Fail-closed decisions
Exact rule baselines, strict schemas, current trusted routes, unresolved-review holds, and immediate stale-result invalidation.
Enterprise trust center
DatumRelay 2.0 is a conditionally qualified shadow-mode release with bounded parsers, fail-closed decisions, audience-isolated evidence, an offline verifier, pinned dependencies, and byte-for-byte verification of current built assets. It does not claim that independent builds are bit-for-bit reproducible or disguise missing enterprise controls as completed work.
Customer use remains NO-GO until the signed pilot record supplies its named operator/sponsor, monitored private incident contacts, and data-class approval. The current client has no enterprise identity, tenant service, authoritative policy/key service, immutable audit backend, contractual SLA, or safety certification. A checksum proves integrity—not approval or authorship.
These controls are inspectable and exercised by the qualification gate.
Exact rule baselines, strict schemas, current trusted routes, unresolved-review holds, and immediate stale-result invalidation.
Dedicated CAD/STL workers enforce byte, triangle, vertex, work, finite-value, index, and output budgets.
Buyer and supplier records use distinct positive allowlists; buyer routing and governance correlators stay out of supplier packages.
Archive layout, work limits, CRC-32, SHA-256, schema, audience, manifest, and source references are checked independently.
Locked dependencies, automated tests, CycloneDX SBOM, production build, hashed asset manifest, and machine-readable gates.
Unsupported CAM, collision, GD&T, inspection, certification, price, capacity, and acceptance decisions remain explicitly not covered.
Production gates cannot be waived by a browser setting or a code-only decision.
| Control family | Qualification status | Production requirement |
|---|---|---|
| Decision and evidence integrity | Implemented and tested | Independent corpus and security validation |
| Enterprise identity and tenancy | Not present | SSO, SCIM, MFA policy, RBAC, tenant isolation |
| Signing, policy, and revocation | Fail-closed schemas only | Externally trusted service with KMS/HSM |
| Audit and trusted time | Portable evidence only | Append-only/WORM audit and external timestamps |
| Native CAD security | Browser limits and worker boundary | Process sandbox, fuzz campaign, independent penetration test |
| Blocker-safety evidence | Automated regression | Zero misses in at least 299 independent representative blocker cases |
| Operations and contracts | Runbooks and owner placeholders | Named owners, SLA/RTO/RPO, DR exercise, legal/data terms |
See exactly what each status means, which evidence is derived or declared, and which engineering domains remain outside the product.
Review claimsInspect local processing, browser/storage boundaries, archive controls, operator responsibilities, and unresolved enterprise requirements.
Review securityUse the separate static verifier. Embedded source files remain hidden until structural and content verification completes.
Open verifierCommercial entry starts with frozen evidence and shadow mode, not an enterprise-wide production promise.
Review approachEvaluate the synthetic workflow, inspect every rule and limitation, then structure a qualification around your independently labeled release corpus.