WDP · Advana · CDAO · Agentic AI
Verifiable AI Assurance
for the War Data Platform era.
The Jan-2026 DoD memo restructuring Advana into WDP calls for agentic AI + enhanced auditability. a11oy is the governance + verifiable-provenance overlay that produces the auditability evidence CDAO/RMF demands — one cryptographically signed receipt per AI decision, buyer-verifiable offline.
Honest status: a11oy is the assurance overlay — NOT an ATO-authorized system.
ATO / IL5 / FedRAMP-High accreditation: ROADMAP.
Stated plainly — the honesty is the sell to an auditor audience.
DSSE Signed Receipts · LIVE
WebCrypto Verify · LIVE
Policy Gates · LIVE
ATO / IL5 / FedRAMP · ROADMAP
a11oy = Overlay · NOT Replacement
B
CDAO / DoD AI Assurance Requirements Matrix
Each row: a real CDAO/DoD/OMB requirement → the a11oy artifact that satisfies it,
with honest status. ROADMAP items are labeled plainly — no fabricated compliance.
Loading assurance matrix from /api/a11oy/v1/assurance/matrix…
Status key:
LIVE operational today ·
MEASURED real data ·
SAMPLE demo only ·
MODELED model-derived ·
ROADMAP planned / not yet delivered
Auditor Evidence Pack
One signed, offline-verifiable JSON bundling the assurance matrix, khipu chain heads
(re-walked
links_intact), the lake health snapshot, and the doctrine
snapshot — self-hashed with sha3_256 so an auditor re-verifies offline.
Honest: integrity is COMPUTED, not asserted; signature is the demo key (NOT production cosign).
C
Live Proof: Run → Sign → Verify Yourself
Run a governed inference → receive a DSSE-signed Khipu receipt →
verify the ECDSA-P256 signature in-browser via WebCrypto (zero server round-trip for verification).
D
WILLAY — Signed Refusals for Defense
An agent that can refuse — and prove why, signed.
Critical for agentic AI in defense: every denial is a
cryptographically-signed, auditable artifact.
What Makes a Signed Refusal Different
"They hide the governor; we sign and show it."
Black-box decision-intelligence agents cannot prove why they refused.
WILLAY produces a DSSE-signed denial receipt that any auditor can verify.
Every WILLAY denial embeds: the triggering gate name, the Λ advisory score (Conjecture 1 label), the hash-chain link (prev→digest), and the timestamp — all under ECDSA-P256 signature. The authorization package has a machine-verifiable TEVV artifact for every denied call, not just allowed ones.
Signed denial receipts · LIVE
Λ Conjecture 1 — advisory
Auditor-verifiable offline
Open WILLAY — Signed Refusals →
E
Where a11oy Fits with WDP / Foundry / Databricks
a11oy is the trust and assurance overlay. The data platform stays the system of record.
These are complementary layers, not competitors.
a11oy IS
Governance + verifiable-provenance overlay on top of any data platform
a11oy IS
Cryptographic, buyer-verifiable receipt emitter per AI decision
a11oy IS
Honest assurance evidence (TEVV artifacts, model card, data labels)
a11oy IS
Signed refusal explainer (WILLAY) — not a black-box boolean gate
a11oy IS NOT
A replacement for Advana / WDP (authoritative DoD financial data platform)
a11oy IS NOT
A replacement for Palantir Foundry (ontology + operational lineage)
a11oy IS NOT
An accredited system (ATO / IL5 / FedRAMP-High: ROADMAP — stated plainly)
a11oy IS NOT
A certified classifier — Λ is Conjecture 1 (advisory; NOT a theorem)
The WDP wedge:
The Jan-2026 DoD memo explicitly calls for agentic AI + enhanced auditability
toward a clean FY27/FY28 audit.
Foundry shows data lineage. Unity Catalog shows column provenance.
a11oy gives you a cryptographic signature on the AI decision itself —
something the buyer can verify offline, without trusting the provider.