Governance built into the architecture. Not bolted on top.
The directive hierarchy, quality gates, and actor identity model are enforced inside the pre-model reasoning layer — before any downstream model responds, before any output is produced. Governance is not an audit of what happened. It is a constraint on what can happen.
Most enterprise AI governance is a separate system — a policy document, a review committee, a spreadsheet of approved models. It sits outside the AI interaction and relies on humans to enforce it after the fact.
grāmatr's governance is structural. The directive hierarchy, quality gates, and actor identity model are enforced inside the pre-model reasoning layer — before any downstream model responds, before any output is produced. Governance here is not an audit of what happened. It is a constraint on what can happen.
Five tiers. No data flows between them automatically.
grāmatr scopes intelligence and enforces policy through a five-tier hierarchy. Every cross-tier promotion requires explicit authorization, logged with the authorizing operator's identity and timestamp.
System tier
Platform defaults enforced by grāmatr. The baseline that every deployment inherits.
Enterprise tier
Organizational policies and compliance rules set by enterprise administrators. Every promotion to this tier is logged with the authorizing operator's identity and timestamp.
Team tier
Shared conventions and standards explicitly shared by team administrators. Everything not shared stays private. Teams cannot inherit organizational intelligence without enterprise-tier authorization.
User tier
Individual interactions build individual intelligence, encrypted at rest, isolated by row-level security at the database level.
Project tier
Intelligence scoped to a specific codebase or initiative. When a project moves teams, the intelligence moves with it under the same governance.
The hierarchy is enforced at the database layer via row-level security — not the application layer. A misconfigured service cannot bypass it.
Every request generates a governance artifact before any model responds.
The contract is the governance artifact for that request. It is immutable once issued — it cannot be revised after the output is produced. The pre-classification routing architecture is patent-pending.
Effort level
1 of 7 tiers, from instant lookup to comprehensive project — right-sized compute on every request.
Intent classification
What kind of work this is, routed by trained classifiers running in under 100ms.
Behavioral directives
The specific rules and constraints relevant to this request, drawn from the appropriate tier of the hierarchy.
Quality gate criteria
Typed PASS/FAIL standards set before the work begins, not after. Every criterion produces an evidence artifact — not a judgment call.
Set before the work. Verified against evidence. Recorded permanently.
Quality gates are set before any model responds. They are not a post-hoc review mechanism.
Each gate defines typed criteria — specific, evaluable standards the output must meet. When the work completes, each criterion produces a PASS or FAIL with an evidence artifact: a file path and line number, a command output, a diff snippet. A passing verdict requires evidence, not a judgment call.
The gate log is queryable per-user, per-team, per-project, and per-time-range. Every governed output produces a verifiable record that ties the output to the governance contract that was in force when it was produced.
Who made every request — recorded at the infrastructure layer.
grāmatr records who made every request before any model responds. The authenticated actor is identified and logged at the infrastructure layer — not inferred from application context after the fact. This is the first question a regulator or auditor asks. grāmatr answers it before the question is asked.
Two distinct surfaces. One for SOC 2. One for the EU AI Act.
Infrastructure audit log — SOC 2 evidence stream
Every action in grāmatr infrastructure — by human operators or automated agents — is written to a tamper-resistant, append-only ClickHouse log with INSERT-only credentials. No UPDATE or DELETE permissions on the audit writer role. Records are retained for 2 years in hot storage and 7 years in cold archive. Queryable via ClickHouse SQL (JSON, CSV, or Parquet) or the compliance events REST API.
Platform intelligence telemetry — AI Act transparency layer
Every AI interaction generates a per-request telemetry record: actor identity, intent classification, model selected, directives applied, quality gate criteria set, quality gate verdict with evidence, token consumption, and cost. This is the audit surface that supports EU AI Act Article 13 transparency requirements — documenting not just who acted, but what governance contract was in force and whether the output met it. grāmatr keeps two retention clocks, deliberately different. The governance audit trail — classification outcome, directives applied, gate verdict, token consumption, and cost — is retained across hot and cold storage tiers measured in years, exceeding the EU AI Act's six-month minimum log-retention floor by design, with a customer-accessible export API. Session content — the context delivered and the interaction payload — is held separately and minimized to 60 days by default, configurable to your application's needs, preserving the GDPR data-minimization posture. The audit log is kept long for accountability; the content window short for minimization. On-premises and private cloud deployments extend audit-trail retention for MiFID II, DORA, and multi-year EU AI Act requirements.
grāmatr maps directly to the four NIST AI RMF functions.
Tiered directive hierarchy, org-level policy enforcement, version-controlled governance records
Pre-classification of every request — intent identified, risk scope determined before models engage
Typed quality gates with PASS/FAIL evidence on every output
Append-only audit trail, out-of-band processing that keeps humans in the loop
NIST CSF alignment documentation available for enterprise review on request.
Where we stand today. Where we are headed.
SOC 2 Type I
Targeting Oct 15, 2026Every control mapped, version-controlled, and reviewed through pull requests from the program's first commit. Evidence pack maintained continuously as code, not assembled the night before.
SOC 2 Type II
Targeting Apr 15, 2027Data collection begins following Type I completion. Current compliance status and evidence pack available for enterprise due diligence under NDA.
NIST AI RMF
Full mappingAll four functions — Govern, Map, Measure, Manage — documented and mapped to grāmatr architecture. Available for enterprise review on request.
EU AI Act Article 13
Architecture supports Art. 13Per-request telemetry supports the Article 13 transparency obligations that apply to providers of high-risk AI systems — actor identity, intent, directives applied, quality gate verdict, cost. Risk classification and applicability scoping available under NDA; audit export included.
HIPAA
Architecture alignedPHI-covered workloads run on private cloud or on-premises only — infrastructure you control. BAA execution follows infrastructure ownership: your organization, or your implementation partner where they operate the deployment, executes the BAA. grāmatr does not process PHI on its cloud infrastructure and is never a party to the BAA. Current status available under NDA for healthcare prospects.
MiFID II / DORA
Configurable retentionConfigurable multi-year retention on on-premises and private cloud deployments. Talk to us about your specific jurisdiction.
We do not claim certifications we do not hold. Current status and target dates are available under NDA — contact [email protected].
Contact [email protected] to request under NDA.
The governance architecture is built. The evidence is verifiable.
If your procurement, legal, or audit function needs to verify what grāmatr's governance actually covers — we will walk you through it.
Review security architecture, the underlying science, or enterprise deployment.