Enterprise architecture (buyer view)
Enterprise AI Control Plane
Layer 1 — Governance & Risk
Executive AI governance across the organization
• AI Asset Registry
• Shadow AI Intelligence
• AI Risk Management
• Procurement Packages
• Executive AI Dashboard
• Audit Evidence
│
▼
Layer 2 — AI Control Tower
Operational control of AI systems and agents
• Deployments
• Human Review
• Agent Governance
• Workflow Lifecycle
• Telemetry & Monitoring
• Rollback & Release Control
│
▼
Layer 3 — Solutions
Industry and domain-specific compliance
• Accessibility Compliance
• Clinical AI Compliance
• Compliance Manager
• Government AI Governance
• Manufacturing AI Governance
│
▼
Layer 4 — Trust & Compliance
Verification, certifications, audit readiness
• Trust Center
• Certificate Verification
• Compliance Status
• Regulatory Bundles
• Security Posture
│
▼
Layer 5 — Platform Services
Shared services powering all workloads
• Identity & SSO
• Billing & Credits
• Entitlements
• Access Control
• Audit Logging
│
▼
Layer 6 — Cloud & Edge Infrastructure
Execution and deployment foundation
• Cloud Runtime
• Edge Runtime
• Device Registry
• Telemetry Pipeline
• Storage
• Integrations
Three navigation depths
| Depth | Audience | Examples |
|---|---|---|
| Public | Executives, procurement, first visit | Governance · Control Tower · Clinical AI Compliance · Accessibility Compliance · Trust Center |
| Solutions | Program owners, compliance leads | Dashboards · workflows · evidence · validation · monitoring · procurement packages |
| Operator | Engineering, security, advanced users | APIs · runtime · Neural Glass · developer tools · advanced controls |
Retired buyer framing: Applications → Operations Engine → Governance & Audit.
Current buyer framing: Governance & Risk → AI Control Tower → Solutions → Trust & Compliance → Platform Services → Infrastructure.
Name change: Operations Engine → AI Control Tower (website, architecture, procurement packages, government submissions).
Current buyer framing: Governance & Risk → AI Control Tower → Solutions → Trust & Compliance → Platform Services → Infrastructure.
Name change: Operations Engine → AI Control Tower (website, architecture, procurement packages, government submissions).
Manufacturing & edge deployment depth (v1.0)
The sections below document safety-assurance layers for manufacturing, automotive, and edge AI deployments — technical depth under Layer 3 (Manufacturing AI Governance) and Layer 6 (Edge Infrastructure).
Executive outcomes: Reduce certification effort · reduce audit effort · reduce deployment risk · reduce OTA risk · accelerate release readiness.
Procurement-safe positioning: ISO 26262-aligned evidence management, traceability, gate reviews, waiver handling, and continuous compliance support for AI-enabled deployments.
Do not claim: ISO 26262 certified · full ISO compliance automation · autonomous certification platform.
Procurement-safe positioning: ISO 26262-aligned evidence management, traceability, gate reviews, waiver handling, and continuous compliance support for AI-enabled deployments.
Do not claim: ISO 26262 certified · full ISO compliance automation · autonomous certification platform.
Product packaging (sales)
| Suite | Scope | Status |
|---|---|---|
| AIEdge Core | Model · device · deployment lifecycle | Shipped |
| AIEdge Safety | ISO 26262 · ISO 21434 · SOTIF · ASPICE gates | Shipped |
| AIEdge Runtime | Nexus Runtime — telemetry · drift · monitoring · rollback | Shipped |
| AIEdge CertOps | Safety manuals · traceability · audit packages · release readiness | Pilot |
AIEdge Gateway + Nexus Runtime
Enterprise Users
│
▼
AIEdge Gateway ← Auth · RBAC · Credits · Billing · Metering · Policy
│
▼
Local AI Appliance (Mac Mini / Edge Server)
│
▼
Nexus Runtime ← AIEdge Runtime engine
│
├─ Model Registry
├─ Device Registry
├─ Deployment Registry
├─ Compliance Engine
├─ Audit Engine
├─ Policy Engine
└─ Agent Runtime
Quantum Studio → Agent Package → Nexus Registry → AIEdge Deployment
Quantum Marketplace
Agents built in Quantum Studio deploy into Nexus Agent Runtime and consume AIEdge credits.
| Agent | Credits / run | Deploy target |
|---|---|---|
| Safety Agent | 50 | Nexus Agent Runtime |
| Compiler Agent | 20 | Nexus Agent Runtime |
| Audit Agent | 40 | Nexus Agent Runtime |
| Release Agent | 30 | Nexus Agent Runtime |
| Drift Agent | 25 | Nexus Agent Runtime |
| Compliance Agent | 50 | Nexus Agent Runtime |
Engineering: src/ai-assurance/ (Nexus internal) · src/compliance-engine/ · public API /api/aiedge/*
Executive summary
As AI moves from cloud to edge (vehicles, robots, cameras, medical devices), organizations face operational gaps: which model version runs where, who approved updates, how drift is detected, how compliance is proved to auditors, and how OTA updates maintain safety certification without full recertification every time.
Moat: Continuous Compliance + Delta Assessment + Deployment Assurance + Safety Reasoning (GSN graph).
The problem
| Pain point | Current reality | Platform response |
|---|---|---|
| Which model on which device? | Spreadsheets / incomplete CMDB | Shipped Model + device registry |
| Who approved the update? | Email + Jira | Shipped Gate + UAOR review queue |
| OTA recertification | 2–4 weeks full audit | Shipped OTA compliance delta engine |
| Drift vs safety | Input drift only | Pilot → Runtime Safety Monitor (L6) |
| Audit evidence | Manual collection | Shipped ZIP audit package + signed certs |
| Safety reasoning | Document storage | Pilot Safety Case Graph (GSN) |
Platform view (v1.0 — Layers 0–8)
Safety Program Management ← Layer 0 (Phase 2)
│
▼
Requirements & Traceability ← Layer 1 (forward trace shipped)
│
▼
Compiler / SDK Assurance ← Layer 2 (Phase 3)
│
▼
AI Model Assurance ← Layer 2.5 (Phase 2 — EU AI Act / PAS 8800)
│
▼
Functional Safety & Compliance ← Layer 3 (Gates + waivers shipped)
│ Safety Case Graph = Phase 2 moat
▼
Release Readiness Engine ← Layer 4 (readiness API shipped)
│
▼
Edge Deployment Assurance ← Layer 5 (registry + OTA delta shipped)
│
▼
Runtime Safety Monitor ← Layer 6 (Phase 3 — operational assurance)
│
▼
Incident & Feedback Loop ← Layer 7 (Phase 2)
│
▼
Continuous Compliance ← cross-cutting (shipped)
│
▼
Audit & Certification Workspace ← Layer 8 (audit shipped; exec % Phase 3)
Three runtime assurance layers
| Layer | Module | Owns |
|---|---|---|
| Deployment Assurance | Nexus | Registry, OTA hold, rollback target |
| Operational Assurance | Nexus | Signed telemetry, drift, fleet health |
| Compliance Assurance | Compliance Engine | Evidence, gates, waivers, delta certs, audit export |
Layer 0 — Safety Program Management
Safety Program Layer ├─ Safety Plan ├─ Safety Organization ├─ Safety Roles ├─ Safety Milestones ├─ Supplier Obligations ├─ Certification Roadmap └─ Safety Reviews
Every ISO 26262 audit starts here: Who owns safety? Who approved it? Who signs releases? Who approves waivers?
Layer 2.5 — AI Model Assurance
AI Model Assurance ├─ Dataset Registry ├─ Training Registry ├─ Evaluation Registry ├─ Bias Assessment ├─ Robustness Testing ├─ Adversarial Testing ├─ Explainability Evidence ├─ ODD Validation └─ AI Risk Assessment
Layer 3 — Safety Case Graph (GSN moat)
Claim ├─ Hazard ├─ Requirement ├─ Test ├─ Evidence ├─ Waiver └─ Approval
Most tools store documents. This platform manages safety reasoning — argument structure preserved for impact analysis and audit export.
ISO 26262 gate engine
Gate 0 Intake
Gate 1 HARA/ASIL
Gate 2 Requirements
Gate 3 Verification
Gate 4 Review
Gate 5 Deploy
Gate 6 Runtime
Gate 7 Delta/OTA
| Decision | Meaning |
|---|---|
| APPROVE | All controls satisfied |
| CONDITIONAL | Approved with ODD / scope / compensating constraints |
| HOLD | Paused pending evidence |
| BLOCK | Hard stop |
| ESCALATE | Safety committee required (ASIL C/D + high-risk waiver) |
| WAIVE | Approved deviation with documented risk acceptance |
OTA compliance delta (key differentiator)
Traditional OTA often triggers full recertification. Delta assessment scopes re-verification to impacted gates.
| Change type | Impact | Required gates | Auto-approve? |
|---|---|---|---|
| Architecture / output classes | FULL | Gates 0–5 | No |
| Weights update | PARTIAL | Gate 3 | Yes if accuracy retained |
| Confidence threshold | MINIMAL | Gate 3 (partial) | Yes if threshold raised |
| Bug fix (no behavior change) | NONE | None | Yes — delta certificate |
Layer 6 — Runtime Safety Monitor
Runtime Safety Monitor ├─ Drift ├─ ODD Violations ├─ Sensor Health ├─ Confidence Degradation ├─ Safety Rule Violations ├─ Fallback Activation └─ Safety Escalations
Where AIEdge becomes operational — not audit-only.
Layer 8 — Certification Workspace (executive view)
ISO 26262 91% ISO 21434 84% ASPICE 88% EU AI Act 73% Open Waivers 7 Open Gates 4 Release Risk Medium
Operational Design Domain (ODD)
{
"odd_id": "ODD-HIGHWAY-V1",
"restrictions": {
"weather": ["clear", "rain_light"],
"illumination": ["daylight", "twilight"],
"geography": ["highway", "urban_streets"],
"speed_range_kmh": [0, 85],
"road_conditions": ["dry", "wet"]
},
"status": "ACTIVE"
}
Production API routes (shipped)
# Compliance Engine GET /api/compliance/engine/health POST /api/compliance/safety-cases POST /api/compliance/ota/assess POST /api/compliance/artifacts/:id/gates/:gateId/evaluate GET /api/compliance/artifacts/:id/audit-package?format=zip GET /api/compliance/engine/certificates/verify/:certificateId POST /api/compliance/jobs/waiver-expiry-run GET /api/compliance/release-readiness/:programId GET /api/compliance/incidents/:id/root-cause POST /api/compliance/incidents/:id/requirement-amendments GET /api/compliance/governance/command-center # Nexus (public: /api/aiedge) GET /api/aiedge/health POST /api/aiedge/models POST /api/aiedge/deployments POST /api/aiedge/deployments/:id/approve POST /api/aiedge/deployments/:id/rollback POST /api/aiedge/telemetry GET /api/aiedge/dashboard # Credits (AIEdge Gateway) GET /api/aiedge/credits/dashboard POST /api/aiedge/credits/meter
Implementation roadmap
| Phase | Focus | Status |
|---|---|---|
| Phase 1 | Traceability, gates, waivers, OTA delta, audit export, deployment registry | Mostly shipped |
| Phase 2 | L0 Safety Program, L2.5 AI Model Assurance, GSN, Supplier Portal, L7 incident root cause | MVP shipped |
| Phase 3 | Runtime Safety Monitor, Certification Workspace, L4 release readiness, compiler assurance | MVP shipped |
| Phase 4 | Governance Command Center, multi-OEM customer templates | Planned |
Production runtime (today)
www.sdpanthers.com/aiAssurance → AIEdge Operations Console www.sdpanthers.com/aiAssurance/architecture → AIEdge Platform architecture www.sdpanthers.com/api/aiedge/* → Nexus Runtime (public) www.sdpanthers.com/api/aiedge/credits/* → Credit Manager (public) www.sdpanthers.com/api/compliance/* → CertOps Engine (legacy internal) /api/ai-assurance/* → aliases to /api/aiedge/*
Target markets
| Segment | Fit | Driver |
|---|---|---|
| Automotive Tier-1 / edge AI silicon | High | ISO 21434, UN R155, OTA safety |
| Medical devices | High | FDA AI/ML action plan, IEC 62304 |
| Industrial robotics | Medium–High | Functional safety + fleet deployment |
| Smart cameras / retail | Lower | Lower safety certification pressure |
Summary
| Aspect | v1.0 status |
|---|---|
| Architecture | Frozen — Layers 0–8 + Certification Workspace |
| Phase 1 pilot | Live on xr-api-prod + Firebase hosting |
| Key differentiator | OTA compliance delta + continuous compliance |
| Strategic moat (Phase 2) | Safety Case Graph (GSN) — safety reasoning, not documents |
| Platform completeness | ~85–90% of enterprise certification operations architecture |