00 · ABSTRACT
Every claim here carries its status, and every number its provenance.
Every claim below carries a status and a provenance class, stated exactly: an artifact you can fetch right now, an artifact rendered on this page, or an artifact available under NDA in the diligence data room. Statuses are VERIFIED, MEASURED, IN INTEGRATION, ROADMAP, or DECLARED. Every roadmap-status item we track is listed beside the verified ones.
REC 00 ▸ sha256:1ac0…1adf ▸ prev e5ec…396a ▸ build 2026-06-12T03:34Z
01 · CLAIMS LEDGER
The ledger.
Every VERIFIED row points at a real artifact you can fetch or request, never demo data. Artifacts marked UNDER NDA are available in the diligence data room; request access through the contact form below.
Ed25519 hash-chained audit trail; verification protocol and per-workspace key discovery published
Provenance
The execution layer (donmai) is open source under the MIT license
Provenance
FETCHABLE: https://github.com/RenseiAI/donmai
199 historical policy denies immutable on Rensei's own production audit chain
Provenance
UNDER NDA: audit export in the diligence data room
count as of 2026-05-21
Knowledge-graph recall on Rensei's own production sessions, Cedar-authorized and hash-chain audited
Provenance
UNDER NDA: injection-row and audit-row exports
Survival-to-posterior routing wiring
Provenance
closes during the design-partner phase
SOC 2 Type I
Provenance
this row updates when an auditor engagement letter exists
Governor hard-caps and holds
Provenance
RENDERED: fail-loop specimen on the evidence page
loop bounding today is the eight-dispatch cap
Design partners
Provenance
evaluations underway, nothing signed; an anonymized reference appears here the day a pilot converts
Company stage
Provenance
pre-revenue, one founder, design-partner phase
On-prem deployment
Provenance
FETCHABLE: /security#deployment
No audit entry from any workspace reaches a public page. The only audit data on a public surface is each workspace's Ed25519 public key, served for key discovery. The chain is keyed per workspace, isolation is enforced by per-transaction row-level security and workspace-scoped Cedar, and operator access is itself gated and audited. So a workspace verifies its own chain against its own published key without trusting Rensei. The platform runs one tenant today, Rensei's own, and the numbers above are measured on it. The same per-workspace keying is what is designed to let the verification model carry into the VPC and on-prem tiers on the roadmap.
REC 01 ▸ sha256:ed92…15f5 ▸ prev 1ac0…1adf ▸ build 2026-06-12T03:34Z
02 · DERIVATION
Four primitives, derived.
Cedar policy enforcement, hash-chained audit, fail-closed egress, and decision provenance are properties of a deterministic execution graph. None of them is a module that could have been left out.
Cedar policy enforcement
Declarative workflows compile to a durable execution graph, and every outbound tool call in that graph passes a Cedar policy-enforcement point before egress. Coverage is fixed at compilation; a step cannot route around a check the graph places in its path.
Hash-chained audit
Every event is hashed, signed with per-workspace Ed25519 keys, and linked to the event before it. The chain proves tamper-evidence and completeness against the workspace's published key, so a holder verifies it without trusting Rensei.
Fail-closed egress
A missing or failed policy ruling denies by default. The enforcement point lives in the execution path itself, so an unreachable policy engine stops state-modifying calls rather than waving them through; observation-only reads proceed and land on the audit chain.
Decision provenance
Every action binds model version, prompt, context, and policy ruling into a signed decision record. When models are nondeterministic, that binding is what makes a decision reconstructable.
The derivation is the public answer to how this is different. LLMs run as bounded operators inside workflow steps; the control loop is deterministic code. When the control loop is instead a model that can rewrite the steps it is about to run, the record of what ran is a claim, not a proof: tamper-evident audit requires a loop that cannot edit its own history. A deterministic graph forecloses that failure structurally. The structure that executed is the structure that was reviewed, and the chain that recorded it sits outside the reach of the thing it records.
REC 02 ▸ sha256:46a0…ee97 ▸ prev ed92…15f5 ▸ build 2026-06-12T03:34Z
03 · VERIFY THIS PAGE
This page can prove itself.
At build time, a script canonicalizes each chapter of this page: the rendered text plus, in order, every link target and image reference, normalized and whitespace-collapsed. Each chapter record hashes with the record before it, the doc strip under the navigation is the genesis record, and the page hash in the footer commits to all of them. The full construction, and what each verifier outcome means, is published on the verification method page.
The chain proves the prose, links, and figures you received are the ones that were built, complete and in order. It does not prove the claims true. The ledger above does that.
Yes, we hash-chained a marketing site before holding a SOC 2. The chain took a build script. The audit takes an auditor, and its status is printed in the ledger above, not paraphrased.
The verifier source is MIT licensed; the canonical copy will publish with the donmai.dev docs appendix and demonstrate against donmai.dev's own pages.
REC 03 ▸ sha256:7a0e…c263 ▸ prev 46a0…ee97 ▸ build 2026-06-12T03:34Z
04 · SEED PLAYGROUND
Determinism you can poke.
The strand below is a pure function of its seed. The default seed is this page's own record hash. Change it, re-render, change it back: the render is reproduced exactly.
The same property holds for workflow runs: graph, state transitions, and policy evaluations are deterministic and replayable. The strand generator is MIT licensed and will publish with the verifier in the donmai.dev docs appendix.
REC 04 ▸ sha256:1eaf…0fa4 ▸ prev 7a0e…c263 ▸ build 2026-06-12T03:34Z
05 · SPECIMENS
Rendered artifacts.
Live platform components rendered with declared demo data. These figures are the page's RENDERED provenance class.
Posterior distributions, Beta(α, β) per model arm
Figures are live component renders, not screenshots. Demo data.
Per-line provenance and survival measurement are live; the survival-to-posterior wiring is in active integration and closes during the design-partner phase.
Code Survival30 days after merge
Share of agent-authored lines still present at HEAD, 30 days after merge. Hot-weighted applies a soft weight to lines that are statically reachable from a user-facing entrypoint - this is static reachability, not a measure of what end users actually executed.
Per-symbol drill-down (top 10)
Audit log
meridian-robotics/assembly-toolingdemo data · Jun 9, 2026 · UTC- genesis000000…000000
- 13:58:07Issue acceptedintake-serviceMER-2841 · Gripper calibration drifts after firmware flash · P2000000…000000d3c0de…b8656b
- 14:02:31Plan approvedm.alvarez3-step plan · scope: services/calibration · est. smalld3c0de…b8656bd3c0de…22eacd
- Decision
dec_d3c0de24dd1cbinds the model, prompt envelope, retrieved context, and policy ruling to one signed audit entry.Modelclaude-sonnet-4-5version: claude-sonnet-4-5-20250929Prompt envelopetemplate: implementer.dispatch@v12sha256: d3c0dee3c9…b067e2f5d9tokens: 2,113 system · 18,402 inputtools granted: git, fs.write (services/calibration/**), test-runnerRetrieved contextmemobs_mem_a41f2c - “Calibration offsets are written by flash.ts, not the EEPROM map” · w 0.82fileservices/calibration/flash.ts · w 0.74filedocs/runbooks/gripper-calibration.md · w 0.61issueMER-2841 · intake thread (4 messages)Policy ruling · CedarALLOWfleet.dispatch.scoped-write@v7matched rules: allow-implementer-scoped-write, require-branch-isolationpolicy hash: d3c0deebfd…e103274083Cryptographic proofentry hash: d3c0deede1f3360c9c77bee1e4bfbe8cb2eb073fd81df5d241c11d8573ebca0fsequence: 4183signature:ed25519 · DEMOSIGqNdHF/pEQtKdTnhST…(key meridian-audit-2026a)Merkle inclusion: leaf 4183 / tree size 4,187 - 14:19:12Implementation completeimplementer/mr-fleet-02+214 −38 across 6 files · tests green · branch agent/mer-2841d3c0de…ebca0fd3c0de…e52bab
- 14:31:58Review approvedk.tanaka2 comments resolved · approved for merged3c0de…e52babd3c0de…5945d7
- 14:32:20Change mergedmerge-botmerge d3c0de1 → main · checks greend3c0de…5945d7d3c0de…3c339d
- 14:35:00Merkle checkpointaudit-serviceroot sealed · tree size 4,187 · signedd3c0de…3c339dd3c0de…845dc2
- t+0.0s
ACCEPTANCEFAILED
The acceptance gate fails REN-demo: tighten retry policy.
- t+0.4s
STATEAUTO-REJECTED
The issue is auto-rejected. No human dispatch is required to close the loop.
- t+5.1s
DISPATCH3 OF 8
Refinement dispatches in about five seconds, parked behind the active session.
- t+5.2s
RECORDON CHAIN
The transition lands on the audit chain, signed and linked to the event before it.
dispatch cap: 8per issue, enforced today · governor-level hard caps and holds: ROADMAP · ledger row ↑
REC 05 ▸ sha256:0701…43a4 ▸ prev 1eaf…0fa4 ▸ build 2026-06-12T03:34Z
06 · VELOCITY
Built by one founder and the fleet under review.
The git history is the record.
3,849
commits across 15 repos, public and private · fetched 2026-06-11
298
releases · fetched 2026-06-11
121
days · fetched 2026-06-11
REC 06 ▸ sha256:1b3d…3880 ▸ prev 0701…43a4 ▸ build 2026-06-12T03:34Z
07 · RUN YOUR OWN
Bring your own benchmark.
The most credible number for your evaluation is one produced on your workload. We run scoped benchmark engagements under NDA: a workload you define, a written methodology your team can check, and a measured result you keep.
Disclosure stays in your hands; nothing is published without your sign-off. Start below.
REC 07 ▸ sha256:4e09…860c ▸ prev 1b3d…3880 ▸ build 2026-06-12T03:34Z
08 · CONTACT
Request the artifacts.
UNDER NDA artifacts ship from the diligence data room. One founder reads this inbox, and every request for the artifacts gets a reply.
REC 08 ▸ sha256:2b04…606b ▸ prev 4e09…860c ▸ build 2026-06-12T03:34Z