The security plan is already written.
Whether you're chasing a federal security approval, a financial-services audit, a healthcare compliance review, or a critical-infrastructure sign-off — the security documentation is the longest pole. Writ is being designed so that documentation is a product feature, not an afterthought.
Approval, treated as a product feature.
Most serious organizations need an official security approval of some kind — a paper trail showing the system was reviewed, controls were checked, and evidence was filed. Writ is being designed to maintain that paper trail continuously, so your team inherits it instead of building one.
The documentation uses the federal machine-readable format — the same one commercial auditors increasingly accept — so your approver can read it with familiar tools. It lives inside the product, updated with each release, signed, and backed by evidence.
Your team's job becomes writing a short overlay covering mission-specific choices, not a full plan from scratch. The review that used to take 12–18 months can take weeks.
- A pre-written security plan in the federal standard format.
- A record for every platform service explaining what it does and how it meets each control.
- A running evidence log — updates itself as the system runs.
- Hardened base images, from the Department of Defense's approved catalog.
- Signed builds, with a public record of who built what and when.
- A clear template showing what your team adds on top.
Ready for tomorrow's encryption rules. Today.
The U.S. government is replacing the encryption used to protect sensitive data. The new kind is designed to resist future quantum computers. The changeover is phased over the next decade.
Most AI platforms plan to catch up by 2029. Writ is being designed around the new encryption from the start — and built so the next swap is a small update, not a rewrite.
This matters even before the deadlines. Information recorded today might be decrypted later. Switching early protects records going back years — not just next year's records.
Future-proof code-signing
Writ is being built to sign every release with post-quantum-safe signatures, meeting the government's 2025 code-signing requirement from the first stable release.
Future-proof network traffic (outside)
Requests reaching Writ from outside are designed to be protected with today's strongest encryption combined with the future-proof kind — no special setup required.
Future-proof network traffic (inside)
Connections between Writ's own parts will use the future-proof kind by default. Organizations that need it sooner will be able to turn it on earlier.
Government-wide switchover begins
Because Writ is built change-friendly from the start, swapping to a newer encryption standard will be a small update — not a rewrite.
Classical encryption retires
The old kind is removed. Organizations running Writ from early on will already be there — with years of records already signed with the new kind.
100% open source. No catches.
Every piece of Writ is covered by one of the common, permissive open-source licenses — the kind that let anyone use the software, including for government systems, without paying a fee or asking permission.
We avoid licenses that look open but aren't — the kind that require a subscription to use in production, or that can be changed later by a single company. That matters because the government has to be able to re-distribute and modify its own systems.
In practice, that means Writ uses older, stable, free versions of common tools — and replaces anything that was moved to a restrictive license with an open equivalent.
- ◆Own your copy. You can keep running the version you have indefinitely.
- ◆Share with allies. Give a copy to a partner agency or coalition without an NDA.
- ◆Modify and rebuild. Make the changes your mission needs. The source code comes with the bundle.
- ◆Leave at any time. If we disappear tomorrow, the platform keeps running. No vendor to call.
- ◆No paid tier on core features. Everything important is in the free, open version.
You know where every piece came from.
Modern software is made from thousands of small pieces, built by many people. Good supply-chain security is about knowing exactly which pieces are in your system and who signed for them.
Every release of Writ ships with a complete parts list, a cryptographic signature proving who built it, and a public record anyone can check. If a piece of software is recalled, your security team can confirm — in minutes — whether your installation is affected.
Source code signed at commit time
Every change a developer makes is signed. Anyone can verify it later.
Every build is signed
The finished product is signed with a key that can be verified against a public ledger.
A complete parts list
Every release includes a list of every open-source component inside it, by version.
Base images from the government's approved catalog
The starting-point images are pre-hardened to government standards.
A cryptography parts list
A second list focuses on the encryption methods used — so your reviewers can check future-proofness in one file.
Accreditation Dossier
Full control families, OSCAL tooling, the Type-Authorization pattern.
Post-Quantum Cryptography
Algorithms, hybrid TLS, fleet root, crypto-agility, CNSA 2.0 timeline.
Architecture Reference
Control plane, runtime, data plane, supply-chain lane, and the component list.