v3.0.2 Spec v3.0 · Reference implementation v3.0.2 (current); v3.0.0 shipped 2026-06-01. RFC 0002 Accepted and implemented. Version history →
Introduction
Getting Started / Introduction
Sovereign Knowledge Intelligence

Sovereign, auditable, neuro-symbolic AI compliance

SKI is an open framework for compliance monitoring in regulated industries. Every verdict carries verifiable provenance: a signed LLM transcript, Knowledge Graph citations, and an independent symbolic verifier's per-assertion result — runnable today.

What SKI is

v3.0.0 is the first production-target release of the SKI Framework. It ships the complete neuro-symbolic evaluation pipeline: a KG-grounded LLM Evaluator paired with an independent Symbolic Verifier, with every verdict sealed into a signed V3VerdictEnvelope carrying the full provenance chain.

SKI is built on three governing axioms, three structural pillars, and a closed taxonomy of five categorical verdicts — all evaluated inside a single sovereign boundary. The pages in this documentation walk through each of those building blocks, the architecture that connects them, and how to run the reference implementation yourself.

  • Specification v3.0 — neuro-symbolic pivot, verifiable provenance model, RFC 0002 accepted.
  • Reference implementation v3.0.2 — runs entirely on-premise on Ollama, no cloud API key required.
  • 60 runnable conformance tests (30 provenance + 30 durability), plus 6 scaffolded sovereignty stubs, you can run in minutes.
  • Dual-licensed: Apache 2.0 for software, CC BY 4.0 for the specification.

The problem SKI solves

These are not hesitations. They are the reasons AI adoption has stalled in core compliance functions across critical infrastructure. SKI was designed from first principles to address each one.

01
Loss of Sovereignty
If our operational data flows through a third-party cloud AI, we lose control of our most sensitive asset.
SKI resolves this The inference engine runs entirely within the organisation's sovereign boundary. No operational data leaves at runtime. Air-gap capable by design.
02
Non-Determinism
AI gives different answers to the same question. That's fundamentally incompatible with audit and regulatory compliance.
SKI resolves this Every verdict carries verifiable provenance: a signed LLM transcript, KG citations, model-weight and KG-version hashes, and an independent Symbolic Verifier's per-assertion result. An auditor can replay any verdict from the recorded transcript and reach the same envelope — defensibility is reconstructible, not bit-identical.
03
Liability Opacity
When an AI flags a compliance issue (or misses one), we can't explain the basis of the decision to a regulator.
SKI resolves this Every verdict traces to a specific Knowledge Graph node and a named policy clause in a source regulatory document. Every verdict also carries a signed LLM transcript so an auditor can reconstruct the model's reasoning step by step. No black boxes — ever.
04
Unsafe Intervention
An AI that can control or modify operational systems introduces catastrophic risk. We cannot put AI in the loop on safety-critical infrastructure.
SKI resolves this SKI is a passive read-only observer. It monitors and reports. It has zero control path to operational systems. Primary operations continue uninterrupted if SKI goes offline.
05
Rule Drift
Regulations change. We can't guarantee the AI is evaluating against the current rules, not last year's.
SKI resolves this The Knowledge Graph is a living, versioned artefact with a governed update pipeline. Every change requires extraction, human validation, cryptographic signing, and deployment. The ledger records which graph version produced each verdict.
06
Accountability Gap
If the AI is making compliance decisions, who is accountable? The regulator will ask, and we won't have an answer.
SKI resolves this Human reviewers validate every Knowledge Graph rule before production. Human authority is preserved on all escalations. The AI augments judgement — it does not replace it.

SKI at a glance

Three governing axioms. Three structural pillars. Five categorical verdicts. One sovereign boundary. Click any element to jump to its full specification.

3 Governing Axioms
A1ProximityInference at or near the data source. No remote endpoints. A2Verifiable ProvenanceEvery verdict carries a signed LLM transcript, KG citations, and the Symbolic Verifier's per-assertion result. Replayable by any auditor. A3Passive OversightRead-only sidecar. Zero control path to operations.
govern
3 Structural Pillars
S
Sovereignty
On-premise edge computeAir-gap capableHardened environmentNo cloud dependency
K
Knowledge Maps
LLM extraction (kg-extractor)Schema validation (kg-validator)Ed25519 signingTyped v3 obligation graph
I
Intelligence
KG-grounded local LLMSymbolic VerifierSigned LLM transcriptsAgreement monitor
produces
5 Verdict Types
CLEARAll rules pass — logged silently FLAGRule breached — operational owner alerted NULL_UNMAPPEDNo graph node — KG coverage gap NULL_STALESilent sensor — infrastructure failure DISCRETIONARYAmbiguous language — human reviewer
Getting Started / Quick Start
v3.0.2 — Runnable today

Quick Start

The SKI reference implementation runs entirely on-premise using Ollama. No cloud API key required. Clone the repo, install prerequisites, and run all 60+ conformance tests in minutes.

Install & run

1Clone & install

Pull the reference implementation and install the dev and test dependencies. No cloud credentials required.

$ git clone https://github.com/kpifinity/ski-framework.git
Cloning into 'ski-framework'...
remote: Enumerating objects: 4231, done.
Receiving objects: 100% (4231/4231), 1.84 MiB | 12.18 MiB/s, done.
Resolving deltas: 100% (2914/2914), done.

$ cd ski-framework
$ pip install -r requirements-dev.txt
Successfully installed pytest-8.3.3 pytest-asyncio-0.24.0 pytest-httpx-0.32.0 …
2Start the sovereign runtime (Ollama)

Ollama is the conformant sovereign backend. The v3 runtime requires a model that supports structured generation (JSON grammar). qwen2.5:7b-instruct is the tested default.

$ ollama pull qwen2.5:7b-instruct
pulling manifest...
pulling 2c89d7d5d2d0... 100% ▕████████████████████▏ 4.7 GB
pulling 8a0c5d0e... 100% ▕████████████████████▏ 1.5 KB
verifying sha256 digest
writing manifest
success

$ docker compose up -d
✓ Container ski-ledger-db    Started
✓ Container ski-ollama       Started
✓ Container ski-model        Started
INFO  Ledger schema is at v3; no migration required.
INFO  SKI Model starting (v3.0.2, runtime=v3)
3Run the conformance suite

60 runnable tests across two marks (30 provenance + 30 durability), each citing the spec section it validates, plus 6 scaffolded sovereignty stubs. All runnable tests must pass on a conformant v3 deployment.

$ pytest conformance/ -m "provenance or durability" -v
============================= test session starts =============================
platform linux -- Python 3.11.6, pytest-8.3.3, pluggy-1.5.0
collected 60 items / 0 errors

conformance/provenance/test_v3_envelope_shape.py::test_envelope_has_all_required_fields PASSED
conformance/provenance/test_v3_envelope_shape.py::test_envelope_forbids_extra_fields PASSED
…
conformance/durability/test_ledger_schema_v3_columns.py::test_schema_declares_all_v3_audit_trail_columns PASSED
conformance/durability/test_ledger_migrations_runner.py::test_server_lifespan_calls_the_runner PASSED

============================= 60 passed in 4.83s ==============================
Demo KGs. The repo ships sector-specific demo KGs under examples/. The energy v3-shaped demo is at examples/energy/knowledge-graphs/kg-energy-v3-demo.json — this is the one that matches the v3 typed-obligation runtime. The v0.1 kg-energy-demo.json is the older flat-rule shape and exists for backward-compat smoke tests; the runtime correctly emits NULL_UNMAPPED against it because the metric paths don't align with v3 obligations. This is expected — not a runtime bug.
ski-framework — step 1 of 3
$ git clone https://github.com/kpifinity/ski-framework.git
Cloning into 'ski-framework'...
remote: Enumerating objects: 4231, done.
Receiving objects: 100% (4231/4231), 1.84 MiB | 12.18 MiB/s, done.
Resolving deltas: 100% (2914/2914), done.

$ cd ski-framework
$ pip install -r requirements-dev.txt
Successfully installed pytest-8.3.3 pytest-asyncio-0.24.0 pytest-httpx-0.32.0 …
View repository → v3.0.2 release notes
v3.0.0 — first production-target release. The neuro-symbolic pipeline (LLM Evaluator + Symbolic Verifier), signed LLM transcripts, V3VerdictEnvelope, and agreement monitor are all implemented and tested. See CHANGELOG.md for the full history.

Where to go next

Getting Started / Conformance
Spec Part D — Conformance

Conformance

The SKI conformance model defines three maturity levels — Provenance, Durability, and Sovereignty. Any implementation — including third-party implementations — can self-verify the Provenance level using the open test suite. Higher levels add governance controls and third-party audit requirements.

Conformance levels

Provenance · 30 tests
Runnable today
Provenance conformance

Thirty runnable tests across seven files verify the complete provenance chain: LLMTranscript ed25519 signature, V3VerdictEnvelope structure, model-weight and KG-version hash anchors, prompt-template and structured-grammar hash anchors, Symbolic Verifier per-assertion result present, agreement-monitor rolling agreement-rate behaviour, and audit ledger hash-chain integrity.

pytest conformance/ -m provenance -v
  • LLMTranscript signed with ed25519 (runtime key) and verified on every verdict
  • V3VerdictEnvelope carries model-weight hash, KG-version hash, prompt-template hash, decoder seed
  • Symbolic Verifier per-assertion result (AGREED / LLM_CONTRADICTION / NEURO_SYMBOLIC_DIVERGENCE / UNVERIFIABLE) present in every envelope
  • Agreement monitor reports a rolling agreement_rate (AGREED / total, default last 1000 evaluations) and fails is_healthy() below the 0.95 threshold
  • Audit ledger hash-chain integrity maintained across restarts
Full conformance specification →
Durability · 30 tests
Runnable today
Durability conformance

Thirty tests across nine files covering the durable properties of the v3 pipeline: sovereign boundary enforcement (no outbound runtime network), Knowledge Graph Ed25519 signature verified on load, append-only audit ledger with no delete or modify paths, Tag Registry compile-time with no runtime inference, five-verdict taxonomy (closed set), and NULL_UNMAPPED on out-of-scope inputs.

pytest conformance/ -m durability -v
  • All three axioms (Proximity, Verifiable Provenance, Passive Oversight) architecturally enforced
  • KG Ed25519 signature verified on load; reject on bad signature
  • Append-only ledger — no delete or modify paths exist in the code
  • Five-verdict taxonomy closed — no additional verdict codes possible
  • NULL_UNMAPPED produced for out-of-scope inputs, never a speculative verdict
Full conformance specification →
Sovereignty · 6 stubs
Scaffolded · harness in v3.1
Sovereignty conformance

The v3 Sovereignty mark verifies that the runtime is operable air-gapped, tamper-evident, and end-to-end signed. The six tests are scaffolded today (pytest.skip() stubs with spec citations); the harness lands in v3.1. For attested conformance — operations governed by an external audit plus a signed attestation letter on KpiFinity letterhead — engage KpiFinity for a paid Sovereignty audit.

  • No outbound HTTP during CLEAR-path evaluation (local LLM)
  • Runtime boots and serves with --network=none
  • Modified ledger row fails verify_integrity even after the chain is recomputed forward
  • Runtime refuses to start with SKI_MODEL_WORKERS != 1
  • Recorded transcript carries the snapshot's scope block (jurisdiction + as_of + n_in/n_out)
  • Recorded LLMTranscript ed25519 signature verifies against the recorded signing_key_id
Engage KpiFinity for a paid Sovereignty audit →
Conformance is defined in docs/CONFORMANCE.md. Run pytest conformance/ -m "provenance or durability" -v to execute all 60 runnable tests. An implementation claiming SKI v3 conformance should publish test output for both marks. Governance conformance requires a current Residual Risk Register as defined in Spec Part D.
Core Concepts / The Three Axioms
Spec A4 — Core Axioms

The Three Axioms

The three axioms are non-negotiable architectural constraints. A deployment that violates any axiom is not an SKI deployment — it is an ordinary AI system with no special compliance properties.

The foundational constraints

1
A1 — Proximity
Intelligence evaluation shall occur at or near the monitored data source
The inference engine runs on a dedicated on-premise edge node co-located with the operational historian or SCADA system. Round-trip latency to any remote inference endpoint is not permitted. The edge node communicates only with local data buses — not with any external network at runtime.
Physical proximity eliminates latency, enforces data sovereignty, and makes remote data exfiltration architecturally impossible — not just policy-prohibited. An external auditor can verify compliance by physically inspecting the network topology; no policy document is required.
2
A2 — Verifiable Provenance
Every verdict can be independently reconstructed from its recorded provenance
Every produced V3VerdictEnvelope carries: a signed LLMTranscript (ed25519, the runtime's own key), the model-weight hash, the KG-version hash, the prompt-template hash, the decoder seed, the structured-grammar hash, the KG citations the LLM relied on, and the Symbolic Verifier's per-assertion result. An auditor with the public key, the recorded transcript, and the KG version can reconstruct the evaluation step by step and reach the same envelope. The framework does not claim the underlying LLM is bit-deterministic — floating-point non-associativity makes that infeasible at scale. What is guaranteed is that the provenance of any verdict is complete, signed, and replayable. The audit ledger's hash chain plus the per-row transcript signature is the contract that makes v3 verdicts legally defensible.
The shift from bounded determinism to verifiable provenance is the architectural core of the v3 neuro-symbolic pivot. A regulator or auditor cannot inspect inside an LLM — but they can verify a signed transcript, replay it against the recorded KG version, and confirm the Symbolic Verifier's per-assertion cross-check. Provenance is architecturally enforced, not behaviourally expected.
3
A3 — Passive Oversight
The SKI evaluation layer shall not sit in-line with primary operational systems
SKI operates as a read-only sidecar, consuming telemetry from data buses without the primary operational system being aware of its presence. If the SKI engine fails, is taken offline for maintenance, or is deliberately isolated, primary operations continue without any interruption. SKI has no write path, no control path, and no alert path that can interrupt primary operations.
Monitoring systems that become operational dependencies introduce unacceptable risk in safety-critical environments. Passive oversight preserves all existing safety margins while adding a compliance intelligence layer. No safety case or risk assessment needs to account for SKI failure modes affecting operations.
Core Concepts / The Three Pillars
Spec A5 — The Three Pillars

The Three Pillars

Each pillar translates one or more axioms into concrete implementation requirements. Meeting the axioms without meeting the pillar requirements is insufficient — the pillars define what "compliance" means in practice.

Structural pillars

S
Pillar S · Spec A5
Sovereignty
The asset owner retains full control over inference logic, operational data, and all update pathways. The SKI engine is physically and logically inseparable from the asset owner's infrastructure. No inference, data transfer, or model update path exists that does not require explicit, physically verified action by the organisation. The sovereign boundary is not a network policy — it is an architectural constraint enforced by physical separation.
Implementation requirements
On-premise edge compute node Hardened operating environment Air-gap capability One-way Knowledge Graph transfer mechanism No outbound runtime network path Physical access log for all sovereign boundary crossings
K
Pillar K · Spec A5 / B2
Knowledge Maps
All compliance evaluation is performed against a verifiable, auditable v3 Knowledge Graph: a typed graph of Subjects, Rules, Obligations (twelve typed obligation types per spec §3.3), Definitions, Exemptions, Precedents, Jurisdictions, and Citations, connected by eight typed edges (applies_to, consists_of, defined_by, exempted_by, amended_by, interpreted_by, scoped_to, cited_by). Every obligation is scoped by jurisdiction and effective date. Every verdict is traceable to a specific node and a verbatim source-document citation. The Knowledge Graph is the complete, explicit, human-approved encoding of the compliance rules in scope.
Implementation requirements
Typed v3 obligation graph (12 obligation types, 8 edges) LLM extraction (kg-extractor) Schema validation (kg-validator) Ed25519 signing (ski-model-deploy) Jurisdiction + effective-date scoping Typed-obligation grammar Source-clause citation per obligation
I
Pillar I · Spec A5 / B3
Intelligence
The Intelligence pillar is a neuro-symbolic pairing: a KG-grounded local LLM (temperature 0, structured generation) and an independent Symbolic Verifier that cross-checks every formalizable assertion. The LLM reasons over KG nodes and emits a structured verdict; the Symbolic Verifier mechanically checks the formalizable assertions in that verdict against the KG and records its per-assertion result. Both outputs, plus the signed LLM transcript, are sealed into the V3VerdictEnvelope. An agreement monitor tracks the rolling agreement rate between the LLM verdict and the Symbolic Verifier (default last 1000 evaluations); a sustained drop below the configured threshold pages the on-call rather than silently accepting either view.
Implementation requirements
Local LLM, temperature 0, structured generation (llm-evaluator) Signed LLM transcript per verdict (ed25519, runtime key) Symbolic Verifier per-assertion cross-check (symbolic-verifier) Agreement monitor — rolling agreement-rate (agreement-monitor) Model-weight hash, KG-version hash, decoder-seed in envelope Read-only sidecar architecture — zero write-path to operations
Core Concepts / Verdict Taxonomy
Spec A6 — Verdict Taxonomy

Verdict Taxonomy

Every evaluation produces exactly one of five categorical verdicts. The taxonomy is closed — there is no mechanism for the system to produce a verdict outside this set, emit a confidence score, or return a free-form response.

The five verdicts

CLEAR
→ Audit ledger (silent)
All applicable Knowledge Graph rules have been evaluated against the incoming telemetry. No compliance issue has been detected. The verdict is logged to the immutable audit ledger with a timestamp, the Knowledge Graph version hash, and the evaluated rule set.
CLEAR verdicts are silent — no notification is sent to any operational owner. They form the continuous audit evidence that the system is operating within compliance boundaries.
FLAG
→ Designated operational owner (urgent)
A compliance rule encoded in the Knowledge Graph has been breached by the incoming telemetry. The verdict includes the specific graph node, the policy clause it encodes, the operational tag that triggered it, and the evaluated value. The designated operational owner is notified immediately.
FLAG verdicts carry the full traceability chain — from telemetry value through tag registry through graph node through source document. This chain is what makes the verdict defensible in a regulatory examination.
NULL_UNMAPPED
→ Knowledge Graph Owner (coverage gap)
Telemetry has been received from a recognised operational tag, but no Knowledge Graph node exists that covers the compliance evaluation of this tag. This is a Knowledge Graph coverage gap — the system is receiving data it has no rules to evaluate. The Knowledge Graph Owner is alerted to expand the graph.
NULL_UNMAPPED is not an error — it is a signal. It means the system is seeing something real that the Knowledge Graph has not yet been extended to cover. The appropriate response is a Knowledge Graph update cycle, not an infrastructure investigation.
NULL_STALE
→ Operations team (infrastructure failure)
An expected telemetry stream — one that the Knowledge Graph has rules to evaluate and the Tag Registry is configured to receive — has gone silent. No data has arrived within the configured staleness window. This indicates a sensor failure, a pipeline interruption, or a network connectivity issue. Operations are alerted immediately.
NULL_STALE and NULL_UNMAPPED route to different owners and require different remediation. Conflating them leads to incorrect prioritisation — a NULL_STALE requires an infrastructure investigation, not a Knowledge Graph update.
DISCRETIONARY
→ Qualified human reviewer
The applicable Knowledge Graph rule has been evaluated, but the regulatory language encoded in the rule is genuinely ambiguous in context. The SKI Model has determined that the situation falls within the rule's scope, but that a categorical CLEAR or FLAG verdict cannot be issued without human interpretation. The verdict and full context are routed to a qualified reviewer.
DISCRETIONARY is produced when the KG-grounded LLM Evaluator determines a categorical CLEAR or FLAG verdict cannot be issued without human interpretation. The Symbolic Verifier will still record its per-assertion result for any formalizable assertions within the verdict. A high rate of DISCRETIONARY verdicts for a specific rule is a signal that the rule should be restructured in the Knowledge Graph to reduce ambiguity.
Architecture / Evaluation Architecture
Spec Part B — Technical Architecture

Evaluation Architecture

Two phases. One sovereign boundary crossing. One v3 evaluation path. The probabilistic work of policy interpretation happens once, offline. The neuro-symbolic evaluation happens continuously, inside your sovereign boundary. Every component is designed so that its failure mode is safe.

Neuro-symbolic evaluation

Every verdict is produced by a neuro-symbolic pairing. Both components run on every evaluation — neither is optional. The signed V3VerdictEnvelope seals both outputs together with the full provenance chain.

LLM EvaluatorKG-Grounded Local LLM
Role
Reasons over KG nodes and obligation graph using natural-language understanding. Emits a structured categorical verdict (CLEAR / FLAG / DISCRETIONARY / NULL_UNMAPPED / NULL_STALE).
Provenance guarantee
Produces a signed LLMTranscript (ed25519, runtime key) containing the full prompt, structured output, model-weight hash, KG-version hash, prompt-template hash, decoder seed, and structured-grammar hash.
Runtime constraints
Temperature 0 · Structured generation only · Read-only KG access · No outbound network
+
Symbolic VerifierIndependent Cross-Checker
Role
Mechanically checks every formalizable assertion in the LLM's verdict against the KG. Runs independently — does not see the LLM's reasoning, only the KG and the assertions to check.
Output
Per-assertion result (AGREED / LLM_CONTRADICTION / NEURO_SYMBOLIC_DIVERGENCE / UNVERIFIABLE) sealed into the V3VerdictEnvelope alongside the LLM transcript.
Statuses
AGREED — the verifier independently reached the same outcome as the LLM for this formalizable assertion. LLM_CONTRADICTION — the LLM's structured assertion contradicts the verifier's mechanical check on the same telemetry; the strongest signal that the LLM hallucinated. NEURO_SYMBOLIC_DIVERGENCE — both reached a categorical answer but on different bases (e.g. different rules in scope), recorded for human review. UNVERIFIABLE — the verifier couldn't check the assertion (telemetry missing, predicate not yet implemented, or KG citation invalid); not silent acceptance — the envelope still records the LLM's claim and the verifier's "couldn't verify" status.
Agreement monitor
Tracks the rolling window of verifier statuses (default last 1000 evaluations). Reports agreement_rate = AGREED / total and exposes is_healthy(), which returns False when the rate drops below the configured threshold (default 0.95). A sustained drop pages the on-call — the runtime never silently accepts persistent divergence.
Both components run on every verdict. An auditor receives the complete V3VerdictEnvelope: signed LLM transcript, KG citations, Symbolic Verifier per-assertion result, and all hash anchors. Defensibility is reconstructible from the recorded provenance — it is not contingent on the LLM producing bit-identical output across runs.

Two-phase pipeline

The pipeline separates the probabilistic work (LLM extraction, offline) from the deterministic work (runtime evaluation, on-premise). Once the signed Knowledge Graph crosses the sovereign boundary, no further probabilistic processing occurs inside it.

Phase 1
Offline Compilation
Outside sovereign boundary
01
Source documents. Regulatory texts, permits, and policy documents are ingested by the extraction pipeline.
02
LLM extraction. A large language model converts natural-language policy into a v3 Knowledge Graph: typed Subjects, Rules, Obligations (twelve types), Definitions, Exemptions, Precedents, Jurisdictions, and Citations — all scoped by jurisdiction and effective date.
03
Human validation gate. A qualified Domain Expert reviews every extracted rule against the source document. No rule enters the graph without sign-off.
04
Cryptographic signing. The Knowledge Graph Owner signs the completed graph. The signature is the organisation's attestation that the graph has been reviewed and approved.
One-way transfer
No data leaves
Phase 2
On-Premise Runtime
Inside sovereign boundary — no outbound network
05
Read-only sidecar. A passive listener connects to existing operational data buses (MQTT, Kafka, OPC-UA, or equivalent) without modifying them or alerting the primary system.
06
Tag Registry. Raw operational tags are resolved to Knowledge Graph entities before reaching the evaluation engine — no runtime inference of tag identity.
07
Neuro-symbolic evaluation. The KG-grounded LLM Evaluator (temperature 0, structured generation) reasons over obligation nodes and emits a structured categorical verdict. It signs the full LLM transcript with the runtime's ed25519 key.
07b
Symbolic Verifier cross-check. The independent Symbolic Verifier mechanically checks every formalizable assertion against the KG and records its per-assertion result. Its per-assertion result (AGREED / LLM_CONTRADICTION / NEURO_SYMBOLIC_DIVERGENCE / UNVERIFIABLE) is recorded; the agreement monitor tracks the rolling agreement rate across evaluations, and a sustained drop below threshold pages the on-call rather than silently accepting divergence.
08
Immutable audit ledger. Every V3VerdictEnvelope (signed transcript + KG citations + Symbolic Verifier result + all hash anchors) is written to an append-only, hash-chained local ledger. No verdict is ever deleted or modified.
Architecture / Governance
Spec Part D — Governance & Conformance

Governance

SKI is not autonomous. The governance model ensures that human judgement — not AI inference — has final authority over every rule, every verdict pathway, and every Knowledge Graph update. Every accountable decision traces to a named individual.

Named accountable roles

D1.1 · Role 1
Knowledge Graph Owner
  • Cryptographically signs every approved Knowledge Graph version — the signature is the organisation's attestation that the graph has been reviewed and approved
  • Authorises the update pipeline to proceed to production deployment
  • Reviews and approves all changes to the sovereign boundary perimeter specification
  • Named in every audit verdict as the signing authority at time of evaluation
  • Also custodian of the per-tenant transcript-signing key (ed25519); the key signs every LLM transcript the runtime emits
D1.1 · Role 2
Domain Expert
  • Reviews every LLM-extracted rule against the original regulatory source document before it enters the Knowledge Graph
  • Validates the routing intent for each rule and confirms the obligation type and edge type assignments are correct — misclassification is a silent correctness failure
  • Approves or rejects rule candidates — no rule enters the graph without human sign-off
  • Documents the basis for any DISCRETIONARY routing decisions
D1.1 · Role 3
Operational Owner
  • Designated recipient of FLAG verdicts — initiates remediation within defined response SLAs
  • Investigates NULL_STALE alerts (sensor or pipeline failures) and coordinates infrastructure response
  • Documents all remediation actions with timestamps in the audit record — documentation is additive only, the ledger is never modified
  • Responsible for confirming the Tag Registry mapping is accurate for their operational domain
D1.1 · Role 4
Compliance Reviewer
  • Reviews DISCRETIONARY verdicts where regulatory language is genuinely ambiguous
  • Documents the interpretation rationale and the regulatory basis for the human decision
  • May escalate to the Knowledge Graph Owner to add an explicit rule resolving the ambiguity for future evaluations
  • All decisions are logged alongside the verdict in the immutable audit ledger with the reviewer's identity

Knowledge Graph update protocol

D4 — Knowledge Graph Update Protocol

Every change to the Knowledge Graph — however minor — follows this governed sequence without exception. Emergency security patches to the runtime environment are permitted but require a post-patch agreement-monitor verification run before evaluation resumes.

1
Regulatory change identified — formal update cycle triggered
2
LLM extraction of new or changed rules from source documents
3
Domain Expert validation gate — rule-by-rule review against source
4
Knowledge Graph Owner signs new version with updated hash
5
One-way transfer into sovereign boundary — no reverse path
6
Audit ledger records the graph version transition with timestamp
Every verdict in the audit ledger records the exact Knowledge Graph version hash that produced it. A regulatory audit can reconstruct the precise rule set active at any point in time — including the name of the Domain Expert and Knowledge Graph Owner who approved it.
Adoption / Implementation Roadmap
Spec Part C — Implementation

Implementation Roadmap

From regulatory text to live compliance monitoring in five structured phases. Each phase produces a concrete artefact that bounds the phases that follow it.

The five phases

01
Assess & Scope
Map the regulatory landscape to your operational environment. Identify which regulations apply, which systems produce the relevant telemetry, and define the sovereign boundary perimeter. This phase produces the scope document that all subsequent phases are bounded by.
Output: Scope document · Regulatory inventory · Sovereign boundary specification
02
Extract & Structure
Run the kg-extractor pipeline over source regulatory documents. Convert natural-language policy obligations into v3 KG shape: typed Subjects, Rules, Obligations (twelve obligation types), Definitions, Exemptions, Precedents, Jurisdictions, and Citations — all scoped by jurisdiction and effective date. Map each obligation to an operational tag in the Tag Registry.
Output: Draft Knowledge Graph · Track assignments · Coverage map · Tag Registry draft
03
Validate & Sign
Every extracted rule is reviewed by a qualified Domain Expert against the source regulatory document. Rules that pass validation are compiled into the signed Knowledge Graph artefact. The Knowledge Graph Owner's cryptographic signature is the organisation's legal attestation of review and approval.
Output: Signed Knowledge Graph v1.0 · Validation report · Signed artefact hash · Owner attestation record
04
Deploy On-Premise
Install the SKI edge node within your sovereign boundary. Connect the read-only sidecar to existing data buses (MQTT, Kafka, OPC-UA). Configure the Tag Registry to resolve operational tags to Knowledge Graph entities. Verify the network topology to confirm no outbound runtime paths exist.
Output: Live edge node · Connected data streams · Operational tag registry · Network topology verification
05
Monitor & Govern
Continuous compliance intelligence from day one. Manage Knowledge Graph updates through the governed update pipeline as regulations change. Every new version is validated, signed, and logged — maintaining a complete regulatory provenance chain that can survive a full regulatory audit.
Output: Continuous compliance stream · Immutable audit ledger · Regulatory provenance chain · Update cycle records
Adoption / Sector Applications
Sector Applications

Sector Applications

SKI was architected for environments where regulators audit every decision, data sovereignty is non-negotiable, and system failure is not an option.

Where SKI applies

01
Oil & Gas
Applicable regulatory contexts
Provincial energy regulators · Environmental protection statutes · Operational safety codes
Continuous wellhead pressure, flow rate, and emissions monitoring against permit conditions. Detection of threshold breaches before reporting deadlines. SCADA integration via read-only OPC-UA sidecar.
SCADA integrationAir-gap capableWellhead monitoring
02
Financial Services
Applicable regulatory contexts
Model risk supervisory guidance · Operational resilience regimes · Conduct and reporting obligations
Model risk governance and trading compliance monitoring with full audit trail. Every algorithmic decision traced to a named policy clause for regulatory examination. No cloud exposure for sensitive position data.
Model governanceRegulatory reportingTrade surveillance
03
Defence
Applicable regulatory contexts
Controlled-information regimes · Defence cybersecurity maturity frameworks · Classified handling controls
Classification handling compliance and information access monitoring in air-gapped environments. Cryptographic integrity verification on every compliance verdict with zero external network dependency. Full audit trail for security reviews.
Air-gapped deploymentClassification controlsZero cloud
04
Energy & Utilities
Applicable regulatory contexts
Bulk electric system reliability standards · Industrial control system security frameworks · Energy regulator directives
Grid operations compliance monitoring with sub-100ms target verdict latency on dedicated edge hardware. Reliability standards enforcement across distributed substations with on-premise edge nodes per site. No central aggregation of sensitive operational data.
Grid operationsEdge deploymentDistributed sites
05
Mining & Resources
Applicable regulatory contexts
Environmental protection statutes · Tailings management standards · Worker safety regulations
Environmental monitoring compliance for tailings, water treatment, and air quality against permit conditions. Continuous tracking of reportable events with tamper-evident ledger available directly to regulators.
Environmental monitoringTailings complianceAudit ledger
06
Critical Manufacturing
Applicable regulatory contexts
Electronic records and signature regulations · Quality management standards · Good manufacturing practice
Manufacturing process compliance and deviation detection in pharmaceutical and medical device production. Complete electronic records with validated audit trails. Passive monitoring with zero impact on batch processes.
Process deviationElectronic recordsGMP compliance
The contexts above describe sectors where SKI's architecture applies. Detailed regulatory crosswalks — mapping specific framework controls to specific regulatory requirements (NIST AI RMF, ISO/IEC 42001, SR 11-7, OSFI B-13, NERC CIP, IEC 62443, DORA, EU AI Act, CMMC, and others) — are scheduled for v3.1. Until those crosswalks are published, organisations should treat sector references as architectural fit, not as formal regulatory alignment.
Adoption / How SKI Compares
How SKI Compares

How SKI Compares

Not another GRC tool. Not another cloud AI. SKI occupies a category that didn't exist before — deterministic, sovereign, real-time compliance intelligence that can survive a full regulatory audit.

Capability comparison

Capability SKI Framework Cloud AI APIs Traditional GRC Tools
Deterministic verdictsVerifiable provenance on every verdict (signed transcript + KG citations + verifier status)ProbabilisticRules only
Data sovereigntyOn-premise by designCloud-requiredVaries by product
Air-gap capableArchitectural requirementNot supportedSome products
Real-time monitoringSub-100ms target, validated per deploymentVariable latencyPeriodic / batch
Full audit trailImmutable hash-chained ledgerPartial logsUsually present
Semantic reasoningNeuro-symbolic — LLM + Symbolic VerifierUnboundedRule-only
Verdict traceabilityTo named policy clauseOpaqueTo internal rule
Open specificationCC BY 4.0ProprietaryProprietary
SKI does not claim that the underlying LLM is bit-deterministic — floating-point non-associativity makes that infeasible at scale. The framework's audibility guarantee rests instead on verifiable provenance: a signed LLM transcript, KG citations, all hash anchors, and the independent Symbolic Verifier's per-assertion result. An auditor can replay any verdict from the recorded transcript and reach the same envelope. See B3.4 and the A2 axiom in the specification for the full provenance model.
Reference / Licensing
Licensing

Licensing

Dual-licensed: Apache 2.0 for software, CC BY 4.0 for the specification. Creative Commons explicitly recommends against using CC licences for software — the SKI Framework uses the right licence for each artefact type.

The two licences

Apache 2.0
Software — reference implementation, CLI tools, conformance suite, all code in the repository

Apache 2.0 includes an explicit patent grant, essential for enterprise software procurement. It clearly distinguishes source and object forms. It is the industry-standard licence for open-source compliance infrastructure deployed in regulated environments.

CC licences were designed for creative works. Applying them to software creates legal ambiguity that procurement and legal teams in regulated industries cannot accept. Apache 2.0 removes that ambiguity entirely.

Full Apache 2.0 licence text →
CC BY 4.0
Specification — framework documents, architecture, governance model, this website

The SKI Framework specification — the axioms, pillars, architecture, governance model, and all normative specification text — is published under Creative Commons Attribution 4.0 International. Any organisation may read, implement, adapt, and distribute the specification freely with attribution.

Attribution required: KpiFinity Inc. and skiframework.org. Use the canonical citation below.

CC BY 4.0 licence text →
The open / proprietary boundary

The framework specification, reference implementation, CLI tools, and conformance suite are entirely open under the above licences. The proprietary Knowledge Graph libraries for Energy, Financial Services, Manufacturing, and Defence are developed by KpiFinity Inc. and are not in the open repository. No commercial relationship is required to read, implement, or deploy SKI using your own Knowledge Graphs.

Reference / Security
Security

Security

The reference implementation ships with security-conservative defaults designed for regulated environments. No default passwords. TLS on by default. Secrets generated at first run with a cryptographically secure RNG. The audit ledger is append-only at the database layer — not application logic.

Hardening & disclosure

Runtime hardening defaults
  • TLS enabled by default on all endpoints
  • Strong random secrets generated at first run — never committed to source control
  • No default passwords in any configuration file
  • Audit ledger append-only enforced via PostgreSQL triggers at the DB layer
  • Real pg_dump backups via the audit-ledger CLI tool
  • Real entry-hash recomputation in verify_integrity()
  • Knowledge Graph Ed25519 signature verified on every load
Full hardening defaults documentation →
CI security pipeline
  • Static analysis: ruff, mypy, bandit on every commit
  • Dependency vulnerability audit: pip-audit on every PR
  • CodeQL semantic analysis on push and PR
  • CycloneDX SBOM generated on every release
  • Trivy container image scan
  • Dependabot configured for automated dependency updates
  • Signed commits; CODEOWNERS and branch protection guidance in repository
Vulnerability disclosure

Do not report security vulnerabilities via public GitHub issues. Follow the responsible disclosure process documented in SECURITY.md.

SECURITY.md — vulnerability disclosure policy →
Reference / Changelog
Version History

Changelog

Every published version of the SKI Framework, with normative changes documented. Audit-grade documents require version provenance — this is part of the framework, not a separate artefact.

Release announcement — v3.0.0

Published 2026-06-01  ·  KpiFinity Inc.  ·  v3.0.0 release on GitHub ↗

v3.0.0 is the first production-target release of the SKI Framework. It ships the complete neuro-symbolic evaluation pipeline: a KG-grounded LLM Evaluator paired with an independent Symbolic Verifier, every verdict sealed into a signed V3VerdictEnvelope with the full provenance chain.

The architectural pivot: verifiable provenance

v0.1.0-alpha anchored audibility on bounded determinism — architectural controls that together produced a defensible claim that identical inputs produce identical verdicts. That claim was honest but fragile: floating-point non-associativity makes bit-identical LLM outputs infeasible at scale, and regulators increasingly want to inspect reasoning, not just verify reproducibility.

v3.0.0 pivots to verifiable provenance. Every verdict now carries a signed LLMTranscript (ed25519, the runtime's own key), the model-weight hash, the KG-version hash, the prompt-template hash, the decoder seed, the structured-grammar hash, the KG citations the LLM relied on, and the Symbolic Verifier's per-assertion result. Defensibility is reconstructible — it is not contingent on bit-identical output.

What shipped in v3.0.0

  • LLM Evaluator (llm-evaluator). KG-grounded local LLM at temperature 0, structured generation (JSON grammar), signed LLMTranscript per verdict.
  • Symbolic Verifier (symbolic-verifier). Independent per-assertion cross-check against the KG. Runs on every verdict. Records AGREED / LLM_CONTRADICTION / NEURO_SYMBOLIC_DIVERGENCE / UNVERIFIABLE per assertion.
  • V3VerdictEnvelope. Sealed container: categorical verdict + signed transcript + KG citations + Symbolic Verifier result + all hash anchors + decoder seed.
  • Agreement monitor (agreement-monitor). Compares LLM verdicts with Symbolic Verifier results continuously. Reports a rolling agreement_rate (AGREED / total, default last 1000 evaluations) and is_healthy() against a 0.95 threshold — a sustained drop pages the on-call, never silently accepted.
  • v3 Knowledge Graph schema. Typed obligations (twelve types), typed edges (eight types), jurisdiction + effective-date scoping.
  • 60 runnable conformance tests. 30 provenance + 30 durability, plus 6 scaffolded sovereignty stubs.
  • RFC 0002 — Accepted and implemented. The neuro-symbolic evaluation model is now normative in spec v3.0.

Specification changelog

v3.0.2 2026-06-02 Current release

Reference implementation patch — Apache 2.0. Specification unchanged at v3.0.

  • Startup migration runner. The runtime now probes the audit ledger on startup and applies the v3 transcript-column migration in place if it is missing, so upgrades against an existing Postgres volume no longer fail at evaluation time. Idempotent.
  • New SKI_AUTOMIGRATE lever (default on). Hardened deployments can set it off to require explicit DBA-driven migrations instead.
v3.0.1 2026-06-02 Patch

Reference implementation patch — Apache 2.0. Specification unchanged at v3.0.

  • Ledger schema v3 baseline. Fixes a 500 on /api/evaluate (“column envelope_json … does not exist”) on fresh docker compose deployments; the baseline schema now declares the full v3 audit-trail column set inline.
v3.0.0 June 2026 Major release

Reference implementation — Apache 2.0. First production-target release. Spec v3.0. RFC 0002 accepted and implemented.

  • Neuro-symbolic evaluation (RFC 0002). LLM Evaluator + independent Symbolic Verifier. Both run on every verdict. Neither is optional.
  • Signed LLM transcripts. Ed25519 (runtime key). Every verdict carries the signed transcript of the LLM's full reasoning chain.
  • V3VerdictEnvelope. Categorical verdict + signed transcript + KG citations + Symbolic Verifier per-assertion result + model-weight hash + KG-version hash + prompt-template hash + decoder seed + structured-grammar hash.
  • Agreement monitor. Continuous LLM/Verifier comparison via a rolling agreement_rate (AGREED / total); is_healthy() pages the on-call below the 0.95 threshold — never silently accepted.
  • v3 Knowledge Graph schema. 12 typed obligation types, 8 typed edges, jurisdiction + effective-date scoping. kg-extractor → kg-validator → ski-model-deploy pipeline.
  • A2 axiom pivot. Bounded Determinism → Verifiable Provenance. Provenance is architecturally enforced, not behaviourally expected.
  • 60 runnable conformance tests. 30 provenance + 30 durability, plus 6 sovereignty stubs.
v3.1 In preparation Planned
  • Regulatory crosswalk appendices: NIST AI RMF 1.0 (subcategory-level), ISO/IEC 42001, SR 11-7 / OCC 2011-12, OSFI B-13 and the proposed E-23, NERC CIP-002 through CIP-014, DORA, EU AI Act (article-level), CMMC 2.0, IEC 62443 (zone/conduit level).
  • Sovereignty conformance test harness — the six scaffolded stubs become runnable.
  • RBAC on audit ledger endpoints. Implementation cost and resource model in Part D.
  • Privacy law treatment (GDPR, PIPEDA) for sectors processing personal data.
v3.2 In preparation Planned
  • Sector Knowledge Graph packaging templates — Energy, Financial Services, Defence, Manufacturing.
  • Performance benchmark suite (target sub-100ms on commodity edge hardware).
  • Multi-tenant transcript-signing key management.
v3.0.0 is the first production-target release; v3.0.2 (2026-06-02) is the current patch release. See CHANGELOG.md for the complete pre-v3 history.
Reference / About the Project
About the Project

About the Project

An open-source framework. A commercial ecosystem. The SKI Framework is published as an open-source specification under CC BY 4.0 — free for any organisation to read, implement, and adapt.

Open-core model

The complete framework — axioms, pillars, architecture, governance, and implementation guidance — is published in full on this website. It is free for any organisation to read, implement, and adapt.

The framework was developed by KpiFinity Inc., a Calgary-based AI and data consultancy founded to accelerate sovereign AI adoption in regulated industries. KpiFinity provides the commercial services that organisations need to implement SKI effectively — sector Knowledge Graphs, implementation services, and certified deployment support.

SKI follows the open-core model. The specification is the commons. The expertise and sector-specific content is the commercial layer.

Visit KpiFinity.com → ⭐ Star on GitHub
Framework Status
Spec v3.0 · Impl v3.0.2

Specification v3.0 published 2026-06-01 — neuro-symbolic pivot, verifiable provenance model, RFC 0002 accepted. Reference implementation v3.0.0 released 2026-06-01 — first production-target release; v3.0.1 / v3.0.2 (2026-06-02) close the ledger-schema bootstrap gaps from external tester feedback. Current release v3.0.2 — 60 runnable conformance tests across provenance + durability passing; 6 sovereignty stubs scaffolded for v3.1. v3.1 adds regulatory crosswalk appendices and the Sovereignty test harness.

Contribute
Issues & Corrections

Issues, corrections, and sector knowledge contributions are welcome. Open a GitHub issue or email hello@skiframework.org. Contributions affecting normative content are reviewed by the framework editors before merge.

Commercial Services
Open framework. Commercial ecosystem.

The framework specification, reference implementation, CLI tools, and conformance suite are entirely open (Apache 2.0 / CC BY 4.0). The proprietary Knowledge Graph libraries for Energy, Financial Services, Manufacturing, and Defence are developed by KpiFinity and licensed commercially. They are not in the open repository. No commercial relationship is required to deploy SKI against your own Knowledge Graphs.

KpiFinity sector KG libraries and deployment services →
Not legal, regulatory, or compliance advice. The SKI Framework is a technical and architectural specification. It does not constitute legal, regulatory, financial, or compliance advice. Organisations applying SKI to a specific regulatory obligation should consult qualified legal, regulatory, and risk counsel. Regulatory references in this document are illustrative; formal crosswalks are scheduled for v3.1.