Phase 7S: Unified Enterprise Operating Layer

Enterprise Workspace

Single deterministic snapshot of the entire 18-subsystem governance fabric. Unified readiness token, 6 audience bundles, deployment topology, workspace hash.

Posture READY 94 / 100

workspace_hash a3f2c1e0b9d7a5413c8b2f0e1d6a7c4b8e9f2a1d0c3b5e7f9a2b4c6d8e0f3a5 workspace_id: a3f2c1e0b9d7a541 · schema_version: 1 · subsystem_count: 18

token_id c4d8e0f3a5b7c9d1

token_hash c4d8e0f3a5b7c9d1e3f5a7b9c1d3e5f7…

posture READY

readiness_tier full

readiness_score 1.0

signature (Ed25519) Ed25519:TxB3fK8mZqN2pL7cYvW1dRs9uX4oJ6eA0hC5gM…

is_advisory_only true

authoritative_for_wiw false

Readiness Tiers

full all 18 subsystems present

partial 4 core + ≥ 10 total

minimal all 4 core present

none not all core present

Core subsystems: signing, aggregate_vault, policy_registry, control_plane.

Signing

If an Ed25519 key is available, the token_hash is signed with sign_detached(). Without a key, signature is "" : the token remains verifiable via token_hash alone.

Generate key: vai signing keygen

sovereign primary

Primary topology is the most specific match. Secondary topologies are all other matching conditions. sovereign requires: signing + evidence_packs + governance_proofs + all core.

9 Topology Classes

sovereignsigning + evidence + proofs + core

design_partnerproofs + core + ≥6 optional

regulator_reviewevidence_packs + reports

federatedfederation_graph + fleet

soc_monitoredsiem + workflow_journal

airgapsigning present + siem absent

enterprisecore + ≥5 optional

ci_gatedeployment + governance_engine

standalonealways (fallback)

Day 1

Hooks wired, receipts flowing

Install, wire three Claude Code hooks, run one audit. Every subsequent Edit and Bash command produces a receipt. Session proof_id sealed at end of first session.

pip install verifaier
bash install_claude_hooks.sh
vai readiness check
Posture: PARTIAL → target STANDARD

Day 7

CI gate live, escalations routing

CI governance gate blocks merges above policy threshold. Escalation queue assigned to reviewers. SIEM export piped to existing log infrastructure. Memory Receipts sealing cross-session evidence.

vai ci gate HEAD~1 --profile enterprise
vai escalation list --status pending
Posture: STANDARD → target ENTERPRISE

Day 30

Full enterprise posture verified

All 18 subsystems present. Workspace hash generated and shared with governance board. Executive bundle exported for first board-level review. Regulator bundle available on request.

vai enterprise workspace-status
vai enterprise export-bundle --bundle-type executive_bundle
Posture: ENTERPRISE · 18/18 subsystems

Enterprise Pilots · Regulated Deployments · Design Partners

Deploy Enterprise Governance

Full enterprise workspace, readiness token, and bundle exports: local-first, air-gap capable. authoritative_for_wiw=false · advisory only.

contact@verifaier.io

Check Readiness → About VerifAIer

# Initialize and inspect

vai enterprise workspace-init# build and persist workspace artifact

vai enterprise workspace-status# show posture, tier, topology

vai enterprise workspace-verify# verify workspace_hash against artifacts

# Posture and readiness

vai enterprise posture# posture with dimension breakdown

vai enterprise readiness-token# build unified readiness token

vai enterprise topology# show deployment topology

# Bundles and exports

vai enterprise export-bundle --bundle-type executive_bundle

vai enterprise export-bundle --bundle-type sovereign_bundle

vai enterprise verify-bundle --bundle-id <id>

# Explainability

vai enterprise explain --topic posture --format markdown

vai enterprise explain --topic chain --format json

vai enterprise rebuild-workspace# idempotent re-derive from artifacts