Governance-first AI infrastructure
Governance before generation.
Every time.
Deterministic authority resolution, governed retrieval, and tamper-evident audit — the invisible infrastructure your AI stack is missing.
The four invariants
- › No authority → no retrieval
- › No eligible evidence → no context
- › No governed evidence → no generation
- › No audit commit → no allow
What we don't do
Four things every RAG vendor sells.
Four things we refuse to build.
Data residency
Your content stays with you.
TenantSage stores governance metadata only — never chunks, never embeddings, never raw text. Documents live in your storage, on your keys, under your compliance boundary.
Audit truth
Hashes only. No payloads.
The evidence ledger records SHA-256 hashes of every decision, retrieval, and response. Auditors get a verifiable chain without your data ever leaving your control.
Fail-closed
No commit, no allow.
Audit writes are synchronous and blocking on the request's critical path. If the evidence ledger can't commit, the request is denied. No fire-and-forget.
Structural, not optional
Legal hold cannot be flag-flipped.
Tenant boundary and legal hold are enforced by the query structure, not by a boolean the app layer can bypass. Governance is a schema property, not a feature.
The problem
Every AI product ships without three things
that regulated buyers demand.
Auth-you-can-prove
AI features ship with role checks in the app layer that can't be replayed for an audit six months later. Regulated buyers reject that.
Retrieval-you-can-audit
RAG pipelines pull evidence via ad-hoc filters. When something leaks, nobody can point at the moment the boundary was crossed.
Generation-you-can-replay
LLM responses depend on context assembled at request time. Without deterministic provenance, there's no way to prove what the model saw.
How it works
DAR → EEB → Audit.
No shortcuts.
Three deterministic stages. Every one produces a hash. Every hash chains to the next. The whole path is replayable from a Postgres snapshot.
01
Authority (DAR)
Deterministic Authority Resolution
Every request is bound to a user, tenant, and scope before any retrieval touches your data. Authority decisions are hashed, tied to identity, and stored append-only.
$ authority_decisions
02
Eligible Evidence Boundary (EEB)
Governed retrieval envelope
The EEB defines exactly which scopes and source types the request may see. Retrieval outside the boundary is structurally impossible — not gated by application code, gated by the schema.
$ evidence_boundaries
03
Tamper-evident ledger
Every decision hash-chained
Every allowed decision writes a hash-chained evidence ledger entry canonicalized per Appendix A. Auditors replay the chain; regulators accept the trail.
$ evidence_ledger

TenantSage decides what is allowed before relevance is searched.
Verified by TLA+ & Alloy
The four invariants are proved as machine-checked assertions.15 distinct states, depth 11, 14 Alloy assertions UNSAT.Denial cannot progress into retrieval, generation, or execution. Not by convention — by the model.
Canonical principles
Constitutional invariants.
Not guidance.
01
Protocol immutable. Implementations replaceable.
02
History never rewritten.
03
Authority externally inspectable.
04
Evidence human-verifiable.
05
No synthetic audit history.
06
Governance precedes generation.
Ship AI features your CISO
signs off on the first time.
Book a 30-minute technical review. We'll look at your stack together and show you where TenantSage fits.