© 2026 LyDos · Stop prompting. Start orchestrating.
Trust Center
Audit-linked claims, not marketing
Every capability number, compliance posture, and roadmap line on this site is anchored to a file in the repo — a manifest field, a typed loader, an audit artifact. The list below is the navigation; under it is the Sprint 37 audit artefact inventory so customers + procurement can dive straight to evidence.
Şeffaflık — Bugün gerçek · Yol haritasında
Production-shipped capabilities (audit-verified) vs roadmap commitments (not yet shipped). Multi-region, FedRAMP, FDA SaMD — what's deployed, what isn't, why.
120 agents · 13 sovereign engines live→
Canonical numbers
Every capability count LYDOS quotes externally, rendered verbatim from manifest/canonical-stats.json. Anti-drift transparency for procurement.
120 agents · 245 Q-engines · 12 LLM providers→
Compliance frameworks
The 14 compliance frameworks LYDOS positions itself against — each with its honest status (audited, in-scope, roadmap, will-not-pursue), rationale, and evidence pointer.
0 audited · 8 in-scope · 5 roadmap · 1 won't pursue→
GA verdict update · 2026-05-21
Same-day follow-up: after Sprint 38 + Sprint 40 + Sprint 35 absorb, Master Index probe reaches 47/50. 4/4 hard constraints green AND every soft constraint at or above threshold — verdict matrix outputs GO. Runtime cadence items sit in the controlled-beta probe schedule.
verdict GO · 47/50→
Controlled-beta readiness · 2026-05-21 (initial)
Original launch post — GA Master Index probe verdict GO_WITH_CONDITIONS at 37/50. Kept append-only; same-day GA Verdict Update supersedes the verdict.
initial · 37/50 · superseded→
Sprint visibility matrix
Per-sprint shipped artifacts, test coverage, KURAL invariants. Append-only — newest first. P1-P8 AI OS Workspace + M178/M161/sovereign baseline.
P1-P8 Workspace + sovereign stack baseline→
Disclosures · honest dated log
Public, dated record of known gaps, postmortems, corrective actions. Sprint 23 8-month passkey gap + every subsequent incident with its closing commit.
Sprint 23 honesty discipline applied→
Data residency map
22-jurisdiction posture covering KURAL 27 14-region baseline + LYDOS AIR pilot extensions. Honest 'honored / in-scope / roadmap' split.
22 jurisdiction · KURAL 27 + AIR pilots→
Sync + conflict resolution policy
WebSocket per-user channels, last-write-wins, optimistic UI rollback, reconnect semantics. Single-region today; CRDT roadmap.
LWW · WS auth fail-closed→
Sprint 37 audit artefacts
The Trust Center artefacts shipped with Sprint 37 — every phase carries its own canonical-JSON sha256 footer so a future audit can recompute and diff.
| Phase | Title | Evidence path | What it proves |
|---|---|---|---|
| Phase 1 | AI CLI vs LLM Provider canonical doc | docs/AI_CLI_VS_LLM_PROVIDER_CANONICAL.md | 6 shipped AI CLIs vs 12 backend LLM providers — the conflation that recurred across marketing surfaces. |
| Phase 2 | Number SSOT (typed canonical-stats consumer) | core/integrations/canonical_stats.py + manifest/canonical-stats.json | Cross-system invariant — Python loader fails if the manifest disagrees with the live registries. |
| Phase 3 | 14-framework compliance canonical | core/integrations/compliance_frameworks.py | KURAL 13 honesty — `audited` requires a third-party report id, `will_not_pursue` requires a stated reason. |
| Phase 4 | /api/sales/quote intake — audit-anchored | core/routes/sales_quote_routes.py | Per-/24 rate limit, ASR hash-chained audit, email sha256 fingerprint (KURAL 23 — no raw PII in the audit chain). |
| Phase 5 | RLS 100-tenant pen-test | compliance/audit/sprint-37/PHASE_5_RLS_PENTEST.md | 100 ephemeral tenants × 2 tables × 3 attempt offsets × 3 vectors = 1800 cross-tenant attempts, 0 leaks. Bypass-role guard included. |
| Phase 6 | OWASP + KSL-bypass probe suite | compliance/audit/sprint-37/PHASE_6_OWASP_KSL.md | 17 black-box probes against the live backend — security headers, auth-required 401s, SQLi pattern, KSL-bypass attempts. |
| Phase 7 | Load probe (p95 < 2000ms gate) | compliance/audit/sprint-37/PHASE_7_LOAD.md | Short-burst CI gate (20 vUsers × 6s) + k6 soak runner (100 vUsers × 30 min) — both hit the same p95/p99 thresholds. |
| Phase 8 | Multi-page smoke matrix | compliance/audit/sprint-37/PHASE_8_SMOKE.md | Per-page structural checks — canonical link, 11-locale hreflang, Schema.org JSON-LD presence where required. |
| Phase 9 | Deployment-readiness gate | compliance/audit/sprint-37/PHASE_9_DEPLOY_GATE.md | 8 critical assertions consuming every Phase 1–8 artifact. Pre-deploy rollup; fails loud if any phase artifact is stale. |
Pre-deploy rollup: scripts/sprint37_phase9_deploy_gate.py consumes every artefact above and fails the build if any Phase verdict regresses, the canonical manifest drifts from the live LLM registry, or marketing claims a count that doesn’t match the manifest. Pass = green-light to ship; fail = stop the merge.