The Resonance Engine Platform
Five interlocking layers that eliminate the compliance gap between what your AI is authorized to do and what it actually executes — at the code level, not the policy level.
The Architecture of Certainty
The Resonance Engine is the orchestration layer that sits between your AI model and production infrastructure. Every action your AI takes is intercepted, evaluated, and either permitted or blocked — before it touches a system, API, or data store.
Deterministic Enforcement
Unlike ML-based guardrails that can drift or be argued around, the Resonance Engine uses formal verification logic. An action is compliant or it isn't — there is no maybe.
Zero-Latency Gate
The Friction Gate operates as an in-process execution layer — not an external API call. Compliance verification adds sub-millisecond overhead with no network dependency.
LLM-Agnostic Runtime
The Resonance Engine wraps your entire AI execution surface — GPT-4, Claude, Gemini, open-source models, and internal fine-tunes. One gate, every model, one compliance posture.
Injection-Proof Architecture
Adversarial prompt injection cannot override the Friction Gate because compliance enforcement lives below the model output layer — at the execution runtime, not the instruction level.
Real-Time Classification
Intent classification happens synchronously within the execution pipeline. No async queues, no eventual consistency — the gate decides before the action executes.
Cryptographic Proof Chain
Every governance decision is signed with a private key at the moment of execution. The signature chain provides mathematically verifiable proof that no decision was altered after the fact.
Compliance at the Execution Layer
The Friction Gate is the enforcement core of the Resonance Engine. Every AI-generated action passes through four sequential phases before any system call, API request, or state mutation reaches production infrastructure.
Intent Detection
Every AI action is intercepted at Layer 0 before execution. The engine decomposes the action into its intent vector — what the model is trying to do, not just what it says.
- Layer 0 interception before any system call
- Intent decomposition from raw model output
- Context-aware action classification
- Zero-trust — no action is pre-approved
Compliance Classification
The classified intent is evaluated against your organisation's full regulatory ruleset using deterministic rule trees — not probabilistic scoring.
- SOX, MiFID II, DORA rule evaluation
- Custom organisational policy support
- Deterministic verdict — no ambiguous scores
- Rule conflict resolution with precedence ordering
Gate Decision
Non-compliant or high-risk actions are hard-blocked. The gate is cryptographically immutable — it cannot be bypassed by the model, prompt injection, or configuration drift.
- Hard block — execution halts immediately
- Cryptographically enforced, not configurable away
- GovernanceException thrown with policy reference
- Human escalation path for friction-tier actions
Audit & Attestation
Every decision is cryptographically signed and appended to an immutable audit log. Regulators receive a complete, tamper-evident execution record on demand.
- SHA-256 action hash + private key signature
- Regulatory framework reference tags (SOX-404, DORA-Art9)
- Examiner-ready export within 24 hours
- SIEM-compatible real-time event stream
The Friction Gate architecture is covered under a U.S. Patent Pending application. The four-phase execution-layer interception method cannot be legally replicated by competing vendors upon issuance.
Regulation Expressed as Executable Logic
The Policy Engine compiles regulatory frameworks and organisational rules into deterministic rule trees that the Friction Gate evaluates at runtime. Your compliance team writes policy — the engine enforces it without interpretation or probabilistic gaps.
Supported Frameworks
SOX (Sarbanes-Oxley)
Section 404 internal controls over financial reporting — every AI-initiated financial action is classified against material misstatement risk thresholds.
MiFID II
Markets in Financial Instruments Directive — suitability, best execution, and transaction reporting rules compiled into the policy tree.
DORA
Digital Operational Resilience Act Article 9 — ICT risk management obligations for financial entities translated into enforceable gate rules.
Custom Frameworks
Define your own policy rules in the Policy DSL. Internal governance frameworks, board mandates, and bespoke risk thresholds are fully supported.
How It Works
Rule Authoring
Compliance teams author rules in a human-readable Policy DSL. No code required. Rules express conditions, risk thresholds, and gate verdicts.
Compilation
Rules are compiled into an optimised decision tree at deploy time. Compilation validates for conflicts, redundancies, and coverage gaps.
Runtime Evaluation
At execution, the compiled tree evaluates each action in microseconds. The output is a deterministic verdict: PERMIT, FRICTION, or BLOCK.
Version Control
All policy changes are versioned and signed. A full audit trail of what rule was active at any given moment is always available for examiners.
Tamper-Evident by Cryptographic Design
Every gate decision — permitted or blocked — is cryptographically hashed, signed, and appended to an immutable audit chain. Your complete regulatory execution record exists before the examiner ever asks for it.
Cryptographic Binding
Each audit entry contains a SHA-256 hash of the action payload, a timestamp, the gate verdict, and a private-key signature. Any post-hoc alteration invalidates the entry.
Append-Only Log
The audit chain is append-only by architecture. Entries cannot be deleted or modified — only new entries can be added, and each references the previous entry's hash.
Regulatory Tagging
Every entry is tagged with the relevant regulatory framework references (SOX-404, DORA-Art9, MiFID-II) so examiners can filter by regulation instantly.
Examiner Export
Generate a complete, signed export of any time range in PDF or machine-readable JSON within 24 hours. Formatted for direct submission to regulatory examiners.
Real-Time SIEM Stream
Audit events are streamed in real-time via webhook or syslog to your SIEM (Splunk, Datadog, Microsoft Sentinel). No polling required.
Retention & Sovereignty
Audit logs are stored within your deployment boundary. EthicVault never has access to your audit data. Retention periods are configured to meet your jurisdictional requirements.
Zero custody — your data never leaves your environment
The Audit Chain operates entirely within your infrastructure. EthicVault does not have access to, store, or process your audit records on its own systems.
Works With Your Existing Stack
The Resonance Engine is designed for zero-friction enterprise adoption. It integrates with your existing AI models, orchestration frameworks, observability stack, and identity infrastructure — no rip-and-replace required.
AI Models & Orchestration
Observability & SIEM
Identity & Access
Deployment Environments
Ready to see it in your environment?
Request enterprise access or try the interactive demo to see the Friction Gate evaluate actions in real time.