Every AI decision becomes a cryptographically signed, verifiable receipt — policy, reasoning, the operator, and counter-UAS on one pane of glass.
What it is
a11oy is the command platform for SZL Holdings. It unifies four surfaces that usually live in four disconnected tools — and binds them to a single, auditable record of every action.
Gates that say what an AI agent may and may not do — evaluated before any action runs, not after.
The model's chain of thought, scored against a trust floor before it is allowed to act.
The human-in-command view: live state, halts, and the one button that approves or stops.
Drone & vessel threat tracks fed into the same governed loop as everything else.
The differentiator
Every governed action emits a cryptographically signed receipt: a hash of what was decided, why, and under which policy. Anyone can re-compute the hash and confirm it was not altered — without trusting us.
An AI takes an action. A log line is written. The log can be edited, lost, or contested. To trust it, you have to trust the operator and the database behind them.
The action produces a signed receipt. The signature is over the exact decision payload. Re-hash it yourself; if one byte changed, the check fails. Trust the math, not the messenger.
Honest scope: receipts are signed with a real key where one is provisioned for that organ; otherwise the receipt carries its hash and is verifiable for integrity but not yet for issuer identity. Nothing here is a claim of FedRAMP, Iron Bank, or CMMC.
Live proof · pulled from the running platform
An unreachable organ is shown as unreachable, never green. If a probe is slow, the tile says so rather than faking a value.
Formally proven
The governed loop rests on a Lean development. Five core properties are proven theorems. The trust-score uniqueness result is honestly an open research conjecture — not a theorem — and we label it as such.
The claim that the 13-axis trust score is the unique aggregate satisfying our axioms is a research conjecture, not a theorem. The Lean development still has open goals on this result. We will not call it proven until it is.
Build provenance attestations (cosign) ship on the organ images today at SLSA L1 honest; L2 .att emitted (not independently verified) (Sigstore keyless — Fulcio cert + Rekor, verifiable via gh attestation verify / cosign verify-attestation); SLSA L3 is on the roadmap. This is not SLSA L3, FedRAMP, Iron Bank, or CMMC — and we don't say it is.
Surfaces
Policy, reasoning, operator and counter-UAS in one console. Live gates, signed receipts, and the halt button.
Enter the platform → // KILLINCHUThe maritime & airspace surface: track drones and vessels, run counter-UAS cued engagements through the same governed, signed loop.
Open Drones & Vessels →Governed inference
Every AI decision arrives with a signed receipt you can verify yourself. The trust math is a machine-checked theorem. When the model is not sure, it refuses rather than guesses. It runs on your own hardware, air-gapped if you need it.
The plain-English story. Every claim below links to the check that proves it.Each answer carries a cryptographic receipt (DSSE / ECDSA-P256). You re-check the signature in your own browser — no trust in us required.
Eight formulas (the "locked-8") are proven in Lean 4 and re-checked on every build. Honest caveat: the Λ trust score itself is Conjecture 1 — advisory, never "green", never a gate.
We meter the real energy each answer costs and write joules-per-token onto the receipt. With no hardware meter attached, it says so — we never fake the number.
Nothing runs unless policy explicitly allows it. Untrusted input is quarantined; a state-changing step can require a human to approve it first.
The whole substrate deploys on-prem with zero runtime dependency on outside services — suitable for classified and air-gapped environments. Open-weight models only.
Trust is capped (never claimed at 100%). Below the confidence bar, the system abstains and says why, rather than inventing an answer.