The operating architecture of an independent security verification body
The security decision control plane for code, merge, release, and runtime.
Built for platform engineering and AppSec architects. The full schematic of how GoSentrix verifies.
GoSentrix sits between the tools that produce signals and the systems that act on them. At each stage of software delivery, it takes claims in, promotes them under doctrine, evaluates them against the active policy version, and emits a decision that can be replayed, attested, and defended later.
From signal to attested decision
The same four-step shape repeats at every stage: ingest, promote, evaluate, attest. What changes is what enters and what the decision authorizes.
SIGNALS IN
unverified
EVIDENCE PROMOTION
governed states
POLICY EVALUATION
bound to version
DECISION OUT
replayable, attested
Signals enter as unverified claims. Findings move through governed states — detected, observed, corroborated, validated — before they can become authoritative. Promotion strength is a function of source diversity, not signal count. The policy version is bound at decision time.
What the verification body is made of
Pioneer
Finding normalization. Takes scanner output and AI-agent claims as unverified inputs; emits a normalized claim ready for promotion.
Magellan
Evidence graph. The Neo4j-backed model that holds findings, archetypes, BOM applicability, lineage, and trust state.
Cassini
Enforcement gate. Evaluates promoted evidence against the active policy version; emits readiness decisions and signed proof records.
Aegis
Authorization. OpenFGA-backed; governs who can request, approve, or break-glass an override.
Astra
The console. Where AppSec, platform, and engineering leaders see decisions, evidence trails, and replay records.
Juno
Agent runtime. Where verification work that must run on customer infrastructure executes.
Hermes
Connector library. Pulls signals from scanners, AI agents, runtime tools, and ticketing systems.
WIL
Platform core. Identity, tenancy, workspace, and policy distribution.
MCP Gateway
The interface AI agents use to operate against GoSentrix under doctrine.
Every decision carries its evidence with it.
Every consequential decision is designed to be replayable. To be replayable, it must travel with the inputs it was made from.
| Field | What it binds |
|---|---|
| decision_fingerprint | Immutable identifier; ties this decision to its exact inputs |
| policy_version + policy_digest | The policy active at decision time |
| evidence_snapshot | The evidence that entered the policy evaluation |
| freshness_snapshot | When each piece of evidence was last verified |
| trust_state | The corroboration state of each evidence source |
| replay_command | The deterministic command to reproduce the decision |
| decision_downgraded + downgrade_reason_codes | Whether GoSentrix narrowed its own authority, and why |
| attestation | Designed for DSSE-signed envelopes and deterministic content-addressed bundle IDs |
A replay-grade manifest of the pipeline run itself.
GoSentrix emits a Pipeline Bill of Materials — a replay-grade manifest of which BOMs ran, against what artifact hashes, under what policy, with what decision. It sits above the individual software bills of materials, capturing the run itself, not the artifact alone.
Pipeline BOM v1: GoSentrix-native schema, shipped. CycloneDX export and end-to-end signing: roadmap.
What GoSentrix does, and what it doesn't.
GoSentrix does not replace scanners, agents, or runtime tools. It does not set the organization's risk appetite. It does not produce findings of its own.
GoSentrix is the layer between the tools that produce signals and the systems that act on them. It determines what those signals are allowed to become, whether they can promote into evidence, whether that evidence can justify enforcement, and whether the resulting decision can be replayed, audited, and defended later.
Sources GoSentrix verifies
- SAST, DAST, SCA, container, IaC scanners
- AI coding and review agents
- Runtime systems, RASP, EDR telemetry
- Threat-modeling and penetration-test output
- Ticketing and workflow state
Outputs GoSentrix produces
- Readiness assessments at code, merge, release, runtime
- Signed proof records and attestations
- Replay artifacts bound to policy version
- Pipeline BOMs
- Disproval records and downgrade ledger entries
Trust and security
Encryption
Evidence and decision records are protected in transit and at rest.
Identity
Authorization governs who can request, approve, or break-glass an override.
Residency
Deployment and data placement models are designed around customer operating constraints.
Audit support
Proof records preserve the evidence, policy, and replay context auditors need.
Want to see one made?
Walk through a real verification decision: the evidence that entered, how it was promoted, the policy version it was bound to, and the proof record it produced.