Steward and Sync

Security

The authorization infrastructure you put in front of your systems of record is itself a security-critical system.

What follows is an honest account of what STS-001 processes, what it does not, where keys live, what the threat model covers, and what vendor access looks like during a design partner engagement.

Data Handling & Boundaries

What the governance plane processes

Processed

  • Actor identity and role binding
  • Action type and target resource
  • Active policy version at time of evaluation
  • Authorization decision (permit or deny)
  • Timestamp and TAO hash

Never processed

  • Payload data from the system of record
  • Record content or field values
  • User credentials or session tokens
  • Any data from the Reasoning Plane payload

No telemetry leaves the deployment. No call-home. No vendor visibility into operational decisions. All signing keys are customer-generated, customer-controlled, and TPM2 hardware-anchored. The vendor holds no key material at any point.

Architectural Security Properties

Fail-closed

If the Governance Plane is unavailable, no TAOs are issued and no writes to systems of record proceed. Unavailability is a known, detectable condition. An undetected unauthorized write is not. The system treats governance availability as a mandatory precondition.

Replay protection

Each TAO is consumed atomically with the write it authorizes. A captured TAO cannot be presented a second time — the ledger records consumption and the gate rejects a second presentation of any TAO regardless of how recently it was issued.

Tamper-evident ledger

Every TAO receipt is hash-linked to the preceding record. Altering any past entry breaks the chain from that point forward, detectable without a separate integrity monitor. The chain is the integrity proof.

Structural separation

The Governance Plane and Reasoning Plane are architecturally isolated. A compromised actor on the execution side cannot issue TAOs. TAO issuance is a function exclusively of the Governance Plane. Compromise of one plane does not grant authority on the other.

Threat Model

What the architecture addresses — and what it does not

Addressed

  • Compromised execution-side credentials attempting to write to systems of record
  • Privilege escalation within the Reasoning Plane
  • Replay of previously-issued TAOs
  • Post-hoc alteration of audit ledger records
  • AI agents self-authorizing their own actions

Not in v1

  • Full OS-level compromise of the Governance Plane host
  • Physical hardware attacks on the Persistence Plane
  • Network-layer attacks on communication between planes
  • Social engineering of the human administrator who manages governance policy

An attacker who wants to bypass the gate must achieve a qualitatively different kind of access — Governance Plane root — than executing a privileged action normally requires. This is a harder attack surface than the alternative of policy-based access control at the application layer. We define this boundary explicitly because buyers who understand the threat model make better deployment decisions.

Current Implementation Status

STS-001 is implemented and running on sovereign on-premise infrastructure. The architecture, TAO protocol, and persistence-layer gate are operational. Design partner engagements deploy against real environments. This is not a whitepaper product — the enforcement gate is active.

Security review questions?

Reach out and we will discuss your security requirements directly.

Request Briefing