AuthorityRailExecution Authority Infrastructure
§8 The Foundation

The AuthorityRail Standards Foundation — Independent Governance

AuthorityRail’s twenty open standards are administered by the AuthorityRail Standards Foundation (ASFC-v1) — an independent public governance body with cryptographic primitive consistency rules, a 12-month compatibility window, three-external-reviewer engagement requirements per standard advancement, and the no-duplicate-primitive rule added per Path B Resolution Execution Report 2026-04-30. The independence matters at procurement: Microsoft Agent Governance Toolkit is open-source-but-Microsoft-owned. AuthorityRail Standards Foundation is independent. Customers in regulated verticals procurement-evaluate the difference. Foundation portfolio advanced from seventeen to nineteen standards on 2026-04-30 (SRI-v1 + DRI-v1 from Draft to Tier 2 Published per ASFC-v1 §3.1) and from nineteen to twenty on 2026-05-01 with WARS-v1.2 (human-vs-agent identity boundary) and ARES-v1.3 (economic_records sealed-field block on the CAR).

Open standards portfolio

  • Twenty Foundation standards (advanced from seventeen on 2026-04-30 with SRI-v1 + DRI-v1; to twenty on 2026-05-01 with WARS-v1.2, ARES-v1.3, ARRS-v1.2 (Token Rail Fully Built), and ARSS-v1 (Risk Rail Fully Built))
  • ARES-v1.3 as the canonical Certified Action Record format (with the economic_records sealed-field block)
  • ARRS-v1.2 hardware-bound runtime authentication across six attestation surfaces (TPM 2.0, AWS Nitro, GCP Confidential, Azure Confidential, Apple Secure Enclave, Android StrongBox)
  • ARSS-v1 deterministic Authority Risk Scoring with 74-vector executable conformance suite
  • 10 of 10 industry rails Fully Built — Authority, Identity, Workforce, Voice, Verifier, Compliance, Standards Foundation, Observability, Token, Risk
  • Seven trust domains with operational separation
  • Cryptographic primitive consistency: Ed25519 over COSE_Sign1
  • 12-month compatibility window per ASFC-v1 §3.3
  • All standards published at authorityrail.com/standards
  • Reproducible test vectors for ARES-v1.3 + ADES-v1 (other eighteen ship in v1.0.1)

Independent Foundation governance

  • Foundation Charter at standards/asfc-v1/SPEC.md
  • Three external reviewers per standard advancement
  • Cryptographer review engagement target: Trail of Bits, NCC Group, Cure53, or Filippo Valsorda (engagement pending)
  • Foundation reviewer engagement under ASFC-v1 §3 (engagement pending)
  • Independent of any single vendor — Microsoft Agent Governance Toolkit is open-source-but-Microsoft-owned; AuthorityRail Standards Foundation is independent
  • Public administration of standards portfolio + federation manifests
  • Public reproducibility commitments

Independent verification

  • Verification console runs entirely client-side
  • Customers can verify any CAR without involving AuthorityRail’s servers
  • Federation manifest verification for all seven trust domains
  • Reproducibility Guide with clean-install verification commands
  • Mapped, not yet third-party audited (honest disclosure)
  • Foundation transparency commitment
  • Empire module inventory at standards/audits/empire-module-inventory-2026-04.md is the canonical evidence document
Read the Foundation Charter
§9 Reproducibility

Verify it yourself

AuthorityRail’s architectural quality posture is procurement-grade: every claim is verifiable independently. Clone the repo, run the canonical reproduction commands, verify any CAR against the federation manifest. The Standards Site verification console runs entirely client-side — no trust required in AuthorityRail’s servers.

Step 1 — Clone the repo
git clone https://github.com/AuthorityRail-ai/authorityrail.git
cd authorityrail
npm install --include=dev
Step 2 — Run the test vectors
npx tsx packages/axap/scripts/verify-test-vectors.ts ares-v1.2
npx tsx packages/axap/scripts/verify-test-vectors.ts ades-v1
Step 3 — Verify any CAR
curl -s https://[customer-gateway]/v1/cars/[car_id] \
  | npx tsx packages/axap/scripts/verify-car.ts

Honest engagement status

Cryptographic primitive reviewPending — engagement target Trail of Bits / NCC Group / Cure53 / Filippo Valsorda
Foundation reviewer engagementPending per ASFC-v1 §3
Production-shape benchmarksShipping post-launch per PRODUCTION_SHAPE_ROADMAP.md
Test vectors for fifteen standardsShipping in v1.0.1
First three pilot customersIn deployment phase
False-positive telemetryShipping after first 90 days of pilot deployment

None of these engagements is hidden. All are surfaced openly, with honest timelines. AuthorityRail’s architectural quality posture is the procurement signal that distinguishes the Foundation from vendors making category claims without substance.

Read the Reproducibility Guide