Pure Signal · Zero Noise

Signal from noise.
Truth before action.

P·S·Z·N — the verification, consent & evidence engine.

PSZN routes a request, scores its truth across independent models, gates it behind human consent, and emits a tamper-evident record — before anything runs. The scoring core is model-free, so it works over the models you can actually own and run on-prem.

ENGINE · model-free consensus IDENTITY · Context / Consent / Credibility DEPLOY · governed & air-gapped

The thesis

Frontier models made most governance free.
Two layers they structurally won't build remain.

Sandboxing, approval prompts, and agent-on-agent review now ship inside every major model. A trust layer that overrules the model, and stays neutral across vendors, is not something a model vendor is incentivized to build. That is the ground PSZN stands on.

The unclaimed ground

Deterministic verification with evidence, before approval — and a portable evidence ledger binding "done" to proof.

No model vendor will make verification external, deterministic, and cross-vendor: it reduces the perceived value of their own model and asks them to audit competitors. That gap is durable.

Model-free by construction

The scoring core calls no model

Claim extraction, clustering, consensus, and divergence are pure algorithm. The engine is indifferent to whether answers came from a frontier API or a local open-weight model — which is what makes on-prem verification real.

Nothing on trust alone

Verify → consent → prove

Every consequential action is scored, gated behind an out-of-band human or delegated sign-off, and written to a record that the author cannot forge. Fail closed, always.

The engine

01PSZN — a model-free consensus & divergence engine

PSZN polls independent models in isolation, decomposes their answers into atomic claims, clusters agreement across models, and scores signal against divergence. Every stage after generation is deterministic — no model sits in judgment of another.

PHASE 1
isolate

Parallel polling

Query N models concurrently. Prompts are sanitized so no model can reference or anticipate the others — independence is enforced, not assumed.

PHASE 2
decompose

Claim extraction

Each response is split into atomic claims and classified by type (fact / recommendation / opinion / prediction / warning) and asserted confidence.

PHASE 3
cluster

Cross-model clustering

Claims from different models are agglomeratively clustered by similarity (lexical by default, embeddings optional) to find where independent models agree.

PHASE 4
score

Consensus & divergence

Consensus strength, overall confidence, and a signal-vs-noise ratio are computed; divergences and single-model novel insights are surfaced, not hidden.

Why it holds under an air gap: a single local model can't cross-check itself — a judge that shares weights with the generator inherits its blind spots and prefers its own answers. PSZN's verdict comes from independent models and deterministic math, not a model grading a model. That property is exactly what a one-model-family, offline deployment needs.

The Forge Score

Consensus feeds a composite Forge Score — an evidence-weighted score that must clear a threshold before an action is permitted. It decomposes, so any score can be traced back to the evidence that produced it.

# composite of weighted, inspectable dimensions
ForgeScore = Σ( dimensioni × weighti ) × rigor(tier)
Consensus alignmentagreement across independent models
Source qualitystrength of cited evidence
Domain accuracyfit to the routed domain
Reasoning legibilitytraceable, inspectable steps
Robustnessstability under perturbation
Temporal stabilityconsistency over time / re-runs

Routing. Before scoring, a request is routed against a locked domain taxonomy by term relevance. Unroutable input fails closed to a review-required fallback rather than guessing — the gate defaults shut.

Temporal Consensus Drift. When consensus decays across re-runs — an early signature of a hallucination cascade — PSZN raises a drift alert. This is emitted as a standard risk signal (OpenID Shared Signals / CAEP), so existing continuous-authentication infrastructure can act on it.

The identity layer

02Three-C — Context, Consent, Credibility

Authenticating a login is solved. Authenticating what an autonomous agent is allowed to do, on whose authority, and whether its output can be trusted is not. Three-C answers the three questions every agent action raises — each backed by a verifiable credential.

C-1

Context

Who is this agent working for?

A cryptographically verifiable delegation chain from a human principal to the agent and any sub-agents — capabilities declared, scope bounded. Authority by possession of a credential, not by a shared secret.

Backed by: W3C Verifiable Credentials · Garnet @caps + seal
C-3

Credibility

Can the output be traced to a verifiable source?

Every deliverable carries its evidence: the Forge Score, the models polled, the claims and their divergences, hashes of inputs and tool-calls — anchored to an append-only transparency log the author cannot rewrite.

Backed by: PSZN Forge Score · evidence bundle · transparency log
Honest scope. A signature proves who signed and that bytes are intact — never that content depicts reality. Three-C is built for accountability, not deepfake detection: a persistent identity that signs a falsehood can be permanently and verifiably burned. We don't fight the analog hole; we make lying attributable.

Root of trust, two modes. Governed / enterprise deployments chain identity from existing credentials (PIV/CAC, enterprise SSO) — you inherit the hard enrollment problem instead of re-solving it. Sovereign deployments derive one portable identity with offline rescue-code recovery and verifiable re-keying, owned outright — no vendor cloud can lock you out.

The convergence

03One layer, three faces

PSZN doesn't stand alone. It's the truth-scoring face of a single "no authority without evidence" layer — sharing an evidence model with a capability-typed language and a human-consent protocol. Each maps to one of the three C's.

ComponentAnswersProvidesEnforced by
PSZNthis engine Credibility Model-free truth scoring, consensus, divergence, Forge Score, evidence ledger Deterministic math over independent models
Garnetthe language Context Capability contracts (@caps), signed provenance & AI-authorship (seal), transparency log Compiler — checked, not asserted
Cryptographic Consentthe protocol Consent Out-of-band per-action human / delegated sign-off; provably human-directed action Off-device keys, anti-relay session binding

Together they replace authority by identity with authority by evidence: a request is only acted on when it is scored (PSZN), scoped (Garnet), and consented (the protocol) — and the proof of all three travels with the result. Built on open rails — W3C VCs, OpenID Shared Signals, content-provenance standards — not a proprietary stack, because a neutral layer is the one an incumbent won't ship.

Governed & local AI

04Frontier-adequate on the models you can run

In regulated and air-gapped environments, controlled data legally cannot touch a frontier cloud model. The binding question isn't access — it's whether a local open-weight model, wrapped in verification, is good enough. Honestly: on the right task classes, yes.

Where verification closes the gap

  • Quantitative & structured analysis, extraction, classification
  • Bounded coding where executable tests are the verifier — the one oracle that can't be talked into a wrong answer
  • Evidence-gated retrieval & intelligence summarization, where every claim must cite a source
  • Anything with a cheap, deterministic check: verification is easier than generation, and best-of-N over an independent verifier lifts a small model past its base rate

Where it can't — and we say so

  • Long-horizon autonomous work: a capability gap, not a sampling-variance one. Sampling a model that can't do the task yields nothing
  • Open-ended judgment & writing: verification is as hard as generation, and a same-family judge is biased toward itself
  • Missing modalities: no scaffold adds a capability the base model lacks
Audit-superior by default. Even where a local model merely matches a frontier one on quality, PSZN hands you something the frontier API doesn't: the candidates it considered, the verifier's scores, the evidence links, and a signed record. For accreditation, that provenance is the product.
Calibrated honesty

05What's real, what's specified, what's planned

This is a trust engine. Overstating it would be self-defeating, so here is the honest ledger. Implemented runs today; Specified is designed and documented; Planned is next.

PSZN consensus & divergence engine4-phase, model-free · TypeScript, in RLA Forge
Implemented
Domain routing & fail-closed fallbackterm-relevance over a locked taxonomy
Implemented
Garnet capability contracts & sealed provenance@caps, seal, transparency log · Garnet language
Implemented
Forge Score compositeweighted dimensions; scoring layer being hardened to deterministic evidence checks
Specified
Three-C identity & Cryptographic ConsentContext / Consent / Credibility · out-of-band signing, CPS anti-relay
Specified
Portable evidence bundle + transparency logsigned {identity · delegation · models · claims · hashes}
Planned
Local-model verification harnessverifier-gated best-of-N over on-prem open weights
Planned

License & IP. PSZN is published as an open specification — documented to be read, implemented, and interoperated with, rather than kept as a black box. © 2026 Island Dev Crew. A neutral, legible standard is the one worth adopting.