MANIFESTO

Your AI policy,
running as infrastructure.

Every enterprise has an AI policy — usually a PDF nobody can enforce. Manifesto is the governance runtime between your applications and every LLM provider: the policy is declared once, enforced on every request, and proven to any auditor.

OpenAI-compatible: point any SDK at /v1 with your app key.
No SDK migration. No provider lock-in.

01 · A REQUEST ENTERS THE PIPELINE
DECLARED

Policy as versioned law

Author in plain language or YAML. Publishing creates an immutable version — compliance packs can be tightened, never loosened, and no override flag exists.

# gdpr-pii-baseline
when:
  detectors.pii: { exists: true }
  provider.region: { notEquals: eu }
then:
  verdict: deny
ENFORCED

Sanitized before it leaves the building

Detectors find the email and the card number; policy replaces them mid-flight. The provider receives a prompt that was never dangerous — and the decision names the exact rule that fired.

02 · STAGE 04 · SANITIZE_INPUT
PROVEN

Every decision leaves evidence

Append-only audit records with content hashes — never raw text by default — and per-execution exports a regulator can hold: JSON, HTML, PDF. Nothing is ever deleted; nothing is ever edited.

03 · THE AUDIT LEDGER
OBSERVED

An instrument panel, not a black box

Per-stage latency, verdict streams, overhead SLOs. Your governance layer is something you watch, not something you trust blindly.

04 · LIVE TELEMETRY
12PIPELINE STAGES
6RUNTIME ENDPOINTS
5CI-BLOCKING GATES
≤500msOVERHEAD P95 SLO
SHA-256CONTENT HASHES
RUNTIME STATUS CHECKING… checking runtime components…