Open governance
Legible to the governed.
“Governance” fails when it’s only legible inside your network. IF.Trace moves the proof outside: stable, no‑login receipts that third parties can verify without joining your internal world.
Black/white
What this page is (and is not).
Goal
Make third‑party verification possible without credentials.
Mechanism
Hashes + trace receipts + stable URLs + optional offline bundles.
Not implied
“Compliance achieved” or “correctness of interpretation”.
The governance stack
Where IF.Trace sits.
Receipts don’t replace governance. They remove ambiguity from it.
- Receipt layer (IF.Trace): integrity binding + chain‑of‑custody IDs + share surface.
- Review layer: external review packs, panel critique, dispute workflows.
- Enforcement layer: gates/stop‑conditions that consume receipts (CI, access, runtime).
/static/trace/<shareId>
/static/dossier/<shareId>
/static/dossier/<shareId>/download
/static/pack/<shareId>.md
/static/review/<shareId>.md
/static/marketing/<shareId>.md
/static/source/<source_sha256>.pdf
For whom (and who will hate it)
Legible to outsiders.
A constitutional framing: the goal is external verifiability, not internal comfort.
For
- GRC / Audit leads drowning in evidence requests.
- Security architects who need proof without theater.
- Legal / compliance teams needing chain‑of‑custody.
- AI product teams facing “why did it say that?” questions.
- Gov/defense contractors requiring offline verification.
Not for
- Teams seeking a “badge” without publishing verifiable artifacts.
- Workflows where evidence cannot leave the internal network.
- Organizations that want uncertainty to stay hidden.
- Anyone who needs governance to remain ambiguous.
Charters
How we keep it honest.
Plain Markdown docs: readable, linkable, easy to critique.
Live example
A real trace receipt you can verify right now.
“VERIFIED” means the published bytes hash to what the receipt says. “QUANTUM READY” means a post‑quantum signature receipt exists (additive; integrity hashes still stand).