@@ -14,8 +14,8 @@ const base = import.meta.env.BASE_URL;
1414 <span class =" hero__gradient" >Governance</span >
1515 </h1 >
1616 <p class =" hero__subtitle" >
17- Record what AI does. Enforce what it may do. See what it costs .
18- A signed audit trail, dev-loop policy guardrails and FinOps for AI-assisted development — one ledger , one control plane .
17+ Visibility into AI-assisted work. Cost tracking attributed to the PR that caused it .
18+ Compliance evidence signed into one ledger — three pillars , one source of truth .
1919 </p >
2020 <div class =" hero__buttons" >
2121 <a href =" #tracevault" class =" btn btn--primary" >Open TraceVault</a >
@@ -90,41 +90,41 @@ const base = import.meta.env.BASE_URL;
9090 <!-- ============ Three Pillars ============ -->
9191 <section class =" pillars-section" id =" capabilities" >
9292 <div class =" pillars-section__inner" >
93- <h2 class =" section-heading" >Three jobs , one ledger</h2 >
93+ <h2 class =" section-heading" >Three pillars , one ledger</h2 >
9494 <p class =" section-subtitle" >
95- Record everything the AI does. Enforce what it may do. Show what it costs —
96- all from the same signed chain, so the three stories never disagree.
95+ See what AI does. Track what it costs. Prove it to a regulator — all from the
96+ same signed chain, so the three stories never disagree.
9797 </p >
9898 <div class =" pillars-grid pillars-grid--three" >
9999 <div class =" pillar-card" >
100- <span class =" pillar-card__label" >Evidence </span >
101- <h3 class =" pillar-card__title" >Signed audit trail </h3 >
100+ <span class =" pillar-card__label" >Visibility </span >
101+ <h3 class =" pillar-card__title" >See every AI-assisted change </h3 >
102102 <p class =" pillar-card__desc" >
103- Every AI session, prompt , tool call and edited line is captured, hash-chained and
104- Ed25519-signed. The record you hand to an auditor is the same record the system uses
105- to detect tampering .
103+ Full session traces , tool calls and line-level AI attribution, overlaid on the
104+ git history. You can answer “ which model wrote this line, under which prompt? ”
105+ without opening a ticket with the vendor .
106106 </p >
107- <p class =" pillar-card__meta" >Ed25519 · append-only · hash-chained </p >
107+ <p class =" pillar-card__meta" >Session traces · tool calls · git-level attribution </p >
108108 </div >
109109 <div class =" pillar-card" >
110- <span class =" pillar-card__label" >Enforcement </span >
111- <h3 class =" pillar-card__title" >Guardrails at the point of use </h3 >
110+ <span class =" pillar-card__label" >Cost Tracking </span >
111+ <h3 class =" pillar-card__title" >FinOps for AI-assisted code </h3 >
112112 <p class =" pillar-card__desc" >
113- Model allowlists, sensitive-path guards, required tools and AI-share thresholds are
114- enforced in the developer's terminal — before a prompt ever reaches a vendor —
115- and every decision lands in the same signed ledger .
113+ Token trends, model distribution, cache hit-rate and spend attributed to session,
114+ author, team and PR. Hard per-session and per-team budgets stop runaway sessions
115+ before they land on the invoice .
116116 </p >
117- <p class =" pillar-card__meta" >Shift-left · dev-loop native · auto-logged </p >
117+ <p class =" pillar-card__meta" >Per-PR spend · cache savings · hard budgets </p >
118118 </div >
119119 <div class =" pillar-card" >
120- <span class =" pillar-card__label" >Economics </span >
121- <h3 class =" pillar-card__title" >FinOps for AI-assisted code </h3 >
120+ <span class =" pillar-card__label" >Compliance </span >
121+ <h3 class =" pillar-card__title" >Signed evidence, enforced policy </h3 >
122122 <p class =" pillar-card__desc" >
123- Token spend, model distribution, cache hit-rate and team-level usage, attributed down
124- to the session and the PR. Hard budgets stop runaway sessions; dashboards show where
125- the invoice actually came from .
123+ Every entry is hash-chained and Ed25519-signed. Policy — allowlists, forbidden
124+ paths, required tools, AI-share caps — is enforced in the dev loop and logged
125+ on the same chain. Mapped to EU AI Act, SR 11-7, SOX § 404, PCI-DSS, DORA .
126126 </p >
127- <p class =" pillar-card__meta" >Per-team · per-model · per-PR attribution </p >
127+ <p class =" pillar-card__meta" >Ed25519 · append-only · framework-mapped </p >
128128 </div >
129129 </div >
130130 </div >
@@ -138,26 +138,25 @@ const base = import.meta.env.BASE_URL;
138138 <h2 >A flight recorder for AI-assisted development</h2 >
139139 <p >
140140 TraceVault is the open-source building block underneath Visdom Governance. It sits in the
141- developer's environment and feeds three streams off a single source of truth: an
142- <strong >audit ledger</strong >, a <strong >policy engine</strong >, and a
143- <strong >cost & usage analyzer</strong >.
141+ developer's environment and feeds the three pillars off a single source of truth:
142+ <strong >visibility</strong >, <strong >cost tracking</strong > and <strong >compliance</strong >.
144143 </p >
145144 <p >
146- <strong >Capture .</strong > Every session, prompt, model & version, tool call, token spend
147- and edited file is recorded — with automatic secret redaction before anything is written.
148- Entries are hashed, chained and Ed25519-signed; the log is append-only , so a single altered
149- byte breaks the chain .
145+ <strong >See .</strong > Every session, prompt, model & version, tool call, edited file
146+ and resulting commit is captured — with automatic secret redaction. A git-integrated
147+ browser overlays AI attribution line by line , so visibility isn't a separate report but a
148+ layer on the code you already read .
150149 </p >
151150 <p >
152- <strong >Enforce.</strong > A policy file in the repo declares which models are permitted,
153- which paths are off-limits, the token budget per session, the tools that must be present,
154- and the maximum share of AI-authored lines per PR. Violations are blocked at the edge and
155- logged with the same signed chain — no separate "did the policy run?" question.
151+ <strong >Count.</strong > The same ledger powers dashboards for token trends, model
152+ distribution, cache hit-rate and cost per team / per PR. Hard per-session and per-team
153+ budgets cut off runaway sessions at the edge — the FinOps number is the audit number.
156154 </p >
157155 <p >
158- <strong >Analyze.</strong > The same ledger powers dashboards for token trends, model
159- distribution, cost per team and per PR, and cache hit-rate — so the AI invoice lines
160- up with the engineering work that caused it, not with a seat licence.
156+ <strong >Prove.</strong > Entries are hashed, chained and Ed25519-signed; the log is
157+ append-only, so a single altered byte breaks the chain. Policy (allowlists, forbidden
158+ paths, required tools, AI-share caps) is enforced in the dev loop and logged on the same
159+ chain — producing framework-mapped evidence instead of a "did the policy run?" gap.
161160 </p >
162161 <p >
163162 Open source, self-hosted, free forever for the community edition. The enterprise edition
@@ -358,23 +357,23 @@ const base = import.meta.env.BASE_URL;
358357 </p >
359358 <div class =" alt-grid" >
360359 <div class =" alt-card" >
361- <p class =" alt-card__label" >Evidence + Enforcement </p >
360+ <p class =" alt-card__label" >Visibility + Compliance </p >
362361 <h3 class =" alt-card__title" >vs audit / policy alternatives</h3 >
363362 <ul class =" alt-card__list" >
364363 <li ><strong >Vendor dashboards</strong > — usage per seat; not tamper-proof, not portable, not a policy engine.</li >
365364 <li ><strong >Policy PDFs</strong > — "developers must only use approved models." Unenforced by definition.</li >
366365 <li ><strong >Git hooks / DLP</strong > — catch one slice, after the fact, with no record of the policy in force at the time.</li >
367- <li ><strong >TraceVault</strong > — open source, Ed25519-signed hash chain; captures session + code + tool + budget ; enforces policy in the dev loop.</li >
366+ <li ><strong >TraceVault</strong > — open source, Ed25519-signed hash chain; session + tool + code + attribution ; enforces policy in the dev loop.</li >
368367 </ul >
369368 </div >
370369 <div class =" alt-card" >
371- <p class =" alt-card__label" >Economics </p >
370+ <p class =" alt-card__label" >Cost Tracking </p >
372371 <h3 class =" alt-card__title" >vs FinOps alternatives</h3 >
373372 <ul class =" alt-card__list" >
374373 <li ><strong >Vendor billing CSV</strong > — monthly total per workspace; no attribution to team, PR or session.</li >
375374 <li ><strong >Cloud cost tools</strong > — solve infrastructure spend; blind to token economics and cache behaviour.</li >
376375 <li ><strong >Spreadsheet tracking</strong > — out of date the day after it's exported; no hard budget enforcement.</li >
377- <li ><strong >TraceVault</strong > — per-session spend attribution, cache hit-rate, team budgets — hard-enforced and signed into the same chain.</li >
376+ <li ><strong >TraceVault</strong > — per-session spend attribution, cache hit-rate, hard team budgets — signed into the same chain.</li >
378377 </ul >
379378 </div >
380379 </div >
@@ -478,7 +477,7 @@ const base = import.meta.env.BASE_URL;
478477 </a >
479478 <a href ={ ` ${base } ` } class =" visdom-strip__item visdom-strip__item--active" >
480479 <span class =" visdom-strip__item-name" >Governance</span >
481- <span class =" visdom-strip__item-role" >Audit, Policy & Cost </span >
480+ <span class =" visdom-strip__item-role" >Visibility, Cost & Compliance </span >
482481 </a >
483482 </div >
484483 </div >
0 commit comments