Public Q&A

No. OPA evaluates policy after the application decides to call it. Project-AI inverts that: the kernel refuses to execute the action at all unless nine independent gates produce a signed ALLOW. Policy is the runtime, not a sidecar a developer can forget to invoke.

Nothing stops a sufficiently-privileged operator from rewriting any system. The point is admissibility: every execution leaves a signed, hash-chained receipt with a public key ID. A run without a valid chain entry is inadmissible by construction — auditable, attributable, and rejectable downstream.

Ed25519 is the floor — fast, small, and trivial to verify offline. Transparency logs are complementary and on the roadmap (see Keys page for TSA root plans). The portal already publishes the public key ID with every receipt so external verifiers can replay the chain without trusting the issuer.

Yes. The kernel governs the execution surface, not the weights. A closed model is treated as an opaque capability: intake assigns an AC-tier, the warrant constrains which actions the model's outputs may trigger, and the audit ledger records every accepted action regardless of where inference happened.

Constitutional AI shapes a model's training objective so it self-critiques. Project-AI assumes the model will misbehave and refuses to ship the action without an external warrant. The two stack: a CAI-trained model still has to pass the nine gates before its output causes any state change.

The kernel returns a denial receipt with the failing gate, the policy version, and the canonicalised request. No partial side effects, no retry loop, no fallback path. The operator sees the exact reason and can either amend the warrant or escalate to triumvirate review.