Ontic Labs
  1. Home /
  2. Control Plane /
  3. Foundry

Foundation Layer

Foundry

The foundation layer of governed inference.

Oracle Foundry transforms authoritative source documents into a queryable, tamper-evident knowledge base. Every downstream governance decision traces back to this layer.

Without it

Without tamper-evident source provenance, every downstream governance decision is an assertion without evidence. Claims can’t be verified, retrieval can’t be audited, and your gate has nothing to check against.

Position in the platform

  • Oracle Foundry (Foundation): Transforms authoritative source documents into a tamper-evident knowledge base
  • SIRE Crosswalk (Post-Foundry): Builds the global authority map across oracles for routing, conflicts, and gaps
  • Prompt Compiler (L0): Rewrites prompts to prevent structural failures before generation
  • Claim Ledger (L1-L4): Decomposes outputs into claims and scores uncertainty + entailment
  • Process Control System (Cross-layer): Monitors quality as a statistical process over time
  • Forensics Lab (L5): Diagnoses mechanistic root causes when governance failures occur

Seven-stage foundry pipeline

  • Document ingestion — SHA-256 source hash, idempotent upsert, version-aware change detection, actor tracking
  • Section-aware chunking — split on heading boundaries, merge undersized chunks (<75 words), heading path metadata, content hashes
  • Cryptographic watermarking — HMAC-SHA-256 signatures embedded per-chunk, self-contained verification without database access
  • Embedding — text-embedding-3-large (512d Matryoshka), lease-based claiming prevents double-embed, sovereignty attribution enforced by CHECK constraint
  • Corpus registration — tier classification, framework/industry/segment metadata, manifest with chunk count and content hash
  • SIRE identity metadata — Subject anchors domain, Included enriches search, Excluded enforces boundaries, Relevant maps cross-framework topology
  • License and output policy — five-status enum (licensed/customer_provided/public_domain/synthetic/unknown) with deterministic Prompt Compiler instructions

Sovereignty and tamper evidence

  • Every embedding vector carries an immutable attribution chain: embedding authority, egress policy, and pipeline run attestation
  • Un-attributed embeddings are structurally impossible — enforced by database CHECK constraint, not application logic
  • Chunk watermarks use HMAC-SHA-256 signatures that verify without database access — the chunk proves its own provenance
  • Immutable event log records every embedding operation (success or failure) for audit and compliance reporting
  • Designed for air-gap and VPC deployment where data must never leave the customer's security perimeter