v0.1.0-alpha Spec v2.1 stable · Reference implementation v0.1.0-alpha now available — proof-of-scaffold, not production ready. Production-track v0.2 in progress. Version history →
Open Source  ·  Apache 2.0 / CC BY 4.0  ·  v0.1.0-alpha

Deterministic, sovereign, auditable AI compliance — open framework, runnable today

SKI is a formal open-source framework — and now a runnable reference implementation — that solves the trust problem blocking AI adoption in critical infrastructure. Sovereign by default. Fully auditable. Legally defensible.

View on GitHub → Run conformance suite
0
Axioms
0
Pillars
0
Verdicts
0
Phases
Apache 2.0 / CC BY 4.0 Spec v2.1 · Impl v0.1.0-alpha Sovereign by default — Ollama runtime 8 conformance tests, runnable today
ski-runtime  ·  verdict stream ILLUSTRATIVE
CLEAR FLAG DISCRETIONARY NULL_UNMAPPED NULL_STALE
Illustrative verdict stream — sample tags and verdicts, not live operational data.
scroll
The Problem

Six reasons regulated industries won't deploy AI — and how SKI resolves each one

These are not hesitations. They are the reasons AI adoption has stalled in core compliance functions across critical infrastructure. SKI was designed from first principles to address each one.

01
Loss of Sovereignty
If our operational data flows through a third-party cloud AI, we lose control of our most sensitive asset.
SKI resolves this The inference engine runs entirely within the organisation's sovereign boundary. No operational data leaves at runtime. Air-gap capable by design.
02
Non-Determinism
AI gives different answers to the same question. That's fundamentally incompatible with audit and regulatory compliance.
SKI resolves this A hybrid architecture — deterministic Symbolic Evaluator for explicit rules, bounded SKI Model only for semantic disambiguation — combined with mandatory canary testing and hash pinning.
03
Liability Opacity
When an AI flags a compliance issue (or misses one), we can't explain the basis of the decision to a regulator.
SKI resolves this Every verdict traces to a specific Knowledge Graph node and a named policy clause in a source regulatory document. No black boxes — ever.
04
Unsafe Intervention
An AI that can control or modify operational systems introduces catastrophic risk. We cannot put AI in the loop on safety-critical infrastructure.
SKI resolves this SKI is a passive read-only observer. It monitors and reports. It has zero control path to operational systems. Primary operations continue uninterrupted if SKI goes offline.
05
Rule Drift
Regulations change. We can't guarantee the AI is evaluating against the current rules, not last year's.
SKI resolves this The Knowledge Graph is a living, versioned artefact with a governed update pipeline. Every change requires extraction, human validation, cryptographic signing, and deployment. The ledger records which graph version produced each verdict.
06
Accountability Gap
If the AI is making compliance decisions, who is accountable? The regulator will ask, and we won't have an answer.
SKI resolves this Human reviewers validate every Knowledge Graph rule before production. Human authority is preserved on all escalations. The AI augments judgement — it does not replace it.
Framework Overview

SKI at a Glance

Three governing axioms. Three structural pillars. Five categorical verdicts. One sovereign boundary. Click any element to explore the full specification.

3 Governing Axioms
A1 Proximity Inference at or near the data source. No remote endpoints. A2 Bounded Determinism Identical inputs produce identical verdicts. Architecturally enforced. A3 Passive Oversight Read-only sidecar. Zero control path to operations.
govern
3 Structural Pillars
S
Sovereignty
On-premise edge compute Air-gap capable Hardened environment No cloud dependency
K
Knowledge Maps
LLM extraction pipeline Human validation gate Cryptographic signing Version-controlled graph
I
Intelligence
Temperature-zero inference Categorical-only output Read-only sidecar Sub-100ms latency
evaluated by
Evaluation Architecture
Phase 1 — Offline
Knowledge Graph Compilation
Extract → Validate → Sign → Package
Outside sovereign boundary
one-way
transfer
Phase 2 — Runtime
On-Premise Evaluation
Listen → Tag → Evaluate → Log
Inside sovereign boundary
Track 1 Symbolic Evaluator — explicit predicates, pure determinism Track 2 SKI Model — semantic disambiguation, architecturally bounded
produces
5 Verdict Types
CLEAR All rules pass — logged silently FLAG Rule breached — operational owner alerted NULL_UNMAPPED No graph node — KG coverage gap NULL_STALE Silent sensor — infrastructure failure DISCRETIONARY Ambiguous language — human reviewer
Spec A4 — Core Axioms

The foundational constraints that make SKI legally defensible

The three axioms are non-negotiable architectural constraints. A deployment that violates any axiom is not an SKI deployment — it is an ordinary AI system with no special compliance properties.

1
A1 — Proximity
Intelligence evaluation shall occur at or near the monitored data source
The inference engine runs on a dedicated on-premise edge node co-located with the operational historian or SCADA system. Round-trip latency to any remote inference endpoint is not permitted. The edge node communicates only with local data buses — not with any external network at runtime.
Physical proximity eliminates latency, enforces data sovereignty, and makes remote data exfiltration architecturally impossible — not just policy-prohibited. An external auditor can verify compliance by physically inspecting the network topology; no policy document is required.
2
A2 — Bounded Determinism
Within a valid signed Knowledge Graph, identical inputs produce identical verdicts
This is achieved through architectural constraints — temperature-zero inference, greedy decoding, structured output enforcement, and a hybrid evaluation architecture — combined with continuous verification via determinism canary testing. The determinism guarantee is bounded by the Knowledge Graph scope: rules not covered by the graph produce NULL_UNMAPPED, never a speculative verdict.
An audit revealing different verdicts for identical operational conditions would immediately invalidate the compliance record. Bounded determinism is the guarantee that makes SKI verdicts legally defensible. It cannot be achieved by a conventional LLM operating without architectural constraints.
3
A3 — Passive Oversight
The SKI evaluation layer shall not sit in-line with primary operational systems
SKI operates as a read-only sidecar, consuming telemetry from data buses without the primary operational system being aware of its presence. If the SKI engine fails, is taken offline for maintenance, or is deliberately isolated, primary operations continue without any interruption. SKI has no write path, no control path, and no alert path that can interrupt primary operations.
Monitoring systems that become operational dependencies introduce unacceptable risk in safety-critical environments. Passive oversight preserves all existing safety margins while adding a compliance intelligence layer. No safety case or risk assessment needs to account for SKI failure modes affecting operations.
Spec A5 — The Three Pillars

The structural pillars that define every compliant SKI deployment

Each pillar translates one or more axioms into concrete implementation requirements. Meeting the axioms without meeting the pillar requirements is insufficient — the pillars define what "compliance" means in practice.

S
Pillar S · Spec A5
Sovereignty
The asset owner retains full control over inference logic, operational data, and all update pathways. The SKI engine is physically and logically inseparable from the asset owner's infrastructure. No inference, data transfer, or model update path exists that does not require explicit, physically verified action by the organisation. The sovereign boundary is not a network policy — it is an architectural constraint enforced by physical separation.
Implementation requirements
On-premise edge compute node Hardened operating environment Air-gap capability One-way Knowledge Graph transfer mechanism No outbound runtime network path Physical access log for all sovereign boundary crossings
K
Pillar K · Spec A5 / B2
Knowledge Maps
All compliance evaluation is performed against a verifiable, auditable Knowledge Graph. The SKI Model does not generate regulatory judgements from its own training data — it traverses a pre-defined, human-validated graph of policy relationships. Every verdict is traceable to a specific graph node and a named policy clause in a source regulatory document. The Knowledge Graph is the complete, explicit, human-approved encoding of the compliance rules in scope.
Implementation requirements
LLM extraction pipeline Human validation gate (Domain Expert) Cryptographic signing (Knowledge Graph Owner) Version control with immutable history Differential update protocol Source document traceability per rule
I
Pillar I · Spec A5 / B3
Intelligence
The SKI Model serves as a tightly constrained, read-only inference engine operating against the signed Knowledge Graph. It produces only categorical verdicts — no confidence scores, no probabilistic ranges, no free-form text. The model cannot reason outside the Knowledge Graph, cannot be queried interactively, and cannot modify operational systems. Every verdict is mathematically reproducible given the same input, Knowledge Graph version, and model checkpoint — this is architecturally enforced, not behaviourally expected.
Implementation requirements
Temperature-zero inference Greedy decoding only Categorical-only structured output schema Model checkpoint hash pinning Read-only sidecar pattern Sub-100ms evaluation latency target Continuous determinism canary verification Heartbeat monitoring with failure alerting
Spec A6 — Verdict Taxonomy

Five categorical verdicts. No scores. No ambiguity.

Every evaluation produces exactly one of these five verdicts. The verdict taxonomy is closed — there is no mechanism for the system to produce a verdict outside this set, emit a confidence score, or return a free-form response.

CLEAR
→ Audit ledger (silent)
All applicable Knowledge Graph rules have been evaluated against the incoming telemetry. No compliance issue has been detected. The verdict is logged to the immutable audit ledger with a timestamp, the Knowledge Graph version hash, and the evaluated rule set.
CLEAR verdicts are silent — no notification is sent to any operational owner. They form the continuous audit evidence that the system is operating within compliance boundaries.
FLAG
→ Designated operational owner (urgent)
A compliance rule encoded in the Knowledge Graph has been breached by the incoming telemetry. The verdict includes the specific graph node, the policy clause it encodes, the operational tag that triggered it, and the evaluated value. The designated operational owner is notified immediately.
FLAG verdicts carry the full traceability chain — from telemetry value through tag registry through graph node through source document. This chain is what makes the verdict defensible in a regulatory examination.
NULL_UNMAPPED
→ Knowledge Graph Owner (coverage gap)
Telemetry has been received from a recognised operational tag, but no Knowledge Graph node exists that covers the compliance evaluation of this tag. This is a Knowledge Graph coverage gap — the system is receiving data it has no rules to evaluate. The Knowledge Graph Owner is alerted to expand the graph.
NULL_UNMAPPED is not an error — it is a signal. It means the system is seeing something real that the Knowledge Graph has not yet been extended to cover. The appropriate response is a Knowledge Graph update cycle, not an infrastructure investigation.
NULL_STALE
→ Operations team (infrastructure failure)
An expected telemetry stream — one that the Knowledge Graph has rules to evaluate and the Tag Registry is configured to receive — has gone silent. No data has arrived within the configured staleness window. This indicates a sensor failure, a pipeline interruption, or a network connectivity issue. Operations are alerted immediately.
NULL_STALE and NULL_UNMAPPED route to different owners and require different remediation. Conflating them leads to incorrect prioritisation — a NULL_STALE requires an infrastructure investigation, not a Knowledge Graph update.
DISCRETIONARY
→ Qualified human reviewer
The applicable Knowledge Graph rule has been evaluated, but the regulatory language encoded in the rule is genuinely ambiguous in context. The SKI Model has determined that the situation falls within the rule's scope, but that a categorical CLEAR or FLAG verdict cannot be issued without human interpretation. The verdict and full context are routed to a qualified reviewer.
DISCRETIONARY is produced only by Track 2 (SKI Model) evaluations — Track 1 (Symbolic Evaluator) cannot produce it by design. A high rate of DISCRETIONARY verdicts for a specific rule is a signal that the rule should be restructured in the Knowledge Graph to reduce ambiguity.
Spec Part B — Technical Architecture

Two phases. Two tracks. One sovereign boundary crossing.

The probabilistic work of policy interpretation happens once, offline. The deterministic work of runtime evaluation happens continuously, inside your sovereign boundary. Every component is designed so that its failure mode is safe.

Spec B3 — Two-Track Evaluation

Every Knowledge Graph rule is assigned at compile time to one of two evaluation tracks. Track routing is a governance decision, not a runtime inference — it is declared in the Knowledge Graph, reviewed during validation, and signed as part of the artefact.

Track 1 Symbolic Evaluator
Invoked when
Rule is expressed as an explicit predicate — threshold, enumeration, boolean comparison, or duration check. Designated Track 1 in the Knowledge Graph at compile time.
Determinism guarantee
Pure function. Identical inputs always produce identical outputs by mathematical construction — no enforcement mechanism required.
Verdicts produced
CLEAR · FLAG · NULL_UNMAPPED · NULL_STALE
Cannot produce DISCRETIONARY — by design.
Typical rules
Sensor threshold breaches, status flag checks, count / duration comparisons, permit condition matching, enumerated state checks.
vs
Track 2 SKI Model
Invoked when
Rule requires natural-language reasoning or contextual interpretation that cannot be expressed as an explicit predicate. Designated Track 2 in the Knowledge Graph at compile time.
Determinism guarantee
Architecturally enforced: temperature zero, greedy decoding, structured output schema, model hash pinning, runtime checkpoint verification, continuous canary testing.
Verdicts produced
CLEAR · FLAG · NULL_UNMAPPED · NULL_STALE · DISCRETIONARY
Typical rules
Interpretive regulatory language, conditional multi-clause obligations, contextual severity assessments, ambiguous regulatory definitions.
Track routing is a compile-time governance decision. A rule misclassified as Track 1 when it requires reasoning will silently produce incorrect verdicts — the human validation gate is the control point that prevents this. Reclassifying a rule from Track 1 to Track 2 requires a full Knowledge Graph update cycle.
Spec B1 — Two-Phase Pipeline

The pipeline separates the probabilistic work (LLM extraction, offline) from the deterministic work (runtime evaluation, on-premise). Once the signed Knowledge Graph crosses the sovereign boundary, no further probabilistic processing occurs inside it.

Phase 1
Offline Compilation
Outside sovereign boundary
01
Source documents. Regulatory texts, permits, and policy documents are ingested by the extraction pipeline.
02
LLM extraction. A large language model converts natural-language policy into structured Subject-Relation-Object rules with Track assignments.
03
Human validation gate. A qualified Domain Expert reviews every extracted rule against the source document. No rule enters the graph without sign-off.
04
Cryptographic signing. The Knowledge Graph Owner signs the completed graph. The signature is the organisation's attestation that the graph has been reviewed and approved.
One-way transfer
No data leaves
Phase 2
On-Premise Runtime
Inside sovereign boundary — no outbound network
05
Read-only sidecar. A passive listener connects to existing operational data buses (MQTT, Kafka, OPC-UA, or equivalent) without modifying them or alerting the primary system.
06
Tag Registry. Raw operational tags are resolved to Knowledge Graph entities before reaching the evaluation engine — no runtime inference of tag identity.
07
Hybrid evaluation. Track 1 (Symbolic Evaluator) handles explicit rules deterministically. Track 2 (SKI Model) handles semantic disambiguation only.
08
Immutable audit ledger. Every verdict is written to an append-only, hash-chained local ledger with the Knowledge Graph version hash. No verdict is ever deleted or modified.
Spec Part D — Governance & Conformance

Human authority at every decision point

SKI is not autonomous. The governance model ensures that human judgement — not AI inference — has final authority over every rule, every verdict pathway, and every Knowledge Graph update. Every accountable decision traces to a named individual.

D1.1 · Role 1
Knowledge Graph Owner
  • Cryptographically signs every approved Knowledge Graph version — the signature is the organisation's attestation that the graph has been reviewed and approved
  • Authorises the update pipeline to proceed to production deployment
  • Reviews and approves all changes to the sovereign boundary perimeter specification
  • Named in every audit verdict as the signing authority at time of evaluation
D1.1 · Role 2
Domain Expert
  • Reviews every LLM-extracted rule against the original regulatory source document before it enters the Knowledge Graph
  • Validates Track 1 vs Track 2 routing assignments for each rule — misclassification is a silent correctness failure
  • Approves or rejects rule candidates — no rule enters the graph without human sign-off
  • Documents the basis for any DISCRETIONARY routing decisions
D1.1 · Role 3
Operational Owner
  • Designated recipient of FLAG verdicts — initiates remediation within defined response SLAs
  • Investigates NULL_STALE alerts (sensor or pipeline failures) and coordinates infrastructure response
  • Documents all remediation actions with timestamps in the audit record — documentation is additive only, the ledger is never modified
  • Responsible for confirming the Tag Registry mapping is accurate for their operational domain
D1.1 · Role 4
Compliance Reviewer
  • Reviews DISCRETIONARY verdicts where regulatory language is genuinely ambiguous
  • Documents the interpretation rationale and the regulatory basis for the human decision
  • May escalate to the Knowledge Graph Owner to add an explicit rule resolving the ambiguity for future evaluations
  • All decisions are logged alongside the verdict in the immutable audit ledger with the reviewer's identity
D4 — Knowledge Graph Update Protocol

Every change to the Knowledge Graph — however minor — follows this governed sequence without exception. Emergency security patches to the runtime environment are permitted but require a post-patch determinism canary re-run before evaluation resumes.

1
Regulatory change identified — formal update cycle triggered
2
LLM extraction of new or changed rules from source documents
3
Domain Expert validation gate — rule-by-rule review against source
4
Knowledge Graph Owner signs new version with updated hash
5
One-way transfer into sovereign boundary — no reverse path
6
Audit ledger records the graph version transition with timestamp
Every verdict in the audit ledger records the exact Knowledge Graph version hash that produced it. A regulatory audit can reconstruct the precise rule set active at any point in time — including the name of the Domain Expert and Knowledge Graph Owner who approved it.
Spec Part D — Conformance

Three levels. Level 1 runnable today against any implementation.

The SKI conformance model defines three maturity levels. Any implementation — including third-party implementations — can self-verify Level 1 using the open test suite. Higher levels add governance controls and third-party audit requirements.

Level 1 · Foundational
Runnable today
L1 — Foundational

The minimum bar for any SKI-conformant deployment. Eight runnable tests verify the core architectural properties: sovereign boundary, determinism enforcement, five-verdict taxonomy, Tag Registry governance, Knowledge Graph signature verification, and the append-only audit ledger.

pytest conformance/ -m level1 -v
  • All three axioms architecturally enforced
  • Five-verdict taxonomy (CLEAR, FLAG, NULL_UNMAPPED, NULL_STALE, DISCRETIONARY)
  • Knowledge Graph Ed25519 signature verified on load
  • Append-only audit ledger with entry-hash chaining
  • Tag Registry compile-time; no runtime tag inference
  • Determinism canary passing on golden records
Full L1 test specification →
Level 2 · Managed
In progress — target v0.2
L2 — Managed

L1 plus formal governance controls: a documented Knowledge Graph update protocol, a Coverage Register mapping every rule to a source clause, and a Residual Risk Register for all in-scope obligations not yet covered by the graph.

  • All L1 requirements
  • Documented KG update protocol with named role assignments
  • Coverage Register — every rule linked to source clause
  • Residual Risk Register — coverage gaps documented and accepted
  • Named Domain Expert and Knowledge Graph Owner for all deployed rules
L2 test suite in development. Target release: v0.2.
Level 3 · Assured
Planned
L3 — Assured

L2 plus independent third-party audit. KpiFinity offers a paid L3 Assured certification for organisations requiring auditor-attested conformance claims — for example, to satisfy a regulatory examination or contractual obligation.

  • All L2 requirements
  • Third-party audit by a qualified assessor
  • Signed attestation letter on KpiFinity letterhead
  • Suitable for regulatory examination and contractual compliance evidence
Enquire about L3 audit certification →
Conformance levels are defined in docs/CONFORMANCE.md. An implementation claiming SKI conformance should specify the level achieved and, for L1, publish the test output. All conformance claims must be supported by a current Residual Risk Register as defined in Spec Part D.
Spec Part C — Implementation

From regulatory text to live compliance monitoring in five structured phases

v0.1.0-alpha — Runnable today

Get started with the reference implementation

The SKI reference implementation runs entirely on-premise using Ollama. No cloud API key required. Clone the repo, install prerequisites, and run the conformance suite in minutes.

1
Clone & install
git clone https://github.com/kpifinity/ski-framework.git
cd ski-framework
pip install -e ".[dev]"
2
Start the sovereign runtime (Ollama)
ollama pull mistral
docker compose up -d
Ollama is the conformant sovereign backend. An Anthropic backend is included as a non-conformant demo mode only — it requires a cloud API key and violates the Proximity axiom.
3
Run the conformance suite
pytest conformance/ -m level1 -v
Eight Level 1 conformance tests, each citing the spec section it validates. All must pass on a conformant deployment.
View repository → v0.1.0-alpha release notes
Alpha status. v0.1.0-alpha is proof-of-scaffold — architecture and conformance tests are stable, but this is not production-ready software. Production-track development targets v0.2. See CHANGELOG.md for the full roadmap.
01
Assess & Scope
Map the regulatory landscape to your operational environment. Identify which regulations apply, which systems produce the relevant telemetry, and define the sovereign boundary perimeter. This phase produces the scope document that all subsequent phases are bounded by.
Output: Scope document · Regulatory inventory · Sovereign boundary specification
02
Extract & Structure
Run the LLM extraction pipeline over source regulatory documents. Convert natural-language policy obligations into structured Subject-Relation-Object rules. Assign each rule to Track 1 or Track 2 and map each to an operational tag in the Tag Registry.
Output: Draft Knowledge Graph · Track assignments · Coverage map · Tag Registry draft
03
Validate & Sign
Every extracted rule is reviewed by a qualified Domain Expert against the source regulatory document. Rules that pass validation are compiled into the signed Knowledge Graph artefact. The Knowledge Graph Owner's cryptographic signature is the organisation's legal attestation of review and approval.
Output: Signed Knowledge Graph v1.0 · Validation report · Signed artefact hash · Owner attestation record
04
Deploy On-Premise
Install the SKI edge node within your sovereign boundary. Connect the read-only sidecar to existing data buses (MQTT, Kafka, OPC-UA). Configure the Tag Registry to resolve operational tags to Knowledge Graph entities. Verify the network topology to confirm no outbound runtime paths exist.
Output: Live edge node · Connected data streams · Operational tag registry · Network topology verification
05
Monitor & Govern
Continuous compliance intelligence from day one. Manage Knowledge Graph updates through the governed update pipeline as regulations change. Every new version is validated, signed, and logged — maintaining a complete regulatory provenance chain that can survive a full regulatory audit.
Output: Continuous compliance stream · Immutable audit ledger · Regulatory provenance chain · Update cycle records
Sector Applications

Built for industries where compliance failures cost lives, licences, or billions

SKI was architected for environments where regulators audit every decision, data sovereignty is non-negotiable, and system failure is not an option.

01
Oil & Gas
Applicable regulatory contexts
Provincial energy regulators · Environmental protection statutes · Operational safety codes
Continuous wellhead pressure, flow rate, and emissions monitoring against permit conditions. Detection of threshold breaches before reporting deadlines. SCADA integration via read-only OPC-UA sidecar.
SCADA integrationAir-gap capableWellhead monitoring
02
Financial Services
Applicable regulatory contexts
Model risk supervisory guidance · Operational resilience regimes · Conduct and reporting obligations
Model risk governance and trading compliance monitoring with full audit trail. Every algorithmic decision traced to a named policy clause for regulatory examination. No cloud exposure for sensitive position data.
Model governanceRegulatory reportingTrade surveillance
03
Defence
Applicable regulatory contexts
Controlled-information regimes · Defence cybersecurity maturity frameworks · Classified handling controls
Classification handling compliance and information access monitoring in air-gapped environments. Cryptographic integrity verification on every compliance verdict with zero external network dependency. Full audit trail for security reviews.
Air-gapped deploymentClassification controlsZero cloud
04
Energy & Utilities
Applicable regulatory contexts
Bulk electric system reliability standards · Industrial control system security frameworks · Energy regulator directives
Grid operations compliance monitoring with sub-100ms target verdict latency on dedicated edge hardware. Reliability standards enforcement across distributed substations with on-premise edge nodes per site. No central aggregation of sensitive operational data.
Grid operationsEdge deploymentDistributed sites
05
Mining & Resources
Applicable regulatory contexts
Environmental protection statutes · Tailings management standards · Worker safety regulations
Environmental monitoring compliance for tailings, water treatment, and air quality against permit conditions. Continuous tracking of reportable events with tamper-evident ledger available directly to regulators.
Environmental monitoringTailings complianceAudit ledger
06
Critical Manufacturing
Applicable regulatory contexts
Electronic records and signature regulations · Quality management standards · Good manufacturing practice
Manufacturing process compliance and deviation detection in pharmaceutical and medical device production. Complete electronic records with validated audit trails. Passive monitoring with zero impact on batch processes.
Process deviationElectronic recordsGMP compliance
The contexts above describe sectors where SKI's architecture applies. Detailed regulatory crosswalks — mapping specific framework controls to specific regulatory requirements (NIST AI RMF, ISO/IEC 42001, SR 11-7, OSFI B-13, NERC CIP, IEC 62443, DORA, EU AI Act, CMMC, and others) — are scheduled for v2.2. Until those crosswalks are published, organisations should treat sector references as architectural fit, not as formal regulatory alignment.
How SKI Compares

Not another GRC tool. Not another cloud AI.

SKI occupies a category that didn't exist before — deterministic, sovereign, real-time compliance intelligence that can survive a full regulatory audit.

Capability SKI Framework Cloud AI APIs Traditional GRC Tools
Deterministic verdictsBounded, canary-verifiedProbabilisticRules only
Data sovereigntyOn-premise by designCloud-requiredVaries by product
Air-gap capableArchitectural requirementNot supportedSome products
Real-time monitoringSub-100ms target, validated per deploymentVariable latencyPeriodic / batch
Full audit trailImmutable hash-chained ledgerPartial logsUsually present
Semantic reasoningBounded — Track 2 onlyUnboundedRule-only
Verdict traceabilityTo named policy clauseOpaqueTo internal rule
Open specificationCC BY 4.0ProprietaryProprietary
SKI does not claim that the underlying SKI Model is bit-deterministic by nature — floating-point non-associativity and hardware state can perturb model outputs at the margin. The framework specifies a combination of architectural controls (hybrid symbolic + bounded model, output schema enforcement, model hash pinning) and continuous verification (a determinism canary running against a fixed set of golden records) that together produce a defensible, auditable determinism claim. See B3.4 in the specification for the full set of controls.
Release Announcement · May 2026

v0.1.0-alpha: The SKI Framework reference implementation is now runnable

Published May 2026  ·  KpiFinity Inc.  ·  v0.1.0-alpha release on GitHub ↗

The SKI Framework has always published its architecture openly. Today, for the first time, there is a codebase that implements it.

v0.1.0-alpha is not production software. It is a proof-of-scaffold: the full architecture is present and testable, but production hardening is in progress for v0.2. Calling it what it is. In a market littered with "enterprise-ready" AI products that regulated organisations cannot actually deploy, that honesty is itself a credibility signal.

What shipped

The reference implementation covers the complete SKI runtime path. The Symbolic Evaluator (Track 1) handles explicit predicate evaluation — thresholds, enumerations, boolean comparisons, duration checks — with pure mathematical determinism. The SKI Model wrapper (Track 2) provides bounded semantic disambiguation at temperature zero with seeded decoding, a structured output schema, model hash pinning, and a continuous determinism canary. The Tag Registry enforces compile-time subject-to-rule mapping; runtime tag inference is architecturally prohibited. Knowledge Graph signature verification uses Ed25519. The audit ledger is append-only, enforced at the PostgreSQL trigger layer, not application logic.

The single most important change from any prior demo is sovereignty: the default configuration makes no outbound cloud API calls at runtime. None. An Anthropic backend is retained in the codebase as a clearly-labelled non-conformant demo mode — off by default. Using it violates the Proximity axiom (A1). The default is Ollama, running entirely on your infrastructure.

What's structurally new

  • Sovereign by default. Ollama-backed local LLM. No API keys. No cloud dependency at runtime.
  • Symbolic Evaluator (Track 1). Pure determinism by mathematical construction — no enforcement mechanism required for explicit predicates.
  • SKI Model wrapper (Track 2). Temperature-zero, seeded decoding, structured output, model hash pinning, continuous canary against golden records.
  • Tag Registry. Compile-time mapping only. Runtime tag inference is architecturally prohibited in v2.1.
  • Five-verdict taxonomy. NULL split into NULL_UNMAPPED (no KG rule for this subject) and NULL_STALE (freshness predicate failed) — each routes to a different owner for remediation.
  • Conformance test suite. Eight Level 1 tests, each citing the spec section it validates. Run pytest conformance/ -m level1 to verify any SKI implementation at L1.
  • Audit-grade production hygiene. CI with pytest, ruff, mypy, bandit, pip-audit, CodeQL, CycloneDX SBOM, Trivy container scan. TLS on by default. No default passwords. Signed commits.

What's next

v0.2 production track: full security audit, RBAC on audit ledger endpoints, performance benchmark suite (target sub-100ms on commodity edge hardware), Level 2 conformance tests, and sector Knowledge Graph packaging templates.

Spec v2.2: regulatory crosswalk appendices for NIST AI RMF, ISO/IEC 42001, SR 11-7, OSFI B-13, NERC CIP, DORA, EU AI Act, and CMMC. These are not in the open repository yet.

The proprietary Knowledge Graph libraries for Energy, Financial Services, Manufacturing, and Defence are available through KpiFinity and are not part of the open-source release.

Run the reference implementation → Production deployment via KpiFinity
About the Project

An open-source framework. A commercial ecosystem.

The SKI Framework is published as an open-source specification under CC BY 4.0. The complete framework — axioms, pillars, architecture, governance, and implementation guidance — is published in full on this website. It is free for any organisation to read, implement, and adapt.

The framework was developed by KpiFinity Inc., a Calgary-based AI and data consultancy founded to accelerate sovereign AI adoption in regulated industries. KpiFinity provides the commercial services that organisations need to implement SKI effectively — sector Knowledge Graphs, implementation services, and certified deployment support.

SKI follows the open-core model. The specification is the commons. The expertise and sector-specific content is the commercial layer.

Visit KpiFinity.com → ⭐ Star on GitHub
Framework Status
Spec v2.1 · Impl v0.1.0-alpha

Specification v2.1 published May 2026 — architecture stable. Reference implementation v0.1.0-alpha released May 2026 — proof-of-scaffold, not production ready. v0.2 is the production-track target. v2.2 will add regulatory crosswalk appendices.

Contribute
Issues & Corrections

Issues, corrections, and sector knowledge contributions are welcome. Open a GitHub issue or email hello@skiframework.org. Contributions affecting normative content are reviewed by the framework editors before merge.

Commercial Services
Open framework. Commercial ecosystem.

The framework specification, reference implementation, CLI tools, and conformance suite are entirely open (Apache 2.0 / CC BY 4.0). The proprietary Knowledge Graph libraries for Energy, Financial Services, Manufacturing, and Defence are developed by KpiFinity and licensed commercially. They are not in the open repository. No commercial relationship is required to deploy SKI against your own Knowledge Graphs.

KpiFinity sector KG libraries and deployment services →
Version History

Specification changelog

Every published version of the SKI Framework, with normative changes documented. Audit-grade documents require version provenance — this section is part of the framework, not a separate artefact.

v0.1.0-alpha May 2026 Latest release

Reference implementation — Apache 2.0. First runnable release of the SKI Framework. Proof-of-scaffold; not production ready.

  • Sovereign by default. Runs entirely on-premise via Ollama. No cloud API key required at runtime. Anthropic backend retained as clearly-labelled non-conformant demo mode.
  • Symbolic Evaluator (Track 1). Deterministic predicate evaluation — threshold, enumeration, boolean, duration checks. Pure function; no enforcement mechanism required.
  • SKI Model wrapper (Track 2). Local LLM at temperature 0, seeded decoding, structured output schema, runtime checkpoint verification, continuous determinism canary.
  • Tag Registry. Governed compile-time subject-to-rule mapping. Runtime tag inference is architecturally prohibited.
  • Knowledge Graph signature verification. Ed25519 signature validation on every KG load.
  • Append-only audit ledger. Enforced at the database layer via PostgreSQL triggers; pg_dump backups via the audit-ledger tool; real entry-hash recomputation in verify_integrity().
  • Five-verdict taxonomy (v2.1). CLEAR, FLAG, NULL_UNMAPPED, NULL_STALE, DISCRETIONARY. NULL_UNMAPPED (no rule mapped) and NULL_STALE (freshness predicate failed) are now distinct verdicts.
  • Conformance test suite. 8 Level 1 tests, each citing the spec section it validates. Run: pytest conformance/ -m level1.
  • Production hygiene. CI (pytest, ruff, mypy, bandit, pip-audit), CodeQL, CycloneDX SBOM, Trivy container scan, TLS on by default, no default passwords, signed commits, CODEOWNERS.
v2.2 In preparation Planned
  • Regulatory crosswalk appendices: NIST AI RMF 1.0 (subcategory-level), ISO/IEC 42001, SR 11-7 / OCC 2011-12, OSFI B-13 and the proposed E-23, NERC CIP-002 through CIP-014, DORA, EU AI Act (article-level), CMMC 2.0, IEC 62443 (zone/conduit level).
  • Implementation cost and resource model in Part D.
  • Editorial sweep: align verdict count and component definitions; formal Track 1 / Track 2 routing specification; Symbolic Evaluator integrity controls (B3.5).
  • Privacy law treatment (GDPR, PIPEDA) for sectors processing personal data.
v2.1 May 2026 Current
  • Determinism Enforcement Controls (B3.4) — model file hash pinning, runtime environment pinning, hardware baseline documentation, continuous determinism canary, and session integrity log. Replaces the prior assumption that temperature-zero decoding alone delivers determinism.
  • Hybrid runtime — Symbolic Evaluator (Track 1) for explicit predicates, SKI Model (Track 2) for semantic disambiguation only. Track assignment is a compile-time governance decision recorded in the Knowledge Graph.
  • Tag Registry (B4.3) — mandatory mapping of operational tags to Knowledge Graph entities, governed under Knowledge Graph change control. Eliminates runtime tag inference.
  • Stateful Evaluation (B4.4) — evaluation window buffers and time-window predicates for obligations expressed over intervals.
  • Verdict split — NULL_UNMAPPED (coverage gap, alerts Knowledge Graph Owner) and NULL_STALE (sensor or pipeline failure, alerts operations).
  • MCP softened — recommended integration standard with alternatives permitted.
  • Latency claim — replaced fixed sub-50ms target with deployment-validated envelope; typical sub-100ms.
  • Configuration immutability — emergency security patches permitted with mandatory post-patch determinism canary re-run.
  • Rename: MiLM → SKI Model.
v2.0 May 2026 Superseded
  • Initial public-readable framework: Five Fears framing, Three Axioms, Three Pillars, four verdicts, two-phase pipeline, Coverage Register and Residual Risk Register, conformance maturity levels (L1 Foundational, L2 Managed, L3 Assured).
Older internal revisions are not published. The v2.0 specification was the first version released for external review; v2.1 incorporates feedback received during that review.
Licensing

Dual-licensed: Apache 2.0 for software, CC BY 4.0 for the specification

Creative Commons explicitly recommends against using CC licences for software — they provide no patent grant and make no distinction between source and object forms. The SKI Framework uses the right licence for each artefact type.

Apache 2.0
Software — reference implementation, CLI tools, conformance suite, all code in the repository

Apache 2.0 includes an explicit patent grant, essential for enterprise software procurement. It clearly distinguishes source and object forms. It is the industry-standard licence for open-source compliance infrastructure deployed in regulated environments.

CC licences were designed for creative works. Applying them to software creates legal ambiguity that procurement and legal teams in regulated industries cannot accept. Apache 2.0 removes that ambiguity entirely.

Full Apache 2.0 licence text →
CC BY 4.0
Specification — framework documents, architecture, governance model, this website

The SKI Framework specification — the axioms, pillars, architecture, governance model, and all normative specification text — is published under Creative Commons Attribution 4.0 International. Any organisation may read, implement, adapt, and distribute the specification freely with attribution.

Attribution required: KpiFinity Inc. and skiframework.org. Use the canonical citation below.

CC BY 4.0 licence text →
The open / proprietary boundary

The framework specification, reference implementation, CLI tools, and conformance suite are entirely open under the above licences. The proprietary Knowledge Graph libraries for Energy, Financial Services, Manufacturing, and Defence are developed by KpiFinity Inc. and are not in the open repository. No commercial relationship is required to read, implement, or deploy SKI using your own Knowledge Graphs.

Security

Audit-grade hardening defaults

The reference implementation ships with security-conservative defaults designed for regulated environments. No default passwords. TLS on by default. Secrets generated at first run with a cryptographically secure RNG. The audit ledger is append-only at the database layer — not application logic.

Runtime hardening defaults
  • TLS enabled by default on all endpoints
  • Strong random secrets generated at first run — never committed to source control
  • No default passwords in any configuration file
  • Audit ledger append-only enforced via PostgreSQL triggers at the DB layer
  • Real pg_dump backups via the audit-ledger CLI tool
  • Real entry-hash recomputation in verify_integrity()
  • Knowledge Graph Ed25519 signature verified on every load
Full hardening defaults documentation →
CI security pipeline
  • Static analysis: ruff, mypy, bandit on every commit
  • Dependency vulnerability audit: pip-audit on every PR
  • CodeQL semantic analysis on push and PR
  • CycloneDX SBOM generated on every release
  • Trivy container image scan
  • Dependabot configured for automated dependency updates
  • Signed commits; CODEOWNERS and branch protection guidance in repository
Vulnerability disclosure

Do not report security vulnerabilities via public GitHub issues. Follow the responsible disclosure process documented in SECURITY.md.

SECURITY.md — vulnerability disclosure policy →
v0.1.0-alpha is not production software. Security findings are welcome and will be addressed in the v0.2 hardening cycle.