Vauban Trust Center
Last updated:
Vauban Trust Center
Post-quantum proof infrastructure for sovereign digital trust
Vauban Trust Center publie de manière transparente notre posture sécurité, notre conformité réglementaire, nos audits, et notre gouvernance. Self-hosted Astro static site (axiom Sovereignty + Profitable, free €0/mois vs SaaS payant).
Quick links
| Page | Audience | Purpose |
|---|---|---|
| security | All | Security disclosures + RFC 9116 security.txt |
| compliance | Régulateurs + investisseurs + auditeurs | DORA + NIS2 + GDPR + AI Act + eIDAS + CSPN matrix |
| audit-reports | Régulateurs + investisseurs | CSPN dossier + ISO 27001 future + SLSA L3 status |
| sub-processors | DPO + GDPR auditeurs | Vendors + data flows + retention + GDPR DPIA |
| architecture-attestation | Devs + auditeurs technique | Sextuplet primitive + 6 propriétés non-négociables PSF |
| governance-attestation | Régulateurs + investisseurs | 5 axiomes + tripartite GaC + ADR-ECO process + council |
| incident-history | All (transparency) | Post-mortems publics RCA |
| contact | All | security@vauban.tech + DPO + responsible disclosure + bug bounty future |
| changelog | All | Governance changelog + Trust Center page updates |
Vauban en 30 secondes
Vauban construit l’infrastructure cryptographique post-quantum pour la confiance numérique souveraine européenne.
5 axiomes baseline cumulatifs :
- Institutionnel — built for regulated entities (banques, ANSSI, CNIL, AI Office EU)
- SOTA — state-of-the-art crypto + governance frameworks 2025-2026
- Robuste — engineering robustness defense-in-depth, audit-trail-complete
- Anti-fragile — multi-vendor optionalité, exit plan documented every external dependency
- Profitable — sustainable economics — CAC reduction sales enabler + IP différenciant exit valuation
Architecture 4 piliers non-négociables :
- ZK Privacy-First (no PII on-chain unencrypted)
- Post-Quantum (STARKs only, no SNARKs Groth16/PLONK)
- Zero Trust (verification systematic, never implicit)
- Sovereignty (exit plan every external dependency)
Tripartite Governance-as-Code (GaC) :
- L1 Sémantique (versioned Git docs)
- L2 Agentique (Cedar policies + OPA Rego + Microsoft Agent Governance Toolkit)
- L3 Protocolaire (Cairo MerkleAnchor on Starknet mainnet, sprint-483 universal proof-layer pattern)
Compliance roadmap
Voir compliance pour matrice complète. Highlights :
- EU AI Act (enforcement Aug 2026) — Article 12 audit trail via Brain decision chains anchored L3 ✅
- Colorado AI Act (enforcement June 2026) — same audit trail ✅
- GDPR — DPO contact + DPIA per produit (Phase 1+)
- CSPN Visa (ANSSI) — dossier soumis Q4 2026 (Phase 0 done_when target)
- eIDAS — Glacis Identity Phase 1+
- DORA + NIS2 — Vauban Finance + Vauban Auth applicable
Architecture trust signals
- Brain Protocol — 986+ knowledge entries, OAuth 2.1 V8 unified, audit chain hash + L3 anchor
- Glacis Protocol — STARKs ZK identity post-quantum, Cairo OZ 2.0.0 audited
- sprint-483 universal proof-layer sealed (Cairo MerkleAnchor mainnet)
- Vauban Auth v0.4.0 — 7 mechanisms unified, 302 tests, GitHub Packages
Governance trust signals
- 5 axiomes cascade complete (10 docs files updated, ADR-ECO-005 status accepted)
- 13 ADR-ECO atomic decisions (12 v2.0 + 1 v2.1 NEW)
- 14 product charters versioned + active phase aligned
- Founder-solo Phase 0 baseline → 3-person council quorum Phase 1+ (post-seed close OR advisor business recruited)
- Quarterly review rhythm (last 2026-Q1, next 2026-Q2 target 2026-06-30)
- Brain archival institutional memory cross-product (986+ entries cumulative)
Sovereignty signals
- Free OR Build discipline (no SaaS payant Phase 0, per founder mandate)
- Self-hosted Astro Trust Center (vs Vanta/Conveyor SaaS REJECTED)
- Open-source MIT Microsoft Agent Governance Toolkit adopted (fork-able if vendor pivot)
- Open-source Apache 2.0 Cedar AWS adopted (multiple implementations cedar-wasm/rust/java)
- Multi-vendor optionalité documented (Anti-fragile axiom)
Contact
- Security disclosure : security@vauban.tech (responsible disclosure)
- DPO : dpo@vauban.tech (GDPR + privacy)
- General : voir contact
This Trust Center is self-hosted Astro static site (open-source MIT, MDX content portable Markdown). Source : governance/trust-center/*.md git-versioned. Stack : Astro + MDX + GitHub Pages OR K3s vauban-infrastructure self-host. Hébergement €0/mois, control 100%, exit plan = portable Markdown source.