Vauban / Trust Center

Governance Attestation — Vauban Trust Center

Audience: regulators + investors + auditors

Last updated:

Governance Attestation

Vauban Governance-as-Code (GaC) tripartite est l’autorité décisionnelle stratégique pour l’ensemble de l’écosystème Vauban. Élevée v1.17.0 → v2.0.0 (2026-04-26) puis v2.1 SSOT-SOTA mutualization.

5 Axiomes Baseline (cumulative cumulative)

Toute décision stratégique passe le filtre des 5 axiomes :

  1. Institutionnel — built for regulated entities (banques, ANSSI, CNIL, AI Office EU)
  2. SOTA — state-of-the-art crypto + governance frameworks 2025-2026, peer-reviewed sources
  3. Robuste — engineering robustness defense-in-depth (NEW per ADR-ECO-005, accepted 2026-04-26)
  4. Anti-fragile — multi-vendor optionalité, exit plan documented every external dependency
  5. Profitable — sustainable economics — CAC reduction sales enabler + IP différenciant exit valuation

Voir governance/axioms/00-foundational.md pour définitions complètes + governance/axioms/decision-template.md pour template axiom-check 5/5 plug-and-play ADR-ECO.

Tripartite GaC Architecture

LayerRoleImplementation
L1 SémantiqueAuthority LayerVersioned Git docs : governance/strategy/, governance/decisions/, governance/charters/
L2 AgentiqueExecution Layer.claude/rules/governance/ (6 rules) + .claude/rules/brand/ (1 rule) + 3 governance-only skills (/propose-sdr, /quarterly-review, /cascade-decision) + Cedar policies + OPA Rego (existing vauban/apps/ai-security/) + Microsoft Agent Governance Toolkit (Phase 1+ adopted MIT open-source)
L3 ProtocolaireImmutability LayerCairo MerkleAnchor on Starknet mainnet (sprint-483 universal proof-layer sealed pattern, deferred Phase 2+ for governance state quarterly anchoring per ADR-ECO-006)

ADR-ECO Process (Strategic Decision Records)

Tout décision cross-product OR brand-shifting OR axiom-impacting OR capital-impacting (>€25k) OR on-chain signing surface OR threat-model-shifting déclenche ADR-ECO :

  1. /propose-sdr "<short title>" skill (founder/RSO-only)
  2. Axiom-check 5/5 mandatory (per governance/axioms/decision-template.md)
  3. Cedar policy validation governance/policy/cedar-policies/adr-eco-validation.cedar
  4. Phase 0 founder explicit approval OR Phase 1+ council quorum
  5. Cascade : /cascade-decision <ADR-ID> propagates Brain + Citadel + product CLAUDE.md (per .claude/rules/governance/decision-cascade.md)
  6. L3 anchoring (Phase 2+ deferred per ADR-ECO-006)

Council Quorum

PhaseCompositionQuorumReserved Matters
Phase 0 (current)Founder = sole council member + RSO de factoN/A founder-solo baselineFounder explicit approval
Phase 1+Founder CEO + Founder CTO (if recruited) + 1 advisor business3 members minimum present (or written approval pre-recorded)Unanimous vote required
Phase 2++ RSO dedicated AI Governance OfficerRSO veto on tier promotionsPer .claude/rules/governance/council-quorum.md

Reserved Matters List (council-only authority Phase 1+)

  1. Strategic plan version bumps MAJOR (e.g. v3.0.0 institutional reconciliation 2026-04-26)
  2. Master tagline modifications (per ADR-ECO-001)
  3. Brand hierarchy modifications (per ADR-ECO-012)
  4. Capital allocations > €50k single decision
  5. On-chain signing surface additions (Phase 1+)
  6. Equity issuance, advisor compensation > 0.5%
  7. Axiom modifications (e.g. ADR-ECO-005 added Robuste)
  8. Tier promotions (AI agent capabilities, per .claude/rules/ai/tiered-gates.md)
  9. M&A decisions, fundraise term sheets, spinoff decisions

RSO (Responsible Scaling Officer)

  • Phase 0-1 : Founder = RSO
  • Phase 2+ : CTO or dedicated AI Governance Officer
  • RSO veto : on tier promotions + adversarial decisions (new on-chain signing surface, partner trust dependencies, threat-model-shifting decisions)

Quarterly Review Rhythm

  • Last review : 2026-Q1 retrospective (governance/strategy/quarterly-reviews/2026-Q1-retrospective.md)
  • Next target : 2026-Q2 (target 2026-06-30)
  • Skill : /quarterly-review (governance-only, founder-only invocation)
  • Coverage : North Stars progress + ADR-ECO decisions + Brain archival activity + drift signals + risk register updates + pivots + capacity + decisions for next quarter + founder sign-off + cascade actions

Decision Trail (Brain Protocol Audit)

Toutes les décisions stratégiques + cascade actions + quarterly reviews sont archivées Brain Protocol (986+ entries cumulative) :

  • 39 entries Phase A+B+C elevation v2.0 (12 plan v3 sections + 12 ADR-ECO + 14 charters + 1 meta)
  • 5-8 NEW entries v2.1 SSOT-SOTA mutualization (cette session)
  • L3 anchor proof chain via Cairo MerkleAnchor mainnet (sprint-483 pattern reused)

Sub-brand Hierarchy (per ADR-ECO-012)

TierProductsBranding
UmbrellaVauban”Post-quantum proof infrastructure for sovereign digital trust”
Premium sub-brandBrain Protocol ⭐ + Glacis Protocol + Vauban Finance + Command CenterDedicated taglines + sub-sites/sub-domains Phase 2+
ComposantBastion + Citadel + Vauban Auth + Starknet MCP + Analytics + Intent Engine + SDK Intents + Vauban InfrastructureUse umbrella tagline, internal docs only Phase 0-1
Standalone preservedRempartStandalone branding maintained per ADR-ECO-009 anti-dilution audit firm

Voir governance/brand/per-product-tagline.md pour mapping détaillé.

EU AI Act Article 14 Human Oversight

Vauban respecte Article 14 EU AI Act via :

  • Council quorum Phase 1+ (3-person human oversight)
  • Tiered gates T1-T4 (T4 sign-on-chain require founder approval + L3 anchor)
  • RSO veto on adversarial decisions + tier promotions
  • Quarterly review founder sign-off + cascade actions

Cross-references

  • 5 Axiomes : governance/axioms/00-foundational.md
  • Decision template : governance/axioms/decision-template.md
  • Council charter : governance/council/charter.md
  • ADR-ECO inventory : governance/decisions/ (13 ADR-ECO)
  • Charters inventory : governance/charters/ (14 charters)
  • Quarterly reviews : governance/strategy/quarterly-reviews/
  • Cedar policies : governance/policy/cedar-policies/
  • Compliance : compliance.md
  • Architecture attestation : architecture-attestation.md