Live Proof Surface

Don't trust us. Verify us.

Every other compliance vendor tells you their controls work. We show you the SHA-256 tamper-hash gate, the corpus-parity heartbeat, and the 10-lens crosswalk auditor — live, on this page, with no login, no sales call, no NDA. If anything below is red, we don't get to claim "provable" today.

The Gate The Heartbeat The 10 Lenses Nuclear Vertical

Snapshot computed at page load · cached 60 seconds · refresh to recompute

1 of 3 · The Gate

Tamper-Hash Gate

Every deploy is gated by a SHA-256 hash of the canonical-JSON-encoded control corpus. If any control definition, framework crosswalk, or NIST anchor changes — by us, by an attacker, or by accident — the hash changes, the gate fails, and the deploy is blocked before it reaches a customer. Re-hash the published constants yourself; if your number matches ours, the gate is honest.

Corpus Tamper-Hash

UNCHANGED

            a3c22fcd…cb6fd59a
          

SHA-256 of the canonical-JSON-encoded control corpus. Matches the value baked into the gate at last release — deploy passes.

Deterministic Verifiers

49 deterministic verifiers run against the corpus on every commit and every page load, alongside 220 CI checks across 28 regression suites. Each one is a reviewable check — corpus parity, anchor coverage, framework-version pinning, crosswalk integrity, and more. Failure of any one fails the deploy. Byte-identical across runs.

Snapshot timestamp (UTC): 2026-06-21T11:42:53.667463

2 of 3 · The Heartbeat

Corpus Parity at Last Boot

Most compliance tools self-check once a year, at audit. Guardian Posse self-checks at every restart — the C86 heartbeat compares every NIST anchor declared by our static crosswalk corpus against every edge actually emitted into the runtime graph. The result is logged AND surfaced here. If they disagree, this card turns red the moment a worker boots.

Last Boot Heartbeat

Clean — 100% Parity

                100.0%
              

parity

Present in Both

207 / 207

Missing in Graph

0

Orphan in Graph

0

Unexpected Source

0

Captured at 2026-06-21T05:23:33.931113Z UTC. Same number written to the boot log under the grep token [C86_PARITY_HEARTBEAT]. Recomputes at every worker restart.

3 of 3 · Verify It Yourself

The 10-Lens Crosswalk Auditor

Your auditor can ask the same compliance question ten different ways and get ten deterministically consistent answers — each one byte-identical across runs. Below is the full catalogue. The endpoints are login-gated (you'll need an account to hit them), but the questions they answer and the URLs themselves are public, because a "proof" anyone can demand is the only kind of proof that counts.

Lens	Name	Question It Answers	Endpoint
C71	Crosswalk Lookup	Where does this NIST control appear across CMMC, ISO, PCI, HIPAA, SOC 2?	`/api/graph/crosswalks/<framework>/<control>`
C76	Crosswalk Gap Analysis	Which controls in framework X have no NIST anchor at all?	`/api/graph/crosswalks/<framework>/<control>/gaps`
C77	Crosswalk Bulk Export	Give me the entire mapping table as CSV for offline audit.	`/api/crosswalks/export`
C80	Posture Gaps by Framework	Which NIST anchors does this framework's table fail to cover?	`/api/crosswalks/posture-gaps/<framework>`
C81	Reverse Lookup	Given an external control ID (e.g. CMMC AC.L2-3.1.1), what NIST anchors does it map to?	`/api/crosswalks/reverse-lookup`
C82	Crosswalk Integrity Audit	Are any framework crosswalks pointing at NIST IDs that don't exist?	`/api/crosswalks/integrity`
C84	Coverage Matrix	For each NIST anchor, which target frameworks claim coverage?	`/api/crosswalks/coverage-matrix`
C85	Graph × Corpus Parity	Does the runtime graph match what the static crosswalks declare? (live drift detector)	`/api/crosswalks/parity`
C90	Family Heatmap	For each NIST family, what fraction of anchors does each framework cover?	`/api/crosswalks/family-heatmap`
C91	Framework-Version Provenance	What edition of each framework do these crosswalks derive from? Is the version pinned in the label?	`/api/crosswalks/framework-provenance`

Download CSV Download JSON

Take the catalogue offline as CSV (spreadsheet) or JSON (machine-citable) for your audit working papers — public, no login. Existing customers verify all ten in the auditor UI at /admin/graph_auditor. The same primitives back the C87 (136 checks across 18 suites) and C88 (84 checks across 10 suites) test harnesses that run as hard gates on every pre-publish.

Vertical Specialization · Nuclear

Built for Nuclear customers via kojie.works

Nuclear customers cannot accept probabilistic AI. The NRC, IAEA, and DOE assessors want a falsifiable trail — every decision a machine made, who seconded it, which regulation it cited, and the cryptographic signature on the submission. Guardian Posse supplies the cyber-defense spine; kojie.works supplies the nuclear-domain agents; both run the same Kojie Standard contract and certify against the same SHA-256 corpus-parity baseline. One gated corpus, two regulated surfaces, zero hand-off gap.

Cyber spine

Guardian Posse Cybersecurity

gpcybersecurity.com

12 cyber-defense agents

CPAS Standard
SHA-256 Gated

Nuclear vertical

Kojie Works — Nuclear Decommissioning Platform

kojie.works

4 nuclear-decommissioning agents

The Four Nuclear Agents

SurveySentry

MARSSIM survey design, statistical sampling, scan-MDC analysis

NRCNotary

NRC docketing, NESHAPs compliance, license termination workflow

HealthPhysicist

DCGL/WRS dose modeling, ALARA, radiation worker safety

ComplianceChief

Report formalization, crypto-signed submission packaging, regulator-facing output

Registry-Bound Coverage Tier 1 · Machine-Citable

NRC 10 CFR 73.54 (b) — Cyber Security Program for Nuclear Facilities

registry_key=nrc_10_cfr_73_54 · section=(b)-Program

IAEA NSS 17 Rev 1 §4 — Computer Security at Nuclear Facilities

registry_key=iaea_nss_17_r1 · section=§4-Program

Verifiable in /cpas/manifest.json — re-fetchable as JSON by any 3PAO.

Manifest-Declared Coverage Tier 2 · Inventory-Declared

NRC 10 CFR 20 (Standards for Protection Against Radiation)

NRC 10 CFR 50 (Domestic Licensing of Production & Utilization Facilities)

MARSSIM (Multi-Agency Radiation Survey and Site Investigation)

EPA NESHAPs (40 CFR Part 61)

OSHA 29 CFR 1910.1096 (Ionizing Radiation)

DOT 49 CFR 173 (Shippers — General Requirements)

Declared in cross_platform_agent_manifest.py (kojie platform regulatory_focus + per-agent regulatory_coverage). Source-of-truth for the cross-platform showcase, registered with regulators at the platform tier; formal ToolCitation rows are queued as the kojie integration matures.

Verify the cross-platform pairing:

CPAS Manifest (live) Kojie Standard (spec) Standard Page

Both platforms run the same Kojie Standard (N-agent consensus, crypto-signed audit, deterministic tool inventory, explicit regulatory coverage, machine-to-machine output) and certify against the same SHA-256 corpus-parity baseline. One gated corpus. Two regulated surfaces. Zero hand-off gap.

Now imagine handing this to your assessor.

A live proof URL beats a 400-page binder. CMMC L2 in 6 weeks, NIST and HIPAA on the same map, and an auditor surface your prime can re-run any second of any day.

See Your Proof in 6 Weeks Back to Overview