Recon Studio
Self-serve proof for runtime governance and trust evidence—PoV demo, Trust Loop, AuditPacket, SIEM compose, and dashboard previews. Observe-first; model boundaries before enforce.
Observe-only by default — no autonomous execution in phase 1. SIEM export uses observeOnly: true; bounded authority defaults to enforcementActive: false.
Define → validate → preview → evidence → SIEM → verify
The evaluator spine for security sponsors: declare boundaries, emit portable proof, forward to your SOC, then verify with replay and audit packets—observe-first throughout phase 1.
- 1Define
Governance contract & policy intent (preview)
- 2Validate
Schema + doctrine checks
- 3Preview risk
Synthetic GhostLog posture — not live enforce
- 4Evidence
GhostLog, portable bundles, org export
- 5SIEM
NDJSON/CEF forward with observeOnly
- 6Verify
Timeline replay & evaluator packet
Run the proof path
Decision Defensibility Assessment
24-question self-assessment—Decision Defensibility Score, Audit Packet readiness projection, and 30/60/90-day observe-first next steps.
Intent Assurance Workspace
Consultant front door—Discover → Compile → Approve → Implement → Assure. Compiler Confidence, Intent Coverage, Client Validation, and Implementation Assurance Blueprint (generated implementation package; Salesforce-thin adapter).
Organizational Intent Compiler
Canonical compiler engine—enter a policy or pick a template for governance, runtime projection, and evidence layers with control matrix and coverage score.
Compare Frameworks
Intent Evolution Engine — diff two governance artifacts across intent, runtime projection, GhostLog evidence, and trust impact (C3).
Compiler Performance
CVM-1 benchmark rollup—Intent Fidelity, coverage, projection accuracy, and Trust Lock health across Healthcare, Enterprise, and Financial dialects.
Trust Evidence for AI Incidents
Select an incident scenario—evidence inventory across Identity, Runtime, Governance, and Reconstruction. Readiness score, trust gap summary, and investigation workflow.
Trust Evidence Packet Generator™
Package governance, runtime, lineage, containment, and reconstruction evidence into a review-ready artifact. Evidence completeness score and manifest checksum.
Run Enterprise PoV
pnpm demo:enterprise-pov from repo root (~20–30 min).
pnpm demo:enterprise-povEnterprise Trust Loop
Deep evaluator walkthrough (~45–90 min) with dashboard checkpoints.
scripts/enterprise-trust-loop-v1.shGenerate AuditPacket
Portable evaluator handoff for security, GRC, and audit reviewers.
pnpm audit-packet:generateSIEM docker eval
Compose stack + sample NDJSON—verify HMAC and observeOnly posture.
deploy/docker-composeTimeline replay
Dashboard preview at /policies/timeline-replay—sign in for workspace scope.
Requires sign-in for workspace tenant scope.
Governance previews
Contracts, authority lineage, and containment—preview badges only.
Preview vs enforced
Use in security questionnaires and procurement—honest about what runs at runtime today.
| Surface | User-visible behavior | Enforced at runtime? |
|---|---|---|
| TrustGovernanceContractV1 | Badges, synthetic GhostLog preview JSON | No — not wired to guard.ts |
| Authority / lineage preview | Trust badges, synthetic events | No |
| Containment / sandbox preview | Risk score, boundary badges | No — metadata only, not VM isolation |
| SIEM export | Forward rows to webhook/SIEM | No new blocks — observe-only forwarding |
| Guard ingest (integrated paths) | Block/allow on configured ingest | Yes — where integrated |
| Trust Lock runtime_strict | Tool call signature on governed swarm path | Yes — scoped path |
| Bounded authority bindings | Audit + activation records | Mostly audit — default enforcementActive: false |
What Recon.AI is
- •AI runtime governance and trust evidence for regulated copilots and agentic workflows.
- •Connects Reflex, guard ingest, and GhostLog to declared governance boundaries and exportable survivability evidence.
- •Leads observe-first: prove what happened in your existing SOC before graduating enforcement on scoped paths.
What Recon.AI is not
- •Not a replacement SIEM (Splunk, Sentinel, Datadog)—forwards trust-shaped telemetry into them.
- •Not HIPAA/SOX/certification—evidence infrastructure and declarative samples only.
- •Not compute sandbox isolation—containment v1 is metadata and preview badges.
- •Not crypto-signed non-repudiation in v0—attestations are hash-only by design.
Recon leads with observation, declared boundaries, and exportable evidence. Enforcement on integrated paths and Trust Lock requires explicit configuration—bounded authority activation defaults off (enforcementActive: false). Illustrative JSON keeps carriesExecutionAuthority: false.
Ready for a scoped pilot?
14-day enterprise pilot or 30-day Founding Cohort activation—both lead with observe-only SIEM eval and portable evidence.