DRDatumRelayRFQ release control

Enterprise trust center

Evidence for qualification. Clear gates for production.

DatumRelay 2.0 is a conditionally qualified shadow-mode release with bounded parsers, fail-closed decisions, audience-isolated evidence, an offline verifier, pinned dependencies, and byte-for-byte verification of current built assets. It does not claim that independent builds are bit-for-bit reproducible or disguise missing enterprise controls as completed work.

2.0.0-qualification.1Local-firstConditional shadow mode onlyUpdated July 19, 2026
!
Qualification is conditional and is not production authorization.

Customer use remains NO-GO until the signed pilot record supplies its named operator/sponsor, monitored private incident contacts, and data-class approval. The current client has no enterprise identity, tenant service, authoritative policy/key service, immutable audit backend, contractual SLA, or safety certification. A checksum proves integrity—not approval or authorship.

Implemented in this release

These controls are inspectable and exercised by the qualification gate.

1

Fail-closed decisions

Exact rule baselines, strict schemas, current trusted routes, unresolved-review holds, and immediate stale-result invalidation.

2

Bounded file processing

Dedicated CAD/STL workers enforce byte, triangle, vertex, work, finite-value, index, and output budgets.

3

Audience isolation

Buyer and supplier records use distinct positive allowlists; buyer routing and governance correlators stay out of supplier packages.

4

Offline verification

Archive layout, work limits, CRC-32, SHA-256, schema, audience, manifest, and source references are checked independently.

5

Release traceability

Locked dependencies, automated tests, CycloneDX SBOM, production build, hashed asset manifest, and machine-readable gates.

6

Honest claims boundary

Unsupported CAM, collision, GD&T, inspection, certification, price, capacity, and acceptance decisions remain explicitly not covered.

Control status

Production gates cannot be waived by a browser setting or a code-only decision.

DatumRelay enterprise control status
Control familyQualification statusProduction requirement
Decision and evidence integrityImplemented and testedIndependent corpus and security validation
Enterprise identity and tenancyNot presentSSO, SCIM, MFA policy, RBAC, tenant isolation
Signing, policy, and revocationFail-closed schemas onlyExternally trusted service with KMS/HSM
Audit and trusted timePortable evidence onlyAppend-only/WORM audit and external timestamps
Native CAD securityBrowser limits and worker boundaryProcess sandbox, fuzz campaign, independent penetration test
Blocker-safety evidenceAutomated regressionZero misses in at least 299 independent representative blocker cases
Operations and contractsRunbooks and owner placeholdersNamed owners, SLA/RTO/RPO, DR exercise, legal/data terms

Review the boundary

Product scope

See exactly what each status means, which evidence is derived or declared, and which engineering domains remain outside the product.

Review claims

Security and privacy

Inspect local processing, browser/storage boundaries, archive controls, operator responsibilities, and unresolved enterprise requirements.

Review security

Verify an evidence ZIP

Use the separate static verifier. Embedded source files remain hidden until structural and content verification completes.

Open verifier

Qualification engagement

Commercial entry starts with frozen evidence and shadow mode, not an enterprise-wide production promise.

Review approach

Bring evidence to the buying decision.

Evaluate the synthetic workflow, inspect every rule and limitation, then structure a qualification around your independently labeled release corpus.

Open qualification client