● Illustrative preview · synthetic data · the customer's pane of glass over every embassy in its VPC — Recall included. The live portal is password-gated over the hub's fleet API.

Fleet

5 embassies across 5 customer VPCs · one dial: commercial Bolt-on → Regulated → DoD Sovereign — the same envelope, dialed · last sync 14:32:07 UTC
Hosted on AWS GovCloud (US) · FedRAMP High · IL5
4/5
EMBASSIES ONLINE
1,284
GOVERNED ACTIONS · 24H
37
BLOCKED BY TREATY
2
BEHAVIORAL ANOMALIES
0
BYTES OF IP EXFILTRATED

Embassies

dial-out · zero inbound ports · hub-blind · a HIPAA/PCI/SOC 2 node inherits the same DoD-hardened posture as a Sovereign one
patient-intake
acme-health · vpc-0a91f3
SOVEREIGN
sealtreatylicenserecall ✓
claims-triage
bluecross · vpc-7c22e1
REGULATED
sealtreatylicenserecall ✓
fraud-consortium
clean room · 3 banks · TEE
REGULATED
sealtreatytee-attestedrecall ✓
billing-qa
retailco · vpc-3f88a0
BOLT-ON
sealtreatylicense · 4drecall ✓
recon-node
gov-agency · vpc-il5-009
SOVEREIGN
recalledsealedaudit preserved

Decision log

incl. blocked · replayable
14:32ALLOWextract patient_record.fhir → structure (12 symbols)
14:31BLOCKexfiltrate /etc/shadow → not on treaty allowlist
14:30ALLOWrun_assurance → PASS (214/214), verdict only
14:28ESCALATEdelete_cohort → escalated to human oversight
14:27ALLOWquery_claims → projection (842 records, 0 PII crossed)
14:25BLOCKhttp POST attacker.io → egress denied (membrane)

Agent identities

SPIFFE · short-lived
triage-agent
spiffe://legation/acme-health/patient-intake/…
exp 12m
adjudicator
spiffe://legation/bluecross/claims-triage/…
exp 9m
fraud-scorer
spiffe://legation/medflow/fraud-consortium/…
exp 14m

Attestation

verify-it-yourself
Sealed bags verify against accreditation key
Transparency log co-signed by independent witness
log head  7a4f1c9e…2b08