Free Admissibility & Citation Gap Briefing.Map your brand's footprint across the AI ecosystem and identify unverified Shadow Sources. Available for regulated enterprise evaluators.Secure Your Audit →

Category — how enforcement is structured

Execution Control Systems (ECS)

ECS is our name for the architectural layer that resolves admissibility at the commit boundary on governed paths: deterministic checks, org lifecycle honesty, and fail-closed outcomes—not a rebranding of “AI safety prompts.”

Canonical product claims and pricing remain on bidigest.com and in MESSAGING_COPY_BLOCKS.md. This hub explains the category narrative and points to proof surfaces (how-it-works, handbook, simulator) without forking truth.

Satellite domains (e.g. executioncontrolsystems.com, executioncenteredgovernance.com) are reserved for future DNS → canonical paths here; enable redirects only after copy and consent gates are satisfied.

Feature availability

  • [SHIPPED]Integrity baselinePhase 3 — commit / bundle integrity on governed paths, evidenced by chained hashing and execute-boundary validation (independent of model vendor / inference path). See Phase 3 acceptance + archived report.
  • [SPEC]SARD admissibilitySynchronous admissibility re-derivation at execute — spec / roadmap, not production for all routes.
  • [DRAFT]SACI methodologyInternal State of AI Compliance Index framework; public dataset / index not implemented.

From intent to commit: T₀ and T₁

T₀ is when an action is first presented—routing, payload shape, and early gates treat it as unverified intent. T₁ is the commit boundary: deterministic checks run again before anything binding happens, including org lifecycle (active vs suspended). If the organization is inactive, API authentication returns HTTP 403; on seal paths, telemetry can be shunted with breach codes such as ORG_SUSPENDED_AT_T1 where applicable—fail-closed, not a “best effort” filter.

Wall-clock time is route- and deployment-dependent. Governed egress sealing and staleness monitoring use different cron paths—do not promise one universal sub-50ms wall on every integration.

Full pipeline, IFQ schematic, and partnership context live on How it works.

The execution gap

Drift accumulates between “looks fine in monitoring” and “commits as operational fact.” BiDigest re-validates authority at the commit boundary (T₁)—including org lifecycle—so inactive tenants can receive 403 at ingress and seal paths can record structured breach signals instead of quiet success.

Structural checklist (same as how-it-works)

  • Fail-closed responses on governed paths—HTTP errors instead of silent mismatch commits where configured.
  • Commit-boundary re-read (T₁): org lifecycle and deterministic checks before binding effects.
  • Inadmissible intent does not become operational fact when the gate withholds commit.

Canonical product surfaces

Use these routes for pricing, intake, and API truth. This ECS hub stays a category map—not a second homepage.

Sovereign KB · IFQ · per-LLM — ask here