MANIFESTO

Your AI policy,
running as infrastructure.

Every enterprise has an AI policy — usually a PDF nobody can enforce. Manifesto is the governance runtime between your applications and every LLM provider: the policy is declared once, enforced on every request, and proven to any auditor.

OpenAI-compatible: point any SDK at /v1 with your app key.
No SDK migration. No provider lock-in.

RUNTIME PIPELINE · REQ 0X4F2A···9C
04sanitize_input
2.1ms
05retrieve
11.4ms
08select_provider
6.0ms
10validate_output
4.8ms
12audit
3.2ms
ALLOWrisk LOW · overhead p95 ≤ 500ms · evidence written
DECLARED

Policy as versioned law

Author once in MPL-lite. Publishing creates an immutable version; compliance packs can be tightened, never loosened. No override flag exists.

# gdpr-pii-baseline
when:
  detectors.pii: { exists: true }
  provider.region: { notEquals: eu }
then:
  verdict: deny
ENFORCED

Twelve stages, in-line

Identity, retrieval ACLs, sanitization at three points, provider routing, human review — decided during the request, not audited after it.

verdict:   allow | deny | escalate
         | require_approval
transform: redact · mask · rewrite
directive: skip_memory · block_provider
PROVEN

Evidence, not logs

Append-only audit with content hashes — never raw text by default. Per-execution exports a regulator can hold: JSON, HTML, PDF.

audit_id:  0x4f2a···9c
prompt:    sha256 a3f81c···77b2
policy:    gdpr-pii-baseline v1
retention: regulatory · 7y · append-only
12PIPELINE STAGES
6RUNTIME ENDPOINTS
5CI-BLOCKING GATES
≤500msOVERHEAD P95 SLO
SHA-256CONTENT HASHES
RUNTIME STATUS CHECKING… checking runtime components…