Proof-Governed Local Authority for Autonomous Postgres
This study evaluates a trust-inverted architecture where QueryRook issues bounded recommendations and Conduit, a customer-owned local authority, verifies policy, simulates locally, emits receipts, and proves the mutation path before human-gated apply.
Summary
The cloud can be smart without being powerful. Conduit keeps the power local, records what happened, and makes every missing proof visible.
Claims
Trust-minimized autonomous operations
Autonomous Postgres operations are safer when the hosted control plane issues bounded, signed action capsules that a customer-owned Conduit verifies locally.
Proof-governed local authority
A customer-owned local authority can let hosted AI recommend Postgres changes without giving the hosted control plane direct mutation authority.
Methods
- Persist guarded dry-run requests from the hosted control plane.
- Require local dry-run receipts and signed-sql-only mutation-path proof before guarded apply review.
- Upload privacy-tiered daemon telemetry and correlate Plumb security traces to QueryRook workload evidence.
Metrics
Limitations
- Human-gated readiness is not the same as autonomous apply authority.
- text_hash correlation depends on Plumb and QueryRook using the same SQL normalization inputs.
- A planned mutation-path proof must still be followed by an applied receipt before claiming production mutation success.
Reproducibility
Current status: Partially reproducible. Reports generated by ResearchOps include commit hashes, run IDs, artifact paths, required disclosures, and a SHA-256 integrity hash.