This definitive documentation provides exhaustive technical specifications for the Railproof Sovereign stack—from sub-millisecond physics audits to the 'Two-Man Rule' governance lifecycle.
Railproof orchestrates 10 deterministic layers of safety and governance into a unified VPC sidecar. Every response must clear the stack before egress.
| Layer | Protocol Name | Functionality |
|---|---|---|
| L0 | Physics Perimeter | [HARDENED] // PROOF: Sub-millisecond Benford's Law audit at the network edge; provides a deterministic, physics-based block that cannot be bypassed via prompt injection. |
| L1 | Sovereign Proxy | OpenAI-compatible gateway; enables seamless, platform-agnostic redirection for all enterprise AI traffic. |
| L2.1 | Ingestion Air-Lock | [HARDENED] // PROOF: Mandatory Clean-at-Rest scrubbing; PII is discarded and replaced with deterministic [ENTITY_] keys before data reaches the Postgres L6 vault. |
| L3 | Redaction Core | Multi-family semantic stripping (Llama 3); removes residual non-tabular PII and contextual identifiers via local reasoning. |
| L4.5 | Sector Mastery Jury | [v4.0 MASTERY] // PROOF: Universal audit of 23 industry risks (AML, Ghost Precedents, PHI, etc.) via local Lllama 3.2; ensures logic never leaks or hallucinates. |
| L6 | Immutable Ledger | SHA-256 cryptographic non-repudiation; every safety decision is hashed and logged to create a permanent, verifiable audit trail. |
| L7.5 | Self-Correction | Recursive refinement protocol; identifies reasoning drift and triggers up to 2 autonomous repair attempts before falling back to steered responses. |
| L8-10 | Multi-Sig | [HARDENED] // PROOF: Cryptographic "Two-Man Rule"; requires Admin Proposal JWT and Auditor Execution JWT to modify any system-level safety threshold. |
| L9 | Threat Intercept | Real-time SIEM/SOAR signaling; emits instant critical telemetry (PHYSICS_BREACH, REDACTION_STRIKE) for SOC situational awareness. |
Policy can be gamed; Physics cannot. Railproof anchors its first line of defense in the natural statistical distribution of data.
Numeric hallucinations follow non-natural distributions. We extract leading significant digits using the deterministic regex:
\b([1-9])\d*(?:\.\d+)?\b
Deviation is calculated against the ideal logarithmic curve: $P(d) = \log_{10}(1 + 1/d)$. If the deviation score exceeds 0.8, the response is instantly stripped at the network egress.
Safety protocols are protected by a cryptographic 'Two-Man Rule' inspired by nuclear security protocols. No admin can lower thresholds unilaterally.
Adjusts thresholds (e.g., set L4.5 to 0.12) and generates a signed Proposal Artifact (JWT). Changes remain inactive and audit-only.
Reviews the proposal, verifies the reasoning log, and executes the Protocol Lock by signing the Admin's JWT artifact.
governance_ledger, creating an unbreakable chain of custody for every safety policy change.
Railproof explicates the exact technical logic used to enforce safety across industry-specific payloads.
- L2 Context: Regex-based ticker scanning ($TICKER).
- L4.5 Mastery: Auditor identifies "Imperative Financial Direction", "Market Manipulation", and "AML Evasion".
- Enforcement: Universal Finance Master policy checks for fiduciary integrity.
- L2 Context: Sovereign Case-Law RAG verification.
- L4.5 Mastery: Cross-family verification of phantom citations + Jurisdictional check.
- Enforcement: Choice between RAG (Proof) or STRICT (Zero-Trust) safety modes.
- L3 Core: Deterministic culling of SSNs and masked PII.
- L4.5 Mastery: Secondary "Semantic Wash" to identify names, diagnoses, and drug interaction risks.
- Enforcement: Dosage Intercept (L0) + Zero-Leak PHI Enforcement.
Railproof is designed for the modern VPC, deployed as a sovereign sidecar service.
- Core: Node.js 22 (Non-Blocking Proxy)
- Real-time: Socket.io v4 (L9 Alerts)
- Compliance: OpenSSL / RS256 JWT
- DB: PostgreSQL 15 w/ JSONB
- Isolation: Private 'railnet' bridge driver
- Persistence: L6 Evidence Volumes