Skip to content

Commit 6e39040

Browse files
Rename pillars: Visibility / Cost Tracking / Compliance
Three pillars are now the dimensions readers actually buy into: - Visibility (session traces, tool calls, git-level AI attribution) - Cost Tracking (token trends, cache, spend attribution, budgets) - Compliance (signed ledger + dev-loop policy enforcement, mapped to EU AI Act / SR 11-7 / SOX §404 / PCI-DSS / DORA) Enforcement stays — it moves under Compliance as the mechanism that produces the evidence. Hero, pillars, spotlight copy, alternatives labels, Visdom strip role, README all follow.
1 parent e3a3869 commit 6e39040

2 files changed

Lines changed: 53 additions & 53 deletions

File tree

README.md

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,23 +1,24 @@
11
# Visdom Governance
22

3-
**Audit trail + policy enforcement + FinOps for AI-assisted development.**
3+
**Visibility + cost tracking + compliance for AI-assisted development.**
44

55
Sibling of [Visdom Code Review](https://github.com/VirtusLab/visdom-code-review),
66
[Visdom Testing](https://github.com/VirtusLab/visdom-testing) and
7-
[Visdom Security](https://github.com/VirtusLab/visdom-security). Three jobs off
8-
one signed ledger:
7+
[Visdom Security](https://github.com/VirtusLab/visdom-security). Three pillars
8+
off one signed ledger:
99

10-
1. **Evidence** — Ed25519-signed, hash-chained capture of every AI session,
11-
prompt, model, tool call and edited file, with automatic secret redaction.
10+
1. **Visibility** — full session traces, tool calls and line-level AI
11+
attribution overlaid on git history.
1212

13-
2. **Enforcement** — model allowlists, sensitive-path guards, required tools,
14-
token budgets and AI-share thresholds, applied at the developer's terminal.
13+
2. **Cost tracking** — token trends, model distribution, cache hit-rate,
14+
per-team / per-PR spend attribution, hard budgets.
1515

16-
3. **Economics** — token trends, model distribution, cache hit-rate and
17-
per-team / per-PR spend attribution.
16+
3. **Compliance** — Ed25519-signed, hash-chained records and dev-loop
17+
policy enforcement (allowlists, forbidden paths, required tools, AI-share
18+
caps), mapped to EU AI Act, SR 11-7, SOX §404, PCI-DSS, DORA.
1819

19-
Powered by [TraceVault](https://tracevault.dev/), the open-source building block
20-
underneath Visdom Governance.
20+
Powered by [TraceVault](https://tracevault.dev/), the open-source building
21+
block underneath Visdom Governance.
2122

2223
## Develop
2324

src/pages/index.astro

Lines changed: 41 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,8 @@ const base = import.meta.env.BASE_URL;
1414
<span class="hero__gradient">Governance</span>
1515
</h1>
1616
<p class="hero__subtitle">
17-
Record what AI does. Enforce what it may do. See what it costs.
18-
A signed audit trail, dev-loop policy guardrails and FinOps for AI-assisted development &mdash; one ledger, one control plane.
17+
Visibility into AI-assisted work. Cost tracking attributed to the PR that caused it.
18+
Compliance evidence signed into one ledger &mdash; three pillars, one source of truth.
1919
</p>
2020
<div class="hero__buttons">
2121
<a href="#tracevault" class="btn btn--primary">Open TraceVault</a>
@@ -90,41 +90,41 @@ const base = import.meta.env.BASE_URL;
9090
<!-- ============ Three Pillars ============ -->
9191
<section class="pillars-section" id="capabilities">
9292
<div class="pillars-section__inner">
93-
<h2 class="section-heading">Three jobs, one ledger</h2>
93+
<h2 class="section-heading">Three pillars, one ledger</h2>
9494
<p class="section-subtitle">
95-
Record everything the AI does. Enforce what it may do. Show what it costs &mdash;
96-
all from the same signed chain, so the three stories never disagree.
95+
See what AI does. Track what it costs. Prove it to a regulator &mdash; all from the
96+
same signed chain, so the three stories never disagree.
9797
</p>
9898
<div class="pillars-grid pillars-grid--three">
9999
<div class="pillar-card">
100-
<span class="pillar-card__label">Evidence</span>
101-
<h3 class="pillar-card__title">Signed audit trail</h3>
100+
<span class="pillar-card__label">Visibility</span>
101+
<h3 class="pillar-card__title">See every AI-assisted change</h3>
102102
<p class="pillar-card__desc">
103-
Every AI session, prompt, tool call and edited line is captured, hash-chained and
104-
Ed25519-signed. The record you hand to an auditor is the same record the system uses
105-
to detect tampering.
103+
Full session traces, tool calls and line-level AI attribution, overlaid on the
104+
git history. You can answer &ldquo;which model wrote this line, under which prompt?&rdquo;
105+
without opening a ticket with the vendor.
106106
</p>
107-
<p class="pillar-card__meta">Ed25519 &middot; append-only &middot; hash-chained</p>
107+
<p class="pillar-card__meta">Session traces &middot; tool calls &middot; git-level attribution</p>
108108
</div>
109109
<div class="pillar-card">
110-
<span class="pillar-card__label">Enforcement</span>
111-
<h3 class="pillar-card__title">Guardrails at the point of use</h3>
110+
<span class="pillar-card__label">Cost Tracking</span>
111+
<h3 class="pillar-card__title">FinOps for AI-assisted code</h3>
112112
<p class="pillar-card__desc">
113-
Model allowlists, sensitive-path guards, required tools and AI-share thresholds are
114-
enforced in the developer's terminal &mdash; before a prompt ever reaches a vendor &mdash;
115-
and every decision lands in the same signed ledger.
113+
Token trends, model distribution, cache hit-rate and spend attributed to session,
114+
author, team and PR. Hard per-session and per-team budgets stop runaway sessions
115+
before they land on the invoice.
116116
</p>
117-
<p class="pillar-card__meta">Shift-left &middot; dev-loop native &middot; auto-logged</p>
117+
<p class="pillar-card__meta">Per-PR spend &middot; cache savings &middot; hard budgets</p>
118118
</div>
119119
<div class="pillar-card">
120-
<span class="pillar-card__label">Economics</span>
121-
<h3 class="pillar-card__title">FinOps for AI-assisted code</h3>
120+
<span class="pillar-card__label">Compliance</span>
121+
<h3 class="pillar-card__title">Signed evidence, enforced policy</h3>
122122
<p class="pillar-card__desc">
123-
Token spend, model distribution, cache hit-rate and team-level usage, attributed down
124-
to the session and the PR. Hard budgets stop runaway sessions; dashboards show where
125-
the invoice actually came from.
123+
Every entry is hash-chained and Ed25519-signed. Policy &mdash; allowlists, forbidden
124+
paths, required tools, AI-share caps &mdash; is enforced in the dev loop and logged
125+
on the same chain. Mapped to EU AI Act, SR 11-7, SOX &sect;404, PCI-DSS, DORA.
126126
</p>
127-
<p class="pillar-card__meta">Per-team &middot; per-model &middot; per-PR attribution</p>
127+
<p class="pillar-card__meta">Ed25519 &middot; append-only &middot; framework-mapped</p>
128128
</div>
129129
</div>
130130
</div>
@@ -138,26 +138,25 @@ const base = import.meta.env.BASE_URL;
138138
<h2>A flight recorder for AI-assisted development</h2>
139139
<p>
140140
TraceVault is the open-source building block underneath Visdom Governance. It sits in the
141-
developer's environment and feeds three streams off a single source of truth: an
142-
<strong>audit ledger</strong>, a <strong>policy engine</strong>, and a
143-
<strong>cost &amp; usage analyzer</strong>.
141+
developer's environment and feeds the three pillars off a single source of truth:
142+
<strong>visibility</strong>, <strong>cost tracking</strong> and <strong>compliance</strong>.
144143
</p>
145144
<p>
146-
<strong>Capture.</strong> Every session, prompt, model &amp; version, tool call, token spend
147-
and edited file is recorded &mdash; with automatic secret redaction before anything is written.
148-
Entries are hashed, chained and Ed25519-signed; the log is append-only, so a single altered
149-
byte breaks the chain.
145+
<strong>See.</strong> Every session, prompt, model &amp; version, tool call, edited file
146+
and resulting commit is captured &mdash; with automatic secret redaction. A git-integrated
147+
browser overlays AI attribution line by line, so visibility isn't a separate report but a
148+
layer on the code you already read.
150149
</p>
151150
<p>
152-
<strong>Enforce.</strong> A policy file in the repo declares which models are permitted,
153-
which paths are off-limits, the token budget per session, the tools that must be present,
154-
and the maximum share of AI-authored lines per PR. Violations are blocked at the edge and
155-
logged with the same signed chain &mdash; no separate "did the policy run?" question.
151+
<strong>Count.</strong> The same ledger powers dashboards for token trends, model
152+
distribution, cache hit-rate and cost per team / per PR. Hard per-session and per-team
153+
budgets cut off runaway sessions at the edge &mdash; the FinOps number is the audit number.
156154
</p>
157155
<p>
158-
<strong>Analyze.</strong> The same ledger powers dashboards for token trends, model
159-
distribution, cost per team and per PR, and cache hit-rate &mdash; so the AI invoice lines
160-
up with the engineering work that caused it, not with a seat licence.
156+
<strong>Prove.</strong> Entries are hashed, chained and Ed25519-signed; the log is
157+
append-only, so a single altered byte breaks the chain. Policy (allowlists, forbidden
158+
paths, required tools, AI-share caps) is enforced in the dev loop and logged on the same
159+
chain &mdash; producing framework-mapped evidence instead of a "did the policy run?" gap.
161160
</p>
162161
<p>
163162
Open source, self-hosted, free forever for the community edition. The enterprise edition
@@ -358,23 +357,23 @@ const base = import.meta.env.BASE_URL;
358357
</p>
359358
<div class="alt-grid">
360359
<div class="alt-card">
361-
<p class="alt-card__label">Evidence + Enforcement</p>
360+
<p class="alt-card__label">Visibility + Compliance</p>
362361
<h3 class="alt-card__title">vs audit / policy alternatives</h3>
363362
<ul class="alt-card__list">
364363
<li><strong>Vendor dashboards</strong> &mdash; usage per seat; not tamper-proof, not portable, not a policy engine.</li>
365364
<li><strong>Policy PDFs</strong> &mdash; "developers must only use approved models." Unenforced by definition.</li>
366365
<li><strong>Git hooks / DLP</strong> &mdash; catch one slice, after the fact, with no record of the policy in force at the time.</li>
367-
<li><strong>TraceVault</strong> &mdash; open source, Ed25519-signed hash chain; captures session + code + tool + budget; enforces policy in the dev loop.</li>
366+
<li><strong>TraceVault</strong> &mdash; open source, Ed25519-signed hash chain; session + tool + code + attribution; enforces policy in the dev loop.</li>
368367
</ul>
369368
</div>
370369
<div class="alt-card">
371-
<p class="alt-card__label">Economics</p>
370+
<p class="alt-card__label">Cost Tracking</p>
372371
<h3 class="alt-card__title">vs FinOps alternatives</h3>
373372
<ul class="alt-card__list">
374373
<li><strong>Vendor billing CSV</strong> &mdash; monthly total per workspace; no attribution to team, PR or session.</li>
375374
<li><strong>Cloud cost tools</strong> &mdash; solve infrastructure spend; blind to token economics and cache behaviour.</li>
376375
<li><strong>Spreadsheet tracking</strong> &mdash; out of date the day after it's exported; no hard budget enforcement.</li>
377-
<li><strong>TraceVault</strong> &mdash; per-session spend attribution, cache hit-rate, team budgets &mdash; hard-enforced and signed into the same chain.</li>
376+
<li><strong>TraceVault</strong> &mdash; per-session spend attribution, cache hit-rate, hard team budgets &mdash; signed into the same chain.</li>
378377
</ul>
379378
</div>
380379
</div>
@@ -478,7 +477,7 @@ const base = import.meta.env.BASE_URL;
478477
</a>
479478
<a href={`${base}`} class="visdom-strip__item visdom-strip__item--active">
480479
<span class="visdom-strip__item-name">Governance</span>
481-
<span class="visdom-strip__item-role">Audit, Policy &amp; Cost</span>
480+
<span class="visdom-strip__item-role">Visibility, Cost &amp; Compliance</span>
482481
</a>
483482
</div>
484483
</div>

0 commit comments

Comments
 (0)