Commercial control plane
ZTAP defines the protocol. ZTI Core makes it real.
The operational system that turns protocol into enforcement. Policy engine, agent registry, execution receipts, and audit logs in one coherent platform.
Policy engine · Agent registry · Execution receipts · Audit logs
Agents
47
6 pending
Policies
238
12 envs
Recent
hash: a3f9...c7b2
registered agents
47 active
Reframe
ZTAP
ZTAP defines the format, the flow, and the standard. Envelope structure. Hash requirements. Receipt schema. Conformance rules.
What you have: a specification.
ZTI Core
ZTI Core implements and enforces ZTAP. Policy evaluation. Agent identity. Receipt storage. Audit queries. The operational reality of governed AI.
What you get: enforcement.
"ZTAP without ZTI Core is like HTTP without a server. The standard exists. Nothing actually runs."
Without ZTI Core
Implementing ZTAP without an operational platform means rebuilding these capabilities from scratch — for every team, every system, every deployment.
ZTAP envelopes arrive. Nothing evaluates them. Authorization is manual, inconsistent, or non-existent. Policy exists only as documentation.
AI agents operate without identity. You cannot scope their capabilities, bound their actions, or distinguish one agent from another in the audit log.
ZTAP receipts are generated but written to… where? Log files? Databases owned by different teams? There is no single, queryable evidence store.
The "actor" field in the envelope is unverified. Any system can claim any identity. Authorization decisions are made against unverified claims.
Compliance asks "show me all actions taken by ai-agent-7 in Q3." There is no interface. Someone writes a script. The script is different every time.
Policy updates are text file changes reviewed by engineers. No version control, no rollback, no testing, no enforcement at evaluation time.
ZTI Core capabilities
Four core capabilities. One coherent platform. ZTAP-native from the ground up.
01 / Agent Registry
Register agents with defined identities, capability scopes, and operational boundaries. Each agent has a verifiable identity that the policy engine can reference during authorization. No unregistered agent can produce a valid ZTAP receipt.
02 / Policy Engine
Define policies in a structured, auditable format. Policies reference action types, actor identities, target environments, and contextual constraints. The engine evaluates every ZTAP envelope in real time — before execution. Decisions are signed and stored.
03 / Execution Receipts
Every action that passes through ZTI Core produces a ZTAP-conformant execution receipt. Signed by the control plane. Immutable. Queryable. References the original envelope hash, authorization decision, actor identity, and outcome. This is what compliance requires.
04 / Audit Logs
All receipts persist in an append-only, tamper-evident audit store. Query by agent, action type, policy, time range, or outcome. Export for compliance reports. Integrate with your existing SIEM or audit tooling. The evidence is always there.
Platform preview
AI Agent
ZTAP
ZTI Core
Execution
Receipt
Actions (30d)
12,769
↑ 14% vs prev.
Policies Active
238
12 environments
Policy Denials
12
0.09% deny rate
Registered Agents
47
6 pending review
Recent Actions
Action Volume (7d)