Sense → Predict → Act → Verify → Sense. A domain-independent architecture in which each iteration emits a tamper-evident record binding Sense + Predict + Act + Observed-result, the next iteration can be optionally gated on that record, and the record is consumed as a Sense input by the next iteration. Twenty-two industry embodiments enumerated in the provisional. One architectural pattern.
OODA, MAPE-K, Sense-Plan-Act, ReAct, Reflexion — each treats verification as either internal reflection (ReAct, Reflexion) or as a passive operator-controlled log (audit pipelines, W3C PROV). None of these named frameworks binds the action to a tamper-evident cryptographic record, gates the next iteration on that record, AND consumes the record as the next Sense input. SPAV's contribution is the architectural integration of these three properties into a single loop. We are not aware of a prior published architecture that combines all three; a formal prior-art search is on the pre-non-provisional roadmap.
Prior-art citations: OODA — Boyd (USAF, 1976) · MAPE-K — Kephart & Chess, IBM (2003) · Sense-Plan-Act — Brooks (1986) · ReAct — Yao et al., ICLR 2023 (arXiv 2210.03629) · Reflexion — Shinn et al., NeurIPS 2023 (arXiv 2303.11366) · W3C PROV — W3C Provenance Working Group (2013).
The SPAV architecture comprises four functional stages — Sense, Predict, Act, Verify — and a cycle controller. The novelty lives in two places: Verify-as-mandatory-gate (the next iteration cannot start until the prior verification record exists and validates) and Verify-feeds-Sense (the verification record from iteration N becomes a Sense input in iteration N+1). Click any stage to inspect.
The Verify stage's hardware_attestation field signs the device. Its policy_attestation signs the rules. Its inference_attestation field cryptographically commits to the state of the inference system itself — the model, its version, its multi-agent topology, the prompt and retrieved context if it's a generative system, the simulation parameters if it's a digital twin, the execution-environment attestation if it ran on quantum or neuromorphic hardware. This is where the architecture's most sophisticated claims live.
Beyond the hardware that ran the inference, the Verify record cryptographically commits to the state of the inference system — model identifier, version, weights hash, configuration. An external party can verify that the prediction came from a specific, named model at a specific point in its life cycle.
When the Predict stage orchestrates multiple agentic-AI sub-agents, the Verify record captures sub-agent topology, intermediate outputs, and final decision. The graph of who-said-what-to-whom is bound to the action. Critical for autonomous-mission-management systems (Pit Boss-class) where one model's output is another's input.
Predict stage emits confidence representation. Act stage gates execution against a pre-registered threshold. The threshold itself is anchored to a tamper-evident substrate at least T blocks before reliance, where T is recorded in policy_attestation. Threshold updates are themselves Verify-recorded (Claim 20). Defeats post-hoc threshold adjustment as a justification mechanism.
When Predict invokes a generative AI or LLM, the Verify record cryptographically binds the synthesized output to the input prompt, retrieved context, and model identifier+version. C2PA-aligned but architecturally tied to the agentic loop. For AI-generated mission planning, briefings, content moderation decisions, code generation — full prompt-to-output provenance.
When deviation metrics from recent Verify records drive model updates, recalibration, fine-tuning, or reweighting, the update operation is itself recorded as a Verify record. The result is a model life cycle expressed as a sub-chain within the verification chain — every model version points to its predecessor and to the training records that informed the transition.
When Predict runs on high-performance, supercomputing, neuromorphic, or quantum infrastructure (Claim 23), or on a digital twin / simulation (Claim 24), or inside a confidential-computing / TEE environment (Claim 47), the Verify record incorporates an execution-environment attestation. Forward-looking for next-generation compute substrates.
Operator A's autonomous decisions can be consumed by Operator B's planning system with proof of which model produced them, what its training corpus was, and what confidence threshold it gated against. No "trust the operator's logs" required.
Multi-vendor satellite accountabilityPWSA Tranche 2+ involves vendors from Northrop, Lockheed, York, Rocket Lab, etc. Each runs different models. inference_attestation lets each operator independently verify which vendor's model produced any given autonomous decision.
EU AI Act Article 10 compliance nativelyTraining-data governance, documentation, model lineage — all produced as a side-effect of normal operation, per Claim 79.
USSF, NRO, allied programs need to prove that an autonomous decision was made by a sanctioned model version against a pre-registered confidence threshold under a pre-registered ROE policy. SPAV produces the artifact natively.
Insurance underwriting inputUnderwriters can price differently when they can prove which model made the decision, when it was last updated, and what its calibration history looks like — all from the Verify chain without operator self-report.
Post-incident model forensicsWhen an autonomous decision is later contested, the model version, training corpus subset, multi-agent topology, prompt/context (for generative), and confidence-vs-threshold can all be reconstructed from the verification chain. The black box becomes glass.
Why this is the deepest moat in the provisional: intelligence-layer attestation is harder to retrofit than network-layer authentication. Adding inference_attestation, multi-agent topology capture, and model-version provenance to a deployed AI system requires architectural changes to the inference pipeline, not just the network stack. SpiderOak's HAIPE / OrbitSecure ships zero-trust at the network layer; that's a one-cycle upgrade for any operator. SPAV's intelligence-layer attestation is a multi-cycle architectural commitment, which is exactly what makes it patentable AND defensible against fast-following.
The same four-stage loop runs in a poultry barn, a power substation, a hospital, a trading desk, a robotaxi, a factory line, and an autonomous spacecraft. Only the modalities of Sense, the model in Predict, the actuator in Act, and the regulator consuming Verify change. The architecture does not.
EcoYield's flagship embodiment.
Actuator-side hardware attestation device verifies the on-chain Verify record before energizing the contactor. Both must agree: smart contract validates the prediction-to-outcome binding; hardware ensures the signed payload was not tampered with in transit.
Layer-house actuators control bird life. Poultry-specific physical risk demands joint gating — cryptographic record AND tamper-evident hardware signature — before a ventilation command, a feed-line schedule change, or a vet-intervention dispatch.
Before space. Before defense. Before clinical CDS. The architecture has been validated continuously for over a decade in one of the most regulated, most physically demanding, most multi-stakeholder operating environments in agriculture: a Top-10 US commercial layer poultry operation. Every claim about cross-organization auditability, Verify-feeds-Sense calibration, training-corpus dual-use, and per-action gating has been exercised against real animals, real money, and real federal regulators — not a lab simulation.
¹ Measured backtest from EcoYield investor demo (Apr 2026): production $628K + mortality $312K + feed (FCR 3.23→2.98) $299K + labor $60K + compliance $30K · ² Pilot operating record · canonical figures per Apr 2026 credibility audit · ³ 1,167 out-of-sample forecasts · 51–56% feed-forecast error reduction vs hatchery spec · ⁴ 14-year retrospective per investor demo, sourced to USDA AMS pricing + ISU Egg Industry Center FCR standards
Layer-house actuators (ventilation, lighting, feed delivery, water) run continuously. Bird life depends on every command. Every adjustment over 14+ years has been a real-world exercise of the Sense → Predict → Act → Verify loop. No simulation has this much production-grade data.
USDA AMS, FDA, FSMA, OLPS-2029 each consume different slices of the Verify chain. State regulators read animal-welfare fields. Customers read food-safety fields. Insurers read mortality and biosecurity fields. The selective-disclosure framing isn't theoretical — it's how the pilot already operates with its existing audiences.
The $1.49M annual value isn't an audit benefit — it's a calibration benefit. Every cycle's deviation metric (predicted-vs-observed mortality, FCR, production drift) feeds the next cycle's perception. Models stay calibrated against what's actually happening in the barn. This is Claim 33 + 34 in production.
R²=0.99 mortality curve fit on pilot data; 85% win-rate on 8-week forecasts. Each forecast is signed, bound to barn telemetry, and consumed by the next cycle's Sense as a calibration input.
FCR shifts from 3.23 → 2.98 in the pilot backtest = $299K/year on a 1M-bird operation. 51–56% feed-forecast error reduction vs hatchery spec. Every feed-line schedule change is Verify-recorded against ISU EIC standards.
NH₃ / temperature / humidity actuator commands gated by joint hardware-rooted + smart-contract authorization (FIG 5C). Bird-life-safety physical interlock fails to safe state on auth failure. Per Claim 12, ventilation gets joint gating while non-physical bookkeeping gets software-enforced.
USDA AMS Organic Livestock & Poultry Standards (OLPS), published Nov 2 2023; effective Jan 12 2024; general compliance Jan 2 2025; indoor/outdoor space and stocking-density requirements for laying hens & broilers extended to Jan 2 2029. The Verify chain is the artifact USDA AMS auditors consume — outdoor-access, stocking-density, beak-treatment, mortality records all signed, anchored, selectively disclosable.
Peer-reviewed: 100% disease classification 8 days pre-clinical (Li 2020). 99.7% AI disease detection (Shwetha 2024). SPAV's training-corpus duality means each detection is both an audit record and a labeled training example for the next model version — provable per-example provenance back to barn camera and IoT telemetry.
Jones 2016: 13.3% Salmonella baseline → 3.33% with management protocol (P<0.0001). HPAI 2015 retrospective shows missed-intervention exposure. SPAV makes biosecurity SOPs and their adherence cryptographically auditable for FDA Egg Rule compliance.
Selective-disclosure Verify records let a producer prove cage-free / pasture-raised / organic status to one customer (Whole Foods) while disclosing only HACCP-relevant fields to another (institutional foodservice) and only conjunction-with-FSMA fields to USDA AMS — without operating four separate audit pipelines.
Layer operations carry HPAI exposure: 168M+ birds depopulated since Feb 2022 (~75% layers per APHIS); ~$1.4B total federal HPAI costs and ~$1.25B indemnity through Nov 2024 (~$227M paid to premises infected 2+ times across 67 confirmed re-infected commercial premises). Verify-record-backed risk profile gives carriers provable biosecurity hygiene. Reinfected operations under the Dec 31 2024 APHIS Interim Final Rule (89 FR 106981) have biosecurity-audit obligations that SPAV satisfies natively.
Barn-04 sensors detect NH₃ climbing past the 14 ppm policy threshold (current: 18 ppm). The onboard model forecasts a 24h mortality risk uplift if uncorrected (0.041% projected vs 0.038% baseline) and recommends a 12% ventilation increase plus a 15-minute feed-line schedule shift. The Verify gate requires a hardware-rooted attestation against the pre-anchored ventilation envelope policy before vent fans accelerate. Once authorized, vent-A/B/C ramp to medium speed; NH₃ drops to 11 ppm within 30 minutes. The observed result is bound into a Verify record signed by the barn-04 gateway HRAD and downlinked to the permissioned USDA-AMS-consumable ledger.
Every cycle in this demo maps to live production at New Horizons Farm. Sense ingests including the prior Verify record; Predict emits with confidence + model version (Claim 21); the Verify gate enforces the pre-registered NH₃ envelope (Claim 19); the deviation metric (predicted vs observed) feeds the next iteration's Sense (Claim 33).
🐔 Jump to Poultry tab in live demo →The bulk electric system is the most regulated, most physically consequential autonomous-decision domain in the US economy. It is also the one being asked to absorb the largest forcing function in its history: 217 GW of new distributed energy resources by 2028¹, ride-through of inverter-based resources mandated under NERC PRC-029-1 (effective Oct 2026)², DER aggregator participation in wholesale markets per FERC Order 2222³, and a confirmed Chinese state-sponsored cyber actor (Volt Typhoon) that maintained access to a US utility's OT network for 10 months undetected⁴. SPAV's claims map directly onto the architectural gaps each of these forcing functions exposes.
¹ Pew Charitable Trusts (Apr 2026) · ² NERC PRC-029-1 (FERC-approved 2023, eff. Oct 1 2026) · ³ FERC Order 2222 · PJM eff. July 1 2025; ISO-NE eff. Nov 1 2026 · ⁴ Volt Typhoon — Massachusetts utility (Feb–Nov 2024) · ⁵ SEIA / Benchmark · 600+ GWh by 2030 · ⁶ UT Austin Energy Institute · ERCOT Blackout 2021
Texas 2021/2022 events: a normally-cleared fault at a synchronous generation facility caused unexpected tripping of large amounts of solar PV — a systemic-risk pattern unique to IBRs. NERC's PRC-029-1 ride-through standard is the regulatory response, taking effect Oct 1 2026². Compliance currently relies on operator self-attestation; SPAV makes ride-through events tamper-evidently provable per cycle.
FERC Order 2222 requires RTOs to allow DER aggregators (1 kW – 10 MW) to participate in capacity, energy, and ancillary-services markets³. PJM compliance July 1 2025; ISO-NE Nov 1 2026. Settlement requires verifiable participation across thousands of DERs per aggregator. Today: operator self-reports + smart-meter data with no cryptographic provenance.
CISA, NSA, FBI confirmed: PRC state-sponsored Volt Typhoon has compromised IT environments of multiple US critical-infrastructure operators across communications, energy, transportation, and water sectors⁴. Dwell times of 10+ months. Strategic objective: pre-position for disruptive attacks during major crisis. NERC CIP-013 supply-chain rules in force; up to $1M/day per violation⁷. Perimeter-and-log security is structurally insufficient — every command must be provably authorized.
Every PRC-029-1-mandated voltage/frequency ride-through event Verify-recorded with measured response binding (sense_binding = grid disturbance, predict_binding = ride-through control output, act_binding = actual reactive-current injection, observed_result = post-event grid state). Compliance becomes architectural, not paperwork.
PJM, MISO, ERCOT, ISO-NE, NYISO, CAISO, SPP each operate independent dispatch. Coordinated events (interchange, emergency assistance, contingency reserves) require trusted cross-RTO data. SPAV's federation pattern (Claim 41) lets one RTO consume another's Verify records with schema-translation itself attested.
FERC Order 2222 settlement requires verifiable per-DER dispatch participation. SPAV's per-action gating (Claim 12) lets the aggregator apply software-enforced gating to small thermostat/EV signals while applying joint hardware gating to inverter dispatch — all within one Verify chain. Aggregator settlement becomes auditable end-to-end.
CIP-013 mandates supply-chain risk management for BES Cyber Systems. SPAV's inference_attestation + hardware_attestation chain proves which firmware version on which vendor's relay produced which actuation — back to the certified supply chain. Volt Typhoon-class living-off-the-land techniques become detectable: an unsanctioned process can't produce a Verify record.
Joint hardware-rooted + smart-contract gating (FIG 5C) for relay actuation. Both must agree before a contactor energizes: smart contract validates pre-registered dispatch envelope; HRAD signs the firmware-attested command. Bypass requires both cryptographic and physical compromise.
Doubly-linked Verify chain (Claim 40) makes living-off-the-land tampering hard: an attacker forging a single record needs to also forge the prior_binding_receipt HMAC computed in the next iteration's Sense module — independent points in time. Forensics goes from "we found suspicious behavior" to "this exact command broke the chain at iteration N."
VPPs (virtual power plants) and DR programs require verifiable curtailment/dispatch from millions of distributed assets. SPAV's selective-disclosure Verify records (Claim 38) let participants prove participation to the ISO without exposing customer-meter data to the aggregator's competitors.
82% of Texas blackstart units failed during Uri⁶. Restoration sequencing requires verifiable coordination across multiple operators, often across RTOs. SPAV's federation makes the restoration plan a multi-operator Verify chain: each handoff is signed; missed steps are detectable; post-incident forensics is provable.
A normally-cleared fault at CCGT-A causes 8 of 12 inverters in the 240 MW IBR-7 solar cluster to trip on under-voltage ride-through (the failure mode that drove NERC PRC-029-1²). Substation S-104 senses local frequency depressing toward 59.65 Hz. The onboard model forecasts cascade risk if rebalance isn't committed in <1.5 seconds. The Verify gate requires joint hardware-rooted + smart-contract authorization (FIG 5C) against a pre-anchored curtailment envelope. Once authorized, S-104 commands a 38 MW industrial-load curtailment plus a 14 MW DER aggregator dispatch. Frequency stabilizes at 59.92 Hz and recovers to 60.000 Hz within 8 seconds. The Verify record is signed by S-104's HRAD, anchored to the FERC/NERC/ISO-consumable ledger.
Today this kind of event is recovered through SCADA + protective relaying with operator self-attestation to the ISO post-event. SPAV makes the entire response cryptographically auditable in real time: every relay action signed by HRAD; every model output bound to model version; every cross-RTO handoff a Verify record consumed under a recorded schema-translation (Claim 41). PRC-029-1 ride-through, FERC Order 2222 settlement, and NERC CIP-013 supply-chain controls all become artifacts the chain produces natively.
⚡ Jump to Power Grid tab in live demo →A signal from Mars takes 5–27 minutes one-way at varying orbital geometry. From cislunar, ~1.3 seconds. In a multi-thousand-satellite LEO constellation, a collision-avoidance burn must be authorized in seconds — orders of magnitude faster than a multi-hour human-in-the-loop conjunction-decision cycle. Ground oversight is structurally impossible at scale. Spacecraft already decide and act on their own. What's missing is a tamper-evident record of what they did, a gate that prevents un-attested maneuvers, and a feedback loop that confronts every prediction with its measured outcome. That's SPAV.
GEO round-trip ≈ 0.24 s. Cislunar ≈ 2.6 s. Mars 10–54 min round-trip depending on orbital geometry⁸. Synchronous human oversight is physically impossible. Spacecraft must Sense, Predict, Act — and Verify what they did so a ground operator (or a regulator, or an insurer) can reconstruct it later.
Starlink, Kuiper, OneWeb, Iridium, government and partner constellations share the same orbital regime. A maneuver by one operator changes the conjunction map for every other. Federation requires a Verify record that is portable, signed, and consumable across organizations that don't trust each other.
FCC's 5-year deorbit rule (FCC 22-9, effective July 2024)⁴. FAA AST owns commercial spaceflight. USSF 18th Space Defense Squadron screens every conjunction⁵. ESA's Zero Debris Charter (launched Nov 2023)⁶, EU Space Law (in draft, EU Commission proposal), DARPA LASSO for cislunar autonomy⁷ — all converging on the same demand: provable, externally consumable records of what your spacecraft did and why.
¹ SpaceX Starlink performs ~275 autonomous CAMs/day (Aug 2024) · ² Union of Concerned Scientists Satellite Database · ³ WEF & McKinsey, "Space: The $1.8 Trillion Opportunity," April 2024
The communications pipes are deployed in orbit (Starlink ISL mesh · SDA OISL Standard v2.1.2 · Iridium cross-links). The cryptographic primitives are deployed in orbit (Cryptosat TEE · SDA SpiderOak HAIPE). The autonomous decision/act loops are operational in orbit (Starlink ~275 CAMs/day · DARPA Pit Boss). The cross-organization trust artifact that binds Sense + Predict + Act + Observed-result into a single tamper-evident record portable across operators — has not, in our audit, been deployed in orbit. SPAV's claim is that artifact format.
The orbital economy is in a multi-year governance build-out. By 2031, tens of thousands of autonomous LEO satellites from dozens of operators across the US, China, EU, and emerging programs are projected to share crowded orbital regimes — Starlink alone is authorized for ~12,000 (filings for up to 42,000), with China's Guowang and Qianfan adding roughly 27,000 combined per filings, Kuiper ~3,200, plus Iridium, OneWeb, Spire, Planet, Capella, Kepler. Cislunar and lunar follow on a 2030s arc — Artemis-era stations, lunar PNT, NASA CLPS, ESA Moonlight, DARPA LASSO. The transport substrate to coordinate these spacecraft is operational today (Starlink ISL mesh, SDA OISL Standard with cross-vendor link demonstrated Jan 2025). The onboard autonomy to act inside them is operational today (Starlink ~275 autonomous CAMs/day). What does not yet exist as a single, externally-consumable, tamper-evident artifact format — one a regulator can audit, an insurer can use to price liability differently, a partner constellation can ingest without a trust dependency, a defense customer can use to prove rules-of-engagement compliance, and an on-orbit servicing mission can co-sign — is the trust layer. SDA's SpiderOak HAIPE is converging on a piece of this within the DoD ecosystem; NASA CARA shares conjunction data through a cooperative ground process. Neither is the cross-organization artifact format SPAV claims. The provisional was filed in May 2026; the priority window for the non-provisional and PCT filings closes in May 2027.
Verified substrate (existing on-orbit systems SPAV would build on, not replace): Starlink ISL mesh — 9,000+ sats, 42 PB/day · SDA OISL Standard v2.1.2 — first cross-vendor link demonstrated Jan 2025 · Cryptosat — 3 TEE-equipped CubeSats on orbit (Crypto1 May 2022, Crypto3 Nov 2023) · SpaceChain — 7+ blockchain payloads since 2018 · SDA SpiderOak HAIPE — zero-trust on-orbit, deployment in progress · Starlink autonomous CAM — ~275/day per SpaceX public reporting (Aug 2024).
OrbitSecure / SDA HAIPE / SpiderOak authenticate who can send what packet to which subsystem. SPAV mandates the format and binding of the agentic decision artifact that flows over those authenticated pipes. Different layers, complementary functions.
A NASA payload reads an ESA orbiter's record without trusting ESA's database. Schema-translation between domains is itself a Verify record (Claim 41).
Single record binds Sense + Predict + Confidence + ModelVersion + Act + Observed + Deviation. Doubly-linked chain (Claim 40). Pre-registered confidence thresholds (Claim 19). k-of-n witnesses (Claim 30). Per-action hybrid gating (Claim 12). Training-corpus duality (Claims 71–80).
Rad-hardened TPM / HSM / secure-element / TEE-equipped microcontroller. Signs Verify records, holds private keys whose private portion never leaves the device. Substrate examples: Collins Aerospace Apollo programmable crypto module, equivalent rad-hardened HRADs.
Authenticates packets, identities, links. Decentralized identity-based authentication. Edge-based policy enforcement. Substrate examples: SpiderOak OrbitSecure / SDA HAIPE software-defined encryptor for PWSA; NSA Type 1 standards.
The physical pipes between satellites. Substrate examples: Starlink laser ISL mesh (9,000+ sats, 42 PB/day, 99%+ uptime); SDA OISL Standard v2.1.2 with cross-vendor link demonstrated Jan 2025; Iridium RF cross-links since 1998.
The runtime that executes the agent's perceive-decide-act loop onboard. Substrate examples: SpaceX Starlink autonomous CAM (~275/day per public reporting); DARPA Pit Boss / Blackjack autonomous mission management; ESA Aeolus-class onboard autonomy.
The AI/ML models themselves: ML, deep learning, LLMs, generative AI, multi-agent systems, ensembles, neuro-symbolic reasoning, federated learning, foundation/multimodal models, simulation/digital-twin systems, quantum/neuromorphic compute. Models execute, get versioned, retrained, fine-tuned, orchestrated. Existing on-orbit substrate: per-operator, ad-hoc, no cross-vendor attestation standard. SPAV's claims attach here via inference_attestation, multi-agent topology capture (Claim 22), confidence-bounded actuation with pre-registered thresholds (Claims 18–20), model-version provenance chain (Claim 34), and the training-corpus duality (Claims 71–80).
Layers 0–3 exist on-orbit today. SPAV's claim space is layers 4 and 5: the format and binding mandates of the agentic-decision record, and the federation pattern that lets that record be consumed across organizations. SPAV runs on top of SDA HAIPE / OrbitSecure — they secure the packets, SPAV mandates the artifact format that flows in those packets. A natural deployment is SPAV-format Verify records flowing over OrbitSecure-authenticated SDA OISL links, signed by Collins Apollo HRADs, produced by Pit Boss-class onboard AI.
Onboard HRAD signs the burn authorization against a pre-anchored envelope policy in <10 ms — adds verification to autonomous CAM workflows already operating today (e.g., Starlink ~275/day). Each burn produces an externally-consumable Verify record; ground-loop is decoupled from gate-time decisioning.
Operator A's Verify record is consumable by Operator B's planning system without sharing proprietary state vectors — selective ZK disclosure preserves competitive secrecy.
Provable conjunction-avoidance compliance built into every burn. Maneuver records align with 47 CFR Part 25 orbital debris mitigation requirements (FCC 22-9, eff. July 2024)⁴.
Verify-record-backed risk profile gives space-liability underwriters a provable maneuver-hygiene artifact. Today's space-insurance market relies heavily on operator self-reported data; an externally-verifiable artifact is the missing input.
Northrop MEV (operational since 2019)⁹, Astroscale ELSA-d demonstrations¹⁰, future cislunar refueling — every contact generates joint Verify records co-signed by both vehicles. Disputed-maneuver provenance becomes mathematical.
Artemis-era lunar surface ops, NRHO stations, lunar PNT. Multi-org, multi-nation. SPAV federation lets a NASA payload consume an ESA orbiter's Verify record without database trust.
USSF, NRO, allied programs. Actuator commands gated by ROE policy anchored to a tamper-evident substrate before reliance, per SPAV's confidence-bounded actuation embodiment (Claim 19). Aligns with the SDA PWSA zero-trust direction.
When a satellite goes silent, the doubly-linked Verify chain is the black box. Reconstruct exactly what was sensed, predicted, acted on, and observed — independently verifiable.
SAT-217 ingests state from its own sensors and an ISL relay from companion SAT-217-A. The onboard model predicts a 142m conjunction with a tracked COSMOS-1408 fragment in T+382s. The Verify gate requires a rad-hardened HRAD signature and pre-registered burn-envelope compliance before the thruster will energize. Once authorized, a 0.42 m/s prograde burn executes. Post-burn, the observed miss distance is bound into a Verify record, signed, and downlinked to a permissioned ledger consumable by FCC, FAA AST, USSF, partner constellations, and the satellite's insurer.
Every step you see is what the patent claims: Sense ingests including the prior Verify record; Predict emits with confidence; Verify gate blocks unauthorized actuation; Verify-feeds-Sense closes the calibration loop without ground intervention.
🛰 Jump to Space tab in live demo →The Verify record is what makes SPAV externally consumable. Every iteration emits one. It binds the Sense inputs, Predict output and confidence, Act decision, and observed outcome under a single cryptographic commitment so the record cannot be modified without detection. Anchored to a permissioned ledger. Optionally selectively-disclosed via zero-knowledge proofs. Doubly-linked to the prior iteration's record.
// VERIFY-RECORD schema · per provisional Section F VerifyRecord { version: protocol_version_identifier domain: domain_identifier iteration_id: unique_iteration_identifier prior_record_pointer: hash_or_ledger_anchor_of_prior_VerifyRecord prior_binding_receipt: // HMAC over prior record w/ fresh nonce — Claim 40 HMAC(prior_record, nonce_from_present_Sense) sense_binding: CryptographicCommitment(SenseInput) predict_binding: CryptographicCommitment( PredictOutput, Confidence, InferenceSystemId+Version ) act_binding: CryptographicCommitment( ActDecision, ExecutionMetadata ) observed_result: CryptographicCommitment(ObservedResult) deviation_metric: Quantification(PredictOutput, ObservedResult) // fed back into next Sense — Claim 33 hardware_attestation: SignatureByHRAD(record_hash, certificate_chain) // HRAD root → manufacturer → CA policy_attestation: CryptographicAttestation( PolicyRegistryState, registration_time // pre-registered, anchored T blocks ) // before reliance — Claim 19 inference_attestation: CryptographicAttestation(InferenceSystemState) // model state itself, not just hardware witness_attestation: ThresholdSignature(k_of_n_observers, ObservedResult) // k-of-n distributed observation — Claim 30 optional_zk_proof: ZeroKnowledgeProof(PolicyCompliance) optional_explanation: HumanReadableExplanation cryptographically bound to record_hash integrity: { record_hash: hash of all preceding fields signature: system signature over record_hash ledger_anchor: optional transaction_id or block_reference smart_contract_event: optional event_emission_reference timestamp_proof: optional trusted_timestamp_attestation // RFC 3161 or equivalent } selective_disclosure_map: per-field disclosure markers // reveal in plaintext to authorized, // reveal as ZK proof to others — Claim 38 }
Claimed in the alternative. Any single primitive or any combination satisfies the architecture. Future post-quantum migration is a deployment decision, not a re-invention.
The choice of gating is a deployment-time decision matched to risk. The architectural pattern itself does not require any specific one.
Each record contains BOTH a prior_record_pointer AND a prior_binding_receipt — an HMAC over the prior record using a fresh nonce known only to the present iteration's Sense module. Tampering with any single record requires simultaneous compromise of multiple records and signatures from independent points in time.
The confidence threshold the Act stage gates against is anchored on a tamper-evident substrate at least T blocks before reliance — where T is itself a policy parameter recorded in policy_attestation of every record. Defeats post-hoc adjustment to retroactively justify an action.
The Verify record can incorporate a threshold attestation requiring agreement among k of n independent witnesses regarding the observed result. For an on-orbit conjunction outcome: USSF + commercial SSA + partner constellation must independently agree on what actually happened.
When the Predict stage orchestrates multiple agentic-AI sub-agents, the Verify record captures sub-agent topology, intermediate outputs, and final decision — not just the top-level output. Critical for accountability of agentic-mission-management systems (e.g., DARPA Pit Boss-class).
Different actions or action classes within the same SPAV system are subject to different gating regimes. A spacecraft applies joint hardware+smart-contract gating to a maneuver burn while applying software-enforced gating to a payload data downlink — all within the same Verify chain.
When Predict invokes a generative AI or LLM, the Verify record cryptographically binds the synthesized output to the input prompt, retrieved context, AND model identifier+version. Architecturally analogous to C2PA but tied to the agentic loop, not bolted on after content publication.
A defining property of the SPAV architecture is that each Verify record simultaneously fulfills four functional roles: an audit record, a calibration feedback artifact, a labeled training example, and a model-lineage anchor. The chain of Verify records produced by repeated cycles constitutes a tamper-evident, per-example-attested training corpus. There is no separation between "production traffic" and "training data" — they are the same artifacts viewed from different perspectives.
The cryptographic commitment to the Sense input data becomes the X (features) of the training example.
The model's prior prediction (with confidence + version) becomes the prior-output for residual-based learning.
The action becomes the A in (S,P,A,O) — the intervention whose effect is being measured.
The measured outcome becomes the Y (label). The integrity field makes the example individually tamper-evident.
Together with the integrity field, the Verify record produces a labeled training example whose authenticity is independently verifiable without trusting the operator. This is Claim 71. The chain of records is the corpus.
When an inference system is updated, retrained, or fine-tuned using Verify records as training data, the update operation is itself recorded as a Verify record. The resulting model version is cryptographically bound to the specific subset of Verify records that informed it. An external party can verify the precise training-corpus subset that produced any deployed model — without operator disclosure beyond cryptographic openings of the lineage attestation (Claim 74).
Under the SPAV architecture, training data IS the verification chain. An adversary wishing to poison a future model must compromise records that may already be ledger-anchored, hardware-attested, or witnessed by k-of-n independent observers. The threat surface for dataset poisoning becomes equivalent to the threat surface for the audit chain itself — substantially harder than poisoning an operator-controlled dataset.
Online learning, periodic fine-tuning, scheduled retraining, and reinforcement-from-deviation-metric updates are all triggered by Verify records and themselves recorded as Verify records. The model life cycle is expressed as a sub-chain within the verification chain: each model version points to its predecessor, to the training-record set that informed the transition, and (in confidential-computing embodiments) to the attestation of the training-execution environment.
When Verify records produced by one organization's SPAV system are consumed by another organization for training, every example crossing the organizational boundary retains its cryptographic provenance. Federated learning under SPAV produces models with auditable per-example provenance back to the originating organization — without requiring either party to expose underlying confidential data, when selective-disclosure or zero-knowledge embodiments are used.
The Verify chain natively satisfies training-data documentation requirements imposed by:
Training-data quality and governance requirements for high-risk AI systems. SPAV's per-example-attested chain is the artifact that demonstrates compliance.
Model risk management guidance for banking. Model lineage attestation directly addresses validation, monitoring, and documentation requirements.
AI/ML-based Software as a Medical Device documentation. Training-data provenance and model-version control built into the operational record.
NIST AI RMF, sector-specific algorithmic-accountability rules, EU Digital Services Act audit requirements — all converge on per-example training-data attestation.
Per the inventor's appendix, the training-corpus continuation (Claims 71–80) is identified as likely the most commercially valuable continuation given the EU AI Act enforcement timeline and the SR 11-7 / FDA AI guidance regimes.
Because the Verify record is tamper-evident and carries its own provenance, one system's verified outcome can be consumed as another system's Sense input — across organizations and across domains. The schema-translation operation is itself recorded as a Verify record. The architecture enables cryptographically-attested multi-agent and multi-domain composition without dependence on the counterparty's operator-controlled database.
An OEM's Verify records are tamper-evident and externally consumable by its supplier's regulator — without either party trusting the other's database.
The architecture supports use cases where a Verify record from one domain (e.g., autonomous-vehicle telematics) could be consumed as a Sense input by a system in a different domain (e.g., insurance pricing) via a recorded schema-translation. Such cross-domain consumption is enabled architecturally; commercial adoption is a separate question.
Verify records are training data with provenance. Model retraining is itself recorded — closing the calibration loop with audit.
SPAV's federation does not require new inter-satellite communications infrastructure. The peer-to-peer mesh substrate is operational at industrial scale today:
What's missing is not the pipe — it's the artifact format that flows through it. Cross-organization, cryptographically-attested data exchange between satellites operated by different parties is essentially undeployed. SPAV's Verify record is that artifact format. Real-time P2P transmission isn't required for most federation value — ground-side ledger anchoring with hours-to-days latency satisfies regulator audit, insurance underwriting, and multi-nation program coordination. Where real-time on-orbit federation is desired (e.g., joint conjunction planning across constellations), the Starlink/SDA mesh is the available physical layer.
Note on commercial reality: vertically-integrated constellations (SpaceX, Kuiper, OneWeb) have weak voluntary-federation incentives. The high-value federation cases are DoD/SDA ecosystem (where interoperability is mandated), multi-nation programs (Artemis, lunar PNT), regulator-mandated transparency (FCC, FAA AST), and insurance underwriting.
¹¹ Starlink laser ISL operational scale (Feb 2024) · ¹² First SDA cross-vendor laser link · York + SpaceX (Jan 2025) · SDA OISL Standard v2.1.2 (Dec 2023)
SPAV is positioned as a universal parent pattern above the inventor's existing portfolio of three hardware-gated provisionals and one non-provisional. Hardware gating was deliberately removed from the parent so the architecture covers software, smart-contract, TEE, and joint embodiments — every industry, not just poultry hardware.
Continuation strategy: 3–4 narrower non-provisionals from this parent within 12 months (broad SPAV / calibration loop / smart-contract gating / cross-domain federation). PCT decision at 12-month mark for international protection.
Re-entry to Sense in iteration N+1 is conditioned on a valid Verify record from iteration N. Six alternative gating mechanisms claimed. Distinguishes SPAV from every prior agent loop.
The Verify record is consumed as a structured Sense input by the next iteration. Standard control systems already feed residuals back internally (Kalman filters, online learning); SPAV's contribution is making that feedback chain tamper-evidently auditable end-to-end, so a regulator/insurer/partner can prove the calibration history rather than trust an operator self-report.
Verify records carry cryptographic provenance across organizations and domains. Schema-translation operations are themselves Verify records. End-to-end provenance survives composition.
EcoYield's commercial poultry pilot is the first vertical instantiation: 14+ years of historical data (5,843 barn-weeks across 75 flock cycles, 4 breeds), live deployment at an 800K-hen pilot operation. Validates the architecture in a regulated, multi-stakeholder environment before broader licensing.
The architecture is enumerated across 22 industry embodiments in the provisional. Adoption in any one of them is a separate go-to-market motion; the patent positioning supports licensing or operating models per vertical.
Provisional filed May 2026 as parent over an existing 4-application portfolio. The novelty cluster (Claims 1(d), 5, 6, 22, 26-28, 41, 44, 54) covers gating, verify-feeds-sense, and federation. A formal prior-art search is on the pre-non-provisional roadmap.
As agentic AI deployments scale and regulatory regimes around automated-decision accountability tighten (EU AI Act, FDA AI/ML SaMD guidance, FCC/FAA orbital reporting, Federal Reserve SR 11-7, and analogous regimes), externally-verifiable artifacts of automated decisions become the relevant compliance asset. SPAV is an architectural pattern for producing such artifacts: a tamper-evident record of what each iteration sensed, predicted, acted on, and observed, optionally gated, and consumable across organizations. The provisional positions this pattern as a parent over the inventor's existing portfolio, with 22 enumerated industry embodiments and an initial vertical instantiation in commercial poultry.