Trusted control plane for verifiable AI inference
The control-plane answer

Give important AI action a signed receipt your customer can check.

When an AI workflow makes or recommends a decision — for example KYB review, lending triage, or claims escalation — TCD Proof records what policy applied, what action was required, which evidence references were used, and whether the receipt verifies.

It does this without storing the user’s raw question or the model’s answer.

Review pressure
Review pressure is changing. Regulated customers increasingly ask not only what an AI action returned, but how that action was governed.
Policy binding
“Which policy and SOP controlled this action?” Receipts can bind policy references, policy-set identity, procedure digests, and configuration fingerprints.
External verify
“Can our reviewer verify it outside your UI?” Verification reports can check canonical body, signature, binding fields, and evidence-chain status.
Durable evidence
“What survives restart, replay, or escalation?” Durable receipt references, evidence commits, ledger heads, and audit references remain independently checkable.
Three-plane control architecture AlwaysValid Risk Controller Terminal Contract Hardware-root attestation Durable evidence ledger

Why TCD Proof

When a reviewer asks for the decision trail, logs are not enough.

Logs can show that an AI request happened. They usually do not show, in one place, which policy or SOP version applied, what action was allowed or blocked, what evidence references were used, and whether the record can be checked outside your product.

TCD Proof packages those details into a signed receipt, without storing raw prompts, answers, or customer payloads.

The review moment

A customer asks for a decision trail that ordinary logs are not designed to provide.

Imagine your AI product helps review a business for KYB. The customer does not just ask for the model score. They ask which SOP was active, which policy version applied, whether human review was required, and whether the receipt can be verified outside your product surface.

Q1 “Show me the policy binding for this specific AI action.”
Q2 “Was the final action an advisory score, or an enforced Terminal Contract?”
Q3 “Can our reviewer verify the signature, config binding, and evidence-chain status independently?”
01

Logs say what happened inside your system. Receipts show what governed the action.

TCD Proof binds selected AI actions to identity, route, decision, policy, configuration, risk-control state, and receipt metadata so the event can be reviewed as a governed systems event.

02

Prompt wrappers are guidance. Terminal Contracts create enforceable downstream obligations.

Policy, routing, safety, security, and risk signals collapse into a normalized allow, degrade, or block contract with enforcement mode and reason semantics.

03

Audit evidence should be useful without exposing raw customer content.

TCD separates public proof, verification surface, audit view, storage reference, and ledger state. The proof surface is designed around references, hashes, bounded views, and sanitized metadata.

Technical architecture

Three layers for reviewable AI actions.

TCD Proof adds a control layer around high-stakes AI workflows. It connects the action, governing policy, decision path, human review state, and signed evidence so selected AI actions can be checked later without exposing raw customer or case data.

01

Inference layer

Inference Data Plane

A hard ingress boundary establishes identity, transport context, request budgets, rate controls, and envelope validity before downstream components are allowed to trust the event.

Hardened HTTP/gRPC Surfaces Auth & Identity Layer Rate & Budget Envelope Strict Request Envelope Deterministic Event Identity
02

Decision layer

Decision & Policy Plane

Safety detection, conservative calibration, AlwaysValid risk control, policy binding, strategy routing, and security orchestration resolve into a single enforceable Terminal Contract.

Safety Detector & Calibration AlwaysValid Risk Controller Multivariate Risk Signals Strategy Router Security Router Terminal Contract
03

Evidence layer

Governance & Evidence Plane

Attestation, receipt issuance, durable evidence commits, chain verification, audit views, and replay surfaces make the governed event externally checkable.

Multi-layer Attestation Canonical Receipt Body Chain Verification Evidence Ledger Audit & Replay External Verification Report
Loop
Governed control-plane mutation loop Trust updates, runtime patch gates, safe reloads, key rotation, calibration changes, rollback, and compensation leave evidence instead of invisible side effects.

Inference Data Plane

Hard ingress boundary with identity and budget controls.

The ingress plane receives live AI traffic through hardened HTTP and gRPC surfaces. It establishes request identity, authentication context, rate limits, body/header budgets, idempotency, and a strict envelope before downstream risk or evidence components are allowed to trust the event.

Hardened HTTP/gRPC Surfaces Auth & Identity Layer Rate Limiting & Budget Envelope Strict Request Envelope Deterministic Event Identity
Input Inference request, tenant and subject identity, transport context, payload digest, idempotency scope.
Control Budgeted envelope, authentication normalization, rate zones, bounded body/header surface.
Output Governed event with stable identity and content-agnostic anchors for downstream control.

Reveals deeper implementation controls without exposing source inventory.

Boundary hardening Strict envelope validation, bounded request surfaces, authentication projection, rate budgets, and explicit overload behavior.
Statistical control AlwaysValid Risk Controller semantics with e-process state, alpha-wealth accounting, and auditable trigger conditions.
Evidence hygiene Public, audit, verification, and storage views are separated so proof remains content-agnostic and bounded.
Failure semantics Degrade, block, fail-closed, outbox fallback, restart-safe lookup, and explicit uncertainty states for high-risk paths.
AlwaysValid risk control Runtime risk decisions are not reduced to a single static score.
TCD takes detector scores and calibration results, updates the AlwaysValid Risk Controller, and records the active mode, selected source, guarantee scope, e-process value, alpha-wealth budget, and risk-budget state in the receipt. Reviewers can see both the business outcome and the statistical guardrail that constrained it.
Terminal Contract enforcement Route planning and security orchestration resolve into one enforceable outcome.
TCD combines the policy match, route choice, authentication result, rate-limit result, detector evidence, and security signals into one Terminal Contract. Downstream systems receive a concrete instruction — allow, degrade, or block — with the enforcement mode and reason code, instead of a loose advisory score.
Hardware-root attestation Receipts are designed for key-governed issuance and chain verification.
For each receipt, TCD builds a canonical receipt body, records the receipt head, signing-key identity, key policy, and rotation or revocation status, checks hardware-root provenance where available, and returns a verification report that can be reviewed outside the app.
Durable evidence ledger Evidence survives restarts without carrying raw customer payloads.
TCD keeps separate records for the issued receipt, public proof, audit view, verification view, commit record, storage reference, ledger head, audit event, and replay state. Writes are idempotent, chain checks can detect forks, receipt lookup is replay-safe, verification is size-bounded, and failure states are recorded explicitly.
Governed mutation loop Runtime changes are controlled instead of becoming invisible side effects.
When policies, keys, configs, patch gates, trust settings, or evidence delivery retries change, TCD records the change as an audited control-plane action. Each change can have a rollback or compensation path, and the system records the business result and the evidence result separately.

Receipt layer

What a TCD Proof receipt can bind

A receipt is a compact verification artifact, but it is backed by a broader control plane: request identity, policy binding, calibrated risk state, Terminal Contract, attestation metadata, storage references, and verification evidence.

Receipt contents

  • Request, tenant, subject, workflow, route, decision, and deterministic event identity
  • Policy, policy set, SOP, rule, procedure, or template digest/version
  • AlwaysValid Risk Controller state: p-value, e-process, alpha wealth, and guarantee scope
  • Terminal Contract: required action, final action, allowed state, enforcement mode, and reason code
  • Hash-only evidence, artifact references, source references, and ledger/commit references
  • Model, configuration, build, route configuration, receipt configuration, and runtime fingerprints
  • KMS/HSM/hardware-root attestation metadata, key identity, signature, and chain status
  • Independent verification result across canonical body, signature, policy binding, and chain window

Governed flow

Diagnose event → Terminal Contract → receipt commit → external verify.

TCD Proof is designed around a receipt-first, evidence-safe lifecycle: a governed AI action enters through a hardened request envelope, passes risk and policy control, resolves into a Terminal Contract, commits durable evidence, and returns a verification surface that can be checked outside the app.

ID
1
Envelope & identity Create event identity, subject identity, idempotency scope, payload digest, and edge budgets.
SC
2
Detect & calibrate Run safety detection, conservative calibration, multivariate risk, and bounded evidence sanitization.
AV
3
Control risk budget AlwaysValid Risk Controller updates e-process, alpha wealth, mode, and guarantee scope.
TC
4
Resolve Terminal Contract Routing and security controls collapse policy and risk into allow, degrade, or block.
RC
5
Issue & commit receipt Build attested receipt surfaces, commit content-agnostic evidence, and persist ledger/audit references.
VF
6
Verify independently Check canonical body, signature, receipt head, policy binding, runtime fingerprints, and chain window.

Runnable proof path

Run the full receipt chain locally.

The Quickstart exercises the complete local proof path: a governed /diagnose request enters through the HTTP surface, PolicyStore and SecurityRouter resolve a Terminal Contract, TCD issues signed decision and commit receipts, persists receipt references and evidence-chain state in SQLite, and verifies the result by receipt reference, verification bundle, top-level receipt material, storage-window chain traversal, and after process restart.

What the full-chain demo validates

This is the fastest way for reviewers to see what TCD Proof actually produces: not just a diagram or policy claim, but a signed, committed, restart-safe receipt path with independent verification outputs.

PolicyStore loaded and SecurityRouter path used
Terminal Contract resolved to a governed block decision
Signed HMAC decision receipt and commit receipt issued
Durable SQLite receipt_ref lookup enabled
Durable SQLite evidence-chain commit completed
Policy, receipt config, service config, build, and image bindings verified
PQ-required signature path verified
By-ref, by-bundle, top-level, and storage-window verification passed
Restart-safe durable by-ref verification passed

Use cases

Built for AI vendors whose customers ask for proof behind AI-assisted decisions.

TCD Proof is useful when a bank, insurer, lender, compliance team, or public agency needs to review what happened after an AI-assisted action. It gives the vendor a signed record showing which policy or SOP applied, what action was allowed or blocked, which evidence references were used, and whether the record can be checked outside the product UI.

Lending & underwriting Document intelligence, income calculation, credit workflow actions, fraud signals, and policy simulations.
Insurance AI Claims investigation, claims triage, underwriting risk scoring, evidence citation, and human review states.
Compliance operations Case documentation, audit-ready narratives, policy mapping, QA review, and procedure-bound actions.
Enterprise assurance Vendor risk reviews, customer trust packages, audit response, and application-external proof artifacts.

Capabilities

What TCD Proof checks, records, and verifies around each AI action.

A TCD receipt is backed by checks before, during, and after an AI-assisted action: request limits, identity, policy version, risk state, route decision, signature, evidence references, verification results, replay behavior, and runtime changes. Reviewers can see what was checked, what was recorded, and what can be verified without exposing raw prompts, answers, cookies, auth headers, or customer payloads.

Request intake checks

TCD checks each HTTP or gRPC request before downstream systems trust it: body size, header size, vector size, chain length, authentication context, rate-limit zone, idempotency key, and stable event identity. If the request is malformed, oversized, overloaded, or unsafe to process, the failure path is explicit.

Identity and policy binding

Each selected action can be tied to the request identity, event identity, tenant, subject, route, policy reference, policy digest, receipt settings, config fingerprint, and runtime build identity. This lets a reviewer ask: “Which rule set was active for this action?”

AlwaysValid risk budget

TCD converts risk signals into controller state, including e-process and alpha-wealth values. The receipt can record the controller mode, guarantee scope, selected source, and risk-budget state separately from the final business decision, so reviewers can see both the outcome and the statistical guardrail behind it.

Safety detection and calibration

Detector outputs are deterministic for the same request and configuration. Calibration state is recorded through stable digests, evidence is sanitized and bounded, and timeout or error paths can fail closed instead of silently passing through.

Route decision and Terminal Contract

TCD combines policy match, authentication result, rate-limit result, detector evidence, route choice, and security signals into one Terminal Contract. Downstream systems receive a concrete instruction — allow, degrade, or block — with enforcement mode, route plan, decision identity, and reason code.

Receipt signing and key evidence

TCD builds a canonical receipt body, records the receipt head, signing-key identity, key policy, signature status, and rotation or revocation readiness. Where available, deployments can add hardware-root or HSM/KMS-backed signing evidence and return a report that can be checked outside the app.

Durable evidence records

TCD can persist receipt references, audit references, ledger heads, commit references, storage references, outbox state, and evidence identity. The evidence record avoids raw prompts, completions, cookies, auth headers, and customer payloads; it keeps references, hashes, and bounded metadata instead.

Verification reports

TCD can produce a verification result for the receipt body, receipt head, signature, policy binding, expected config/build/image fingerprints, chain window, and evidence references. A reviewer can check the receipt without relying only on your product UI.

Restart and replay checks

TCD keeps receipt lookup, idempotent writes, prepare/commit evidence flow, restart-safe access, replay-safe lookup, chain traversal, and explicit failure states. A receipt should still be checkable after restart, retry, or recovery.

Audited runtime changes

When policies, configs, keys, calibration settings, patch gates, trust settings, or evidence-delivery retries change, TCD records the change as an audited action. The system can track rollback or compensation paths and keeps the business result separate from the evidence result.

Operational telemetry

TCD can export bounded metrics, structured logs, runtime diagnostics, health and readiness checks, hardware/runtime evidence, and privacy-aware telemetry. The goal is to make operations reviewable without turning logs into a place where customer content or secrets leak.

Async demo

Review the full governed inference flow.

The async demo pack includes a short screen recording, redacted full-chain summary, minimal Quickstart, sample signed receipt, verification report, and an architecture walkthrough covering request envelope, Terminal Contract, evidence commit, and external verify.