}

Append-only

The audit log is never rewritten. Heal-recovery operations sideline-and-quarantine; they never edit. The signature trail is immutable from the first row.

Replicated

Every five minutes the JSONL is replicated to SQLite for fast aggregations. Counts, cost totals, agent-by-action breakdowns are one query away.

Retained

Operator tier: 90 days hot, exportable on demand. Enterprise: seven years cold, dedicated S3 vault, HMAC-signed checksums every twenty-four hours.

Certifications & roadmap

Where we are. Where we're going.

Trust is earned in the audit, not the deck. Here is the honest state of every certification we're pursuing and when we expect each milestone.

SOC 2

Type 1 — in flight · Audit kickoff scheduled Q3 2026 · Type 2 follow-on Q1 2027. Auditor selection in progress; founder-pilot evidence pack already in collection.

ISO 42001

Planned · The AI management system standard. Gap assessment Q4 2026. Target certification H2 2027. Likely the second AI-workforce platform after Sierra to hold it.

ISO 27001

Planned · Bundled with SOC 2 Type 2 audit cycle. Target certification Q2 2027.

HIPAA

Roadmap · For the healthcare buyer. BAA template drafted. Target readiness Q2 2027 (after SOC 2 Type 2 closes).

GDPR / EU AI Act

Compliance posture in place · EU AI Act high-risk-system disclosure mapped to the five rails. Data-residency tooling shipped on the Enterprise tier. Full Article 14 transparency built into the audit log by design.

Live evidence

Today · The integrity sweep, the audit log, the red-line denial log, the eval pass-rate — all published live on the homepage and refreshed every minute. Read-only Trust Center evidence on request.

The lines that don't move

What the agents cannot do.

Guardian's capabilities_forbidden_always list is immutable. Not by Board vote. Not by operator override. Not by autonomy bump. We publish the full list so you can audit the perimeter before you sign.

No hard-deletes

Archive · move · sidecar. No agent ever permanently destroys data. Reaper exceptions are enumerated and audited.

No skipping the shadow window

Every L0→L1, L1→L2, L2→L3 promotion needs a clean forty-eight-hour shadow window. No "this one's simple" exemption.

No silent audit writes

Every action through Write-AuditRow. No >> appends, no Add-Content. The audit trail cannot drop a row.

No wildcard capabilities

No agent has capabilities_allowed = "*". Ever. Every capability is enumerated, gated, and per-agent budgeted.

No payments

Agents never execute trades, place orders, move money, or initiate transfers. The operator does these, never the AI.

No unapproved web submits

Agents never submit web forms, post content, or send messages on the operator's behalf without explicit per-action approval.

See the full red-line list
Talk to a founder

Bring your compliance team. We'll bring the audit log.

Twenty-minute walkthrough. We open the live audit reader, the red-line denial log, the eval pass-rate dashboard, and the autonomy-ladder live view. Your compliance team picks what they want to interrogate. We answer to the cent.

Talk to the founder See the 48-hour ladder →