Trust Plane Architecture

How autonomous systems call Ardyn to govern actions, verify outcomes, and produce independently verifiable evidence — without exposing the cryptographic substrate.

The Trust Plane for Autonomous Systems

External AI agents call the Ardyn Trust Plane whenever trust decisions are required. Six Services handle governance, verification, trust, policy, release gating, and metering — every decision capable of producing a cryptographically verifiable AEA.

Your AI Systems REST API ARDYN TRUST PLANE Axiom Governance Verify Evidence Trust Scoring Policy Rules Release Gate Metering Usage Every decision → signed AEA → chain → independent verification AEA Ardyn Evidence Artifact Offline verifiable

Six Services. One Trust Plane.

Each Service answers a specific trust question. Together they form the complete Trust Plane — your AI systems call in, verifiable evidence comes out.

Axiom Service

Governance before execution. Evaluates every proposed action against your policies. Returns ALLOW, BLOCK, or ESCALATE — producing a signed Governance Decision AEA on every call.

Govern

Verify Service

Artifact verification. Look up any AEA by ID to get full verification status: signature validity, chain integrity, policy compliance. Hardware attestation reports re-derived to pinned roots.

Verify

Trust Service

Trust scoring and authority. Agents earn standing over time from verified evidence. Trust scores gate what agents are authorized to do — the rating→authority flywheel.

Authorize

Policy Service

Policy CRUD, versioning, diffing, and dry-run. Simulate policy changes against real history before activation. Every policy change signed and chain-recorded.

Define

Release Gate Service

Software-Assured release gating. Evaluates policy and validates AEAs before permitting tool execution. Not an interlock — interlock is reserved for DDC.

Gate

Metering Service

Usage accounting. Tracks verified trust events across all Services. Powers billing and settlement — without exposing internal substrate details.

Account

From Action to Independently Verifiable Proof

Every autonomous action calling the Trust Plane follows a constrained pipeline: governed → recorded → signed → verifiable.

1. Governance (Axiom Service)

The AI system calls POST /v1/governance/check before executing. Policy engine evaluates. Verdict returned. Signed Governance Decision AEA written to the ledger.

2. Verification (Verify Service)

Any party calls POST /v1/verify/artifact with the AEA ID. The Verify Service returns artifact type, signature validity, chain validity, and policy validity — all re-derived from bytes.

3. Trust Accumulation (Trust Service)

Verified outcomes accumulate into trust profiles. Trust standing determines authority. Higher trust → broader permissions. The flywheel is: govern → verify → trust → authorize.

4. Independent Re-Derivation

Every AEA carries every byte needed for offline verification. The ardyn-verify tool re-derives entry hashes, verifies signatures, and validates chain integrity — zero network calls, zero Ardyn contact.

Multi-Repo Architecture

The Ardyn platform spans five source repositories. Each has a distinct role in the architecture — from core evidence through to organizational cognition.

Kylewilson04/ardyn

afc5c890

Core platform: AEA evidence, DDC, Axiom policy engine, sovereign compute, website, and documentation.

Kylewilson04/forge

c844406

Authority and interlock framework: principal identity, action binding, delegation, quorum, pre-execution gates. AAECP controller lives here.

Kylewilson04/acta

494959f

Organizational cognition: Rust crates, SDK, API, and tools for converting operational evidence into durable knowledge.

Kylewilson04/acta-mcp

884ccb2

ACTA MCP server: binary distribution exposing 8 MCP tools for evidence surfacing and organizational cognition queries.

Kylewilson04/remediationplan

0a21eb8

Historical PREMP program (48-task remediation). Immutable reference — superseded by AAECP in Kylewilson04/forge.

Current state: The Ardyn Trust Plane is live in production serving real governance decisions, real AEA verification, and real AMD SEV-SNP hardware attestation verification. Hardware attestation for AMD SEV-SNP is cryptographically proven end-to-end against a pinned root. NVIDIA GPU CC and Apple Silicon are experimental. DDC (destruction interlock) is not production-enabled. Bitcoin anchoring is mock-only in production. The Trust Plane does not depend on anchoring to function — AEA integrity comes from chain hashing and issuer signatures, not external anchoring.