Controlled rollout (governed canary)
A limited rollout route that starts read-first, enforces approvals, and blocks writes unless a valid Action Certificate is present. Includes rollback and Learning Controls by default.
Learn moreGlossary of TrustPlane controls
Share this page with stakeholders who encounter TrustPlane-specific language. Each term links to deeper documentation or evidence bundles.
Certified Write
A write that passed policy gates, minted an Action Certificate, and can be verified before any side-effect. Certified Writes are the primary billing meter.
Learn more Action Certificate
A COSE-signed artifact containing policy version hashes, approvals, evaluation results, rollout scope, budget/SLO snapshots, and audit hashes. Required before critical writes.
Learn more Policy version hash
A SHA-256 hash of the policy bundle (identity, data boundaries, Learning Controls, approvals). Embedded into every certificate and referenced in evidence bundles.
Learn more Learning Controls
Evaluation contracts, feedback hooks, drift monitors, and promotion gates codified in policy so governed automations improve safely over time.
Learn more Transparency log
Optional append-only log (hosted in your account) containing certificate summaries and revocation markers. Provides tamper-evident lineage for auditors.
Learn more Certified Write budget
Budget and rate guardrails (monthly USD, RPS, SLO targets) encoded in policy and surfaced via OpenTelemetry for FinOps showback.
Learn more Need deeper proof?
Evidence bundles contain Action Certificate samples, policy hashes, and control mappings for auditors and procurement.
Open Security, Risk & Audit microsite