Open Source Update: Raucle Goes Apache-2.0 and Ships the Trust Layer
Six weeks ago I published a post about moving from statistical detection to cryptographic proof for AI agent accountability. The project was called raucle-detect, it was licensed under AGPL-3.0, and it shipped the core capability receipt primitive: a signed, content-addressed record of every policy-gated action an AI agent takes.
A lot has changed since then. The project is now called raucle (not raucle-detect), it’s licensed under Apache-2.0 (not AGPL), and it has shipped four new modules that make those receipts work across organisational boundaries. The paper is under submission at IEEE Security & Privacy 2027. Microsoft accepted the upstream contribution into their Agent Governance Toolkit. And the whole thing went through nine rounds of adversarial security review that found three fail-open bugs I’m glad we caught before someone else did.
This post is the update.
[Read More . . .]