Field Report — Phase 1 Closed

Writ is pre-release. No customers. No sales team. No accreditation stamped by anyone outside this workstation. What we do have, as of today, is the foundation the rest of the program needs — and the willingness to say out loud what we cut to get here.

The short version

Phase 1 closed today.

The platform now runs on a real, hardened Kubernetes cluster — the same kind of cluster a federal program would deploy into — with all the pieces that have to be in place before anything AI-shaped gets bolted on: identity, encryption, a trusted supply chain, an audit trail, and the compliance paperwork being written as we go, not at the end.

A new engineer can bring the whole thing up from a fresh workstation with one command.

What that actually means, in plain English

A lot of AI platforms skip the boring part. They demo a model, they demo a chat window, they wave at security and compliance as “future work.” Phase 1 was the boring part. It was on purpose.

• Every service has a signed identity. Nothing runs on our cluster anonymously. If a workload doesn’t have a signed ID issued by the cluster’s own identity root, it doesn’t start. That’s what the federal world means by “zero trust” — we built that in first, not last.
• Every piece of software has a paper trail. Every image that lands in our registry comes with a signature, a list of everything inside it, a vulnerability scan, and a record of how it was built. Anything unsigned simply won’t run. This is the thing that takes two years to bolt on later. We did it first.
• The encryption is already the kind the federal standard will require by 2030. Not planned, not on a roadmap — running. Classical encryption still works as a fallback for older peers, but the new, post-quantum kind is on by default at the edge.
• Every prompt, every answer, every administrative action is logged and signed. So when an auditor asks “who asked the model what, and when,” there’s a cryptographically signed answer. That’s not a feature we turned on for a demo. It’s the default.
• The compliance package is being written from day one, in a machine-readable format — the format the federal accreditation process actually consumes. Not a Word document, not a PDF. Structured evidence, updated every time code ships.
• Developer onboarding runs on the cluster. New engineer, fresh workstation, one command: writ dev up. They’re running the platform. No hand-holding.

What we dropped to get here

Earlier in the year, the plan had a two-week “minimum viable product” sketch — a smaller, simpler version of Writ running on a single box in Docker Compose, meant to be a fast demo that justified the bigger platform effort.

We deprecated it today. Every ticket, closed.

Why: the real platform finished the foundational work before the demo version needed to start. If we’d kept the demo version alive, we’d now have two different ways to do every core thing — two identity systems, two ways to sign software, two places to audit. We would have been carrying that duplication into Phase 2 for no reason other than momentum.

So we killed the demo and kept the real thing. This reads like scope change from the outside. It wasn’t. It was a sequencing correction — the big work finished first, which removed the need for the small work.

Where it hurt

Phase 1 is not a clean story. A clean story would be a lie. Three things bit us:

1. The cluster shipped without a default place to store data. Every piece of the platform that needs to remember something — user accounts, service identities — had nowhere to put it. One morning of panic, one configuration fix, and a note-to-self that the cluster profile has to include storage from the start.
2. A chart repository we’d been using went unsupported mid-sprint. A big open-source vendor moved their image catalog to an unsupported path, and using either version would have failed the federal software-supply-chain audit. We replaced the affected pieces with alternatives, added a cluster-wide policy that prevents us from accidentally using them again, and moved on. Painful, the right call.
3. Part of the identity system was installed by hand. The rest of the cluster is managed as code, tracked in Git. This one component wasn’t. It cost us a week of “why does the cluster disagree with the repo” before we noticed. Now it’s in Git like everything else.

Writing these down matters because the alternative — pretending the foundation shipped clean — is the kind of dishonesty that makes programs fail at accreditation eighteen months later.

What’s next

Phase 2 is the AI part. The foundation is done; now the things people actually recognize as “the product” go on top of it:

• Models serving. Chat, embeddings, search, vision, speech, agents — all behind one simple web address, the same one whether the request is a question, a classification, or a multi-step plan.
• One contract, not a catalog. A single OpenAPI specification covering every kind of AI capability. A developer — or an AI coding assistant like Cursor or Claude Code — reads that one document and builds a working app from it. No hunting through twelve different service shapes.
• A curated model library. Open-source models with known origins: Llama, Mistral, Granite, Gemma for generative; E5, Nomic, Granite-embed for embeddings; LLaVA-Next and SigLIP for vision; Whisper and Coqui for speech. Every model signed, documented, and given a model card. No surprise dependencies on foreign-origin models.
• Real SDKs, generated from the contract. Python and TypeScript, written by the specification — not by hand. The spec is the source of truth; the SDKs follow.

The Phase 2 exit is when a mission developer can point an AI coding assistant at one URL and scaffold a working application against the platform, on their own, in an afternoon. That’s the number that matters.

What is honestly not happening yet

• No customer deployments. Zero. Nobody is running Writ in production.
• No SCIF briefings, no program-office demos. Our field-presence is a blog post.
• No sales team. The contact inbox is read when the build schedule allows. Nobody has a quota.
• No early-access program. If you have read about one somewhere, it was aspirational and has been removed.
• No Phase 3 work. The governance layer — classification-aware data handling, the agent sandbox, the policy engine — is designed and documented, but hasn’t been built. It comes after the AI plane is stable.

This is the part of the update that usually gets soft-pedaled. We’re not soft-pedaling it. A pre-release platform that honestly describes the edge of the built thing is more useful to a program office than one that waves vaguely at capability.

What to watch for

The next entry lands when the unified contract is frozen and the first model is serving end-to-end through it. That’s the moment a developer can start building against Writ instead of just reading about it. If Phase 2 slips, we’ll write that entry too. Pre-release means honest. It does not mean quiet.