Artifacts

Public claims are kept narrow and tied to reviewable artifacts.

This page is a public index. It separates what can be checked publicly from material provided through qualified buyer or controlled-distribution channels.

Runtime evidence

Governance health endpoint

Operational health for the enforcement plane and public gateway surfaces.

GET /governance/health

Hash-chained evidence ledger

Append-only record of enforcement decisions. Each record links to its predecessor. Verification tooling is included in controlled review material.

Available to qualified reviewers via governance@taskhawktech.com

Formal verification

Six-layer formal verification summary

Reviewer-facing summary of the Kevros Enforcement Kernel verification stack: TLA+, Kani, Verus, runtime assertions, golden vectors, and Lean 4. The public corpus records 71 proof artifacts across the six-layer stack.

Review the public summary

TLA+ model of the release-token protocol

State-space model and verifier output are maintained for the release-token protocol under a documented fault model.

Public verification repository: taskhawk-systems/kevros-formal-verification

Verification manifest

The public manifest covers TLA+, Kani, Verus, runtime assertions, golden vectors, and Lean 4.

Public verification repository: taskhawk-systems/kevros-formal-verification

Research

Bounded Confidence Envelopes

Supporting research on inference-time enforcement using calibrated confidence signals. This is separate from the Kevros Enforcement Kernel verification artifact.

Review the public summary

Standards contributions

The Budget HTTP Authentication Scheme and 427 Budget Required Status Code

Individual Internet-Draft defining the 427 (Budget Required) status code, the Budget HTTP authentication scheme, the Budget-Attestation field, and a CBOR/COSE Budget-Attestation envelope for delegated, bounded spend or resource authority. Public Datatracker status is authoritative.

IETF Datatracker: draft-mcgraw-httpapi-agent-budget

Patents

Patent docket: three applications

Subject-matter summary covers the cosign primitive, release token lifecycle, and permission-before-power architecture. Claim language is controlled.

Patent applications: available on request via legal@taskhawktech.com

Compliance posture

CMMC Level 2 self-assessment SSP

TaskHawk maintains self-assessment material for CMMC Level 2 and NIST SP 800-171 review. Internal evidence mapping extends beyond the NIST SP 800-171 assessment set; recorded SPRS score context is available through qualified review. No C3PAO or third-party certification is implied by public wording.

CMMC Level 2 SSP: available on request via legal@taskhawktech.com

Government compliance documentation

Sanitized documentation can be provided to qualified reviewers through the appropriate channel.

Available on request via legal@taskhawktech.com