Governed engagements where the work product is a signed, sealed, examiner-reproducible artifact — not a PDF you have to trust the firm on.
The moat: the client (or any auditor) re-derives the verdict themselves from the cryptographic trail. No trust in the provider's word. No proprietary review software. Open, reproducible, sovereign. Run on BRaaS; governed by policy_authoring + workproduct_rbac + examiner_replay.
Each service is a regulated profession governed by its licensing authority + cited authorities. Live engagement requires a licensed rate_verifier (operator gate per SD-050); all services currently in PREVIEW.
Three structural invariants every engagement upholds — mechanized in code, examiner-verifiable, never claims of process.
Agents propose; only an operator-AGREE'd write happens. The CK Governed runtime holds no keys to your engagement; every consequential action is gated by an explicit, content-bound, attestation-shaped approval. policy_authoring is the only door.
Every work product carries a licensed professional's signature, bound to the exact bytes of the deliverable. Role-gated (workproduct_rbac, SD-047): auditors and clients can review and initiate, but only the licensed attestor signs.
The entire engagement seals into a tamper-evident chain. Any auditor — including the client themselves — runs examiner_replay against the trail and re-derives the verdict from scratch. The trail IS the evidence. No trust required.
The same five-stage flow for every service. Each stage is governed; each stage is sealed; the resulting work product is its own audit trail.
work_product recipe, S215).tool_governor, S216). The model never auto-acts on the deliverable.ReviewSignGate (P4 console, S217). Scrutinizes citations, risks, limits. Approves & Signs — a non-extractable Ed25519 signature over the canonical bytes (G1, hardware-backable).examiner_replay re-derives RELEASABLE / BROKEN from the chain alone. Tamper is caught. The work product is its own warrant.Honest standing of every service in the catalog.
Each profession's cited corpus is preview, unattested — staged by rule, present + current but not yet attested to primary sources by a licensed rate_verifier. A live engagement is REFUSED at the policy-authoring gate until corpus attestation lands (the cheap toggle cannot outrun the verified corpus — SD-050).
The MECHANISM is fully live + proven (S213/S214/S215/S216/S217/S218/S219 chain — red-team ASR=0.0, the moat is measured; estate-706 end-to-end completed live; income-1040 live federal+NY 2025). What remains is per-profession corpus attestation — a separate operator gate before any service flips PRODUCTION.