The honest pre-launch posture. Updated when posture changes. Contact kyle@lexcivis.ai for compliance questions before signing.
HMAC-SHA256 over canonical CBOR of the verdict payload. Per-workspace secret in AWS KMS, accessed via an OIDC-scoped signing sidecar. Plaintext key never touches application memory. Signature embedded in CO-facing PDF metadata. Quarterly rotation, on-demand revocation, key_id and key_version in every signed payload.
lex_civis_seal v1 is a real cryptographic signing primitive. It is not an IAL2 attestation. We do not claim NIST 800-63-3 compliance. That conversation lands in v2 when the cryptography CTO is in seat and the IAL2 rail ships. We tell you this on the Trust Center because federal buyers deserve to know what they are buying.
Cryptography CTO closes Q4 2026 (hard deadline 31 Jan 2027). Lex Verified IAL2 attestation rail ships in the multi-year NIST 800-63-3 build window. Cutover is a key-source swap from AWS KMS to IAL2-attested identity. Signature format on the wire is unchanged. v1-signed verdicts remain verifiable via the v1 key archive.
Solicitations are scanned for CUI markers (DFARS 252.204-7012 references, CDI/CTI keywords, agency-specific handling instructions) at the ingestion edge. CUI-flagged content routes to a strict-lane: pgcrypto column-level encryption at rest, ZDR contracts with model providers, AI Gateway bypassed. DFARS 252.204-7012 contractor-side obligation is disclosed in ToS; CMMC Level 2 obligations follow the data.
Workspace is the tool the CONTRACTOR uses to chase federal work, not a cloud service the GOVERNMENT consumes. v1 ships on commercial AWS through Vercel + Supabase. SDVOSB / small-business set-asides under $25K-$10M (FAR 13 / 19) do not require FedRAMP at this tier. v2 GovCloud / IL5 plane lands at Series A close with feature parity at the orchestration layer.
Every agent verdict, every model invocation, every customer override is logged to a per-tenant Postgres hash-chained ledger behind a single-writer service. S3 Object Lock (WORM) for IG-defensible immutability. Periodic Merkle root anchored to Sigstore Rekor so chain truncation is publicly detectable. Each tenant's chain is independently verifiable.
No SOC 2 Type II report. No FedRAMP authorization. No IL2-IL5 accreditation. No third-party penetration test results to publish. No CMMC Level 2 assessment. These are on the roadmap and we will publish dates here when we have them. We will not display badges we have not earned.
When v1 ships, verify.lexcivis.me will accept a signed verdict and return the canonical disclosure: "Lex Civis Workspace verdict, signed under v1 trust primitive" with a link back to this Trust Center page. The page lives at the same URL as the disclosure so a Contracting Officer can verify both the signature and the disclosed primitive in two clicks.
This page is the canonical source on Lex Civis trust posture. Any change to the signing primitive, the CUI handling lane, the deployment topology, or the compliance roadmap lands here first. If you find a discrepancy between this page and a sales call, the page wins. Email kyle@lexcivis.ai to flag it.
Email kyle@lexcivis.ai directly. Replies typically within 24 hours.