/L.2 · MATURITY DECLARATION
What's real. What's demo. What's funded. What's after Series A.
Every claim on the public site, every component in the repository, and every paragraph in the doctrine is mapped here to one of four chips. Investors do not punish honest gaps — they punish founders who blur them. The line is published so it cannot be blurred.
LIVE15 / 43
Shipping today. A reviewer who clones the repository and runs the demo can verify the claim end-to-end.
DEMO7 / 43
Cinematic on the site, fixture-backed in the repository. Communicates the design intent; the production engine path will look like this when the next chip is unlocked.
ROADMAP14 / 43
Scoped and budgeted. Built within the first 18 months of pilot engagement plus seed-stage funding. Gating dependencies are named.
VISION7 / 43
Post-Series-A. The satellite / federated / cross-jurisdiction layer. Documented in the repository so the trajectory is legible — not a near-term promise.
/01
Engine
The eight-stage inference pipeline.
LIVE
Shadow-link discovery (Layer 1)
Time-series correlation with lag detection. Validated on live UK Environment Agency river-gauge data, Carlisle catchment. 0.971 confidence on the eden_sands_centre → petteril_botcherby pair, 1 000-reading window.
LIVE
Eight-stage pipeline structure
Ingest → graph inference → sensor health → anomaly detection → incident build → cascade prediction → authorisation packets → governance audit. Stages exist; layer maturity varies.
LIVE
Storm Desmond cascade replay
End-to-end pipeline run on a known historical scenario in under five seconds on a laptop.
DEMO
Cascade prediction on synthetic graphs
Layers 2–7 are exercised on synthetic data sufficient to validate the architecture, insufficient to claim production readiness.
DEMO
Physics-informed neural ODE (Layer 2)
Architecture and integration scheme implemented; trained on synthetic cascades pending pilot telemetry.
DEMO
GNN message passing (Layer 3)
Cross-sector dependency graph propagation. Synthetic graphs only.
UNLOCKS Operator telemetry from first pilot.
DEMO
Ensemble Kalman filter (Layer 4)
State estimation across noisy sensor fusion. Synthetic only.
DEMO
Differential privacy with Rényi accounting (Layer 7)
Privacy-preserving aggregation across operators. Mechanism implemented; budget calibration pending real cross-operator deployment.
ROADMAP
Cascade prediction on live operator telemetry
Layers 2–7 trained on real SCADA / sensor / ministry feeds.
UNLOCKS First pilot, 90-day shadow-mode evaluation.
VISION
Federated learning across operators
Cross-operator model improvement without raw-data sharing. Requires multi-tenant deployment and inter-operator legal agreements.
/02
Cryptography
LIVE
Ed25519 packet signing
Production cryptography from libsodium. Each authorisation packet is signed with the operator key.
LIVE
Hash-chained audit log
SHA-256 chain over every packet, recommendation, signature, and override. Tamper-evident from generation.
LIVE
Authorisation packet format v1
Eight-field deterministic structure (identifier, summary, evidence, predicted cascade, intervention, legal basis, signatories, integrity).
DEMO
M-of-N quorum policy (config + UX)
Quorum policy expressed in config; signing UX rendered. The animated multi-ministry approval is illustrative.
ROADMAP
M-of-N signature verification in engine path
Threshold-signature verification gating packet acceptance.
UNLOCKS Pilot deliverable, end of months 0–6.
ROADMAP
ML-DSA (FIPS 204) dual-stack signing
Post-quantum signature scheme alongside Ed25519. Native CNSA 2.0 readiness ahead of any classical-signature deprecation deadline.
UNLOCKS Months 6–12, after pilot deployment.
ROADMAP
Hardware-token or biometric quorum gates
Each signatory’s Ed25519 key gated on a hardware token (YubiKey class) or biometric unlock.
UNLOCKS Pilot signing-ceremony rehearsal.
ROADMAP
TEE attestation (Intel TDX / AMD SEV-SNP)
Engine inference run inside a remotely-attested trusted execution environment. Currently a documented interface, not enforced.
VISION
Zero-knowledge audit proofs
Cross-jurisdiction audit verification without disclosing operator-internal data.
VISION
Byzantine fault-tolerant consensus across operators
Multi-operator agreement on cross-sector cascade state. Out of scope until federated deployment exists.
/03
Governance & decision flow
LIVE
Per-packet legal-basis citation
Each packet carries a citation to the statute authorising the recommended action.
LIVE
Operator console (Next.js)
Read-only review surface. Renders packets, evidence, predicted cascade, and signing state.
DEMO
Multi-ministry signing animation
Visual quorum-collection sequence. Communicates the protocol; does not currently verify live signatures end-to-end.
ROADMAP
End-to-end signed-packet workflow with real ministry signers
A live packet generated in shadow-mode is signed by named operator personnel and entered into the audit chain.
UNLOCKS Pilot signing-ceremony, month 3.
VISION
Cross-jurisdictional packet routing (UK ↔ EU)
Packets generated in one jurisdiction surfaced for advisory acknowledgement in another.
/04
Safety architecture
LIVE
WRITE_ACCESS = false runtime guard
Runtime read-only guard with CI static analysis scanning every engine file for socket / HTTP writes to SCADA ports.
LIVE
Data-diode ingress architecture (logical)
Ingestion is strictly one-way at the software layer. Outbound socket attempts from the analysis enclave fail tests.
LIVE
STPA-Sec hazard analysis
17 unsafe control actions identified and mitigated. Documented in the repository.
LIVE
GSN-style structured safety case
Claims → evidence mapping, residual-risk register, traceable to engine source.
ROADMAP
Independent SME safety review
External OT-safety practitioner reviews the safety case and STPA-Sec output.
UNLOCKS Pre-pilot, month 1.
ROADMAP
Hardware data-diode at deployment edge
Physical unidirectional gateway between operator OT network and Munin enclave.
ROADMAP
IEC 62443-3-3 conformance certification
Independent-lab conformance assessment to OT security level SL2 / SL3.
/05
Deployment
LIVE
Local laptop deployment
Engine + console run end-to-end on a developer machine. Demonstration runtime under 5 s.
ROADMAP
On-prem reference deployment runbook
Production-grade install on operator hardware with hardening notes.
ROADMAP
EU sovereign-cloud reference deployment
Reference deployment in an EU-jurisdiction sovereign-cloud region for operators without in-house OT estate.
ROADMAP
Air-gapped deployment
Deployment runbook for environments with no internet path. Engine signed-update channel via removable media.
VISION
Federated multi-tenant deployment
Multiple operators sharing a Munin instance with cryptographically isolated tenants.
/06
Telemetry & data
LIVE
UK Environment Agency river-gauge ingestion
Live data via environment.data.gov.uk/flood-monitoring. The Layer-1 validation surface.
LIVE
Public hazard demonstration feed (USGS / NASA EONET / NOAA SWPC / EA floods)
The /M.0 LIVE TELEMETRY strip on the public site. Visual demonstration only — Munin's production engine does not consume these as primary data sources.
ROADMAP
Operator SCADA / OT telemetry ingestion
Production ingestion from operator process historians, RTUs, and sensor networks.
UNLOCKS First pilot, network onboarding plan agreed at month 0.
ROADMAP
Ministry feed integration
Integration with regulator / civil-protection data feeds for decision context.
VISION
Cross-operator anonymised pattern sharing
Privacy-preserving cross-utility pattern transfer over differentially-private aggregates.
VISION
Satellite verification layer
Independent space-based corroboration of ground-sensor anomalies.
How to read this page
15 chips are the company today.
14 chips are what your money buys.
15 LIVE + 7 DEMO is the MVP a partner can verify by cloning the repository today. 14 ROADMAP is the funded build inside the first 18 months of pilot plus seed. 7 VISION is the company at Series A and beyond — documented to make the trajectory legible, not to be evaluated as near-term promise.