Bounded Systems · Trust Center

Trust you can verify, not trust you take on faith.

Most trust centers point at an auditor's attestation — "a third party checked our process once." Bounded Systems is built the other way around. Its security properties are mechanisms in the code: capability seams, policy tables that fail closed, content-addressed provenance. You don't trust a badge — you grep the claim and watch the test fail if it breaks.

This is the public projection of our internal claims-calibration instrument. Every claim is graded against running code, and the gaps are listed next to the wins — because a ledger that only shows wins is marketing, not a ledger.

How claims are graded

• ✅ Enforced Checked on a live path, default-on, fails the build/run if broken.
• 🟡 Partial A real check exists but narrower than the prose — opt-in, one layer, or pure-function only.
• 🔴 Gap Intended but no live enforcement yet; tracked as open work.
• 📐 Design-only Specced or scaffolded; not yet a working mechanism.

One rule we hold ourselves to: kinship, not badges. We say "in-toto–style" and "SLSA-style," and never print a level until the exact formats are emitted and the exact levels met.

Read the ledger

📋 Full claims ledger → 🔒 Report a vulnerability → ⌥ Source on GitHub →

The Markdown in the repo is the canonical, version-controlled source of record. This page is a doorway; the ledger is the document.

Verify it yourself

Every Enforced row is a grep away. For example:

# Policy fails closed: unknown key → false, never a permissive fallthrough
grep -n 'allowList ? allowList.includes' policy/src/index.ts

# All published packages opt into npm build provenance
grep -rlE '"provenance":[[:space:]]*true' --include=package.json . | grep -v node_modules | wc -l

# Capability seams are test-enforced, not merely documented
find . -name extractability.test.ts -not -path '*/node_modules/*'