Design partner proof packet

One agent, one constitution, one proof packet.

This is the access-gated buyer path: pick the framework or CI lane the team already uses, then prove the boundaries that matter under one policy. The strongest design-partner demo blocks a dangerous tool call, branches a database, and runs protected compute into the same evidence packet.

Request access Pick adopter path View auditor sample

Packet contents

What the auditor sample contains.

Constitution evidenceThe same policy revision and decision context across action, data, and compute boundaries.

Adapter evidenceFramework wrapper, strict tool list, install command, and certification lane result.

Runtime evidenceAllowed call, blocked call, halt state, decision headers, and proof digest.

CI evidenceGitLab or Vercel hosted run when applicable; otherwise a local scanner artifact.

Database evidenceGoverned branch metadata, source-isolation checks, query result scope, and cleanup proof when data is in scope.

Compute evidenceProtected run metadata, attestation, digest, finite output/loss signals, and zeroized cleanup when compute is in scope.

Audit chainOrdered entries carry previousHash, canonicalPayloadHash, entryHash, and one final chain root.

Buyer packetOne auditor-redacted markdown or JSON packet the security reviewer can inspect without logging into a console.

Current proof packet

LangChain adapter

Focused 4/4 LangChain proof covers Python and TypeScript wrapped tools, agent tool-loop middleware, ToolNode, and original-tool LangSmith traceable wrappers.

OpenAI Agents adapter

Focused 4/4 OpenAI Agents SDK proof covers Python and TypeScript wrapped function tools retained inside Agent tool lists, JS action aliases for SDK-normalized names, and raw tool-loop guards.

Hosted adopters

Dify, Flowise, n8n, Zapier MCP, and Botpress have hosted proof artifacts with one allowed body call and zero body calls on the blocked path.

Design-partner proof

The buyer-flow packet combines allowed/blocked runtime evidence, scanner output, DB branch proof, protected compute evidence, redaction manifest, and chain root once an approved workspace exists.

Auditor sample

The public sample packet shows the digest shape now: blocked-before-body, source untouched, protected compute metadata, SHA-256 chain root, and downloadable JSON sidecar.

MCP authority

Local MCP client and Claude/Cursor/Windsurf config lanes passed; remote HTTP MCP remains an additional hosted endpoint proof.

Pilot command shape

# Pick the closest adopter path
imladri init --framework <framework> --ci-provider <gitlab|vercel>

# Certify the wrapper and scan the repo locally
imladri sdk certify --real --target <framework>
imladri scan --path . --fail-on new

# Export the review packet for approved buyer evidence
imladri proof export --format json --output imladri-proof.json

The public site does not create customer accounts. The cross-boundary packet stays private until an approved design partner has a real side effect, database branch, or compute job to prove.