{"slug":"plumbline","path":"/plumbline","title":"Plumbline — Know the moment your system drifts","description":"Plumbline is continuous read-only monitoring of a deployed system against a declared scope. Drift is detected as it happens and captured as an audit-ready artifact.","hero":{"h1":"Know the moment your system drifts.","lead":"Plumbline is continuous read-only monitoring of a deployed system against a declared scope. When the system deviates, in behavior, structure, or intent, you know immediately, you know how far, and you have an artifact you can hand to counsel.","eyebrow":"Plumbline · The ongoing discipline"},"sections":[{"id":"read-only","label":"§2 Read-only by design","heading":"The instrument cannot become the vector.","paragraphs":["SolarNorth agents have no write access to any customer system. Not under any credential. Not in any escalation path. Not in any \"emergency\" override. The architecture makes write access structurally impossible, not merely disallowed. Most observability and security tooling asks for write permissions to be useful. We made the opposite bet.","A monitoring system with write access is itself a risk surface. It can be weaponized. It can be the vector for a supply-chain attack. It can cause the incident it was hired to prevent.","A system with structurally read-only architecture cannot do any of those things. The answer to the question \"what if Plumbline is compromised?\" is the architectural answer.","For procurement review, for audit, for any conversation with a regulator, the claim simplifies. We observe. We do not touch. That is the architectural commitment, and it is the same commitment on day one as it is in year five."],"items":[{"body":"SolarNorth agents have no write access to any customer system. Not under any credential. Not in any escalation path. Not in any \"emergency\" override. The architecture makes write access structurally impossible, not merely disallowed. Most observability and security tooling asks for write permissions to be useful. We made the opposite bet. A monitoring system with write access is itself a risk surface. It can be weaponized. It can be the vector for a supply-chain attack. It can cause the incident it was hired to prevent."},{"body":"A system with structurally read-only architecture cannot do any of those things. The answer to the question \"what if Plumbline is compromised?\" is the architectural answer. For procurement review, for audit, for any conversation with a regulator, the claim simplifies. We observe. We do not touch. That is the architectural commitment, and it is the same commitment on day one as it is in year five."}]},{"id":"detection","label":"§3 How drift is detected","heading":"Continuous conformance, not periodic scans.","items":[{"heading":"Scope declaration","body":"The explicit specification of what the system is supposed to be doing, derived from an Illuminate baseline or declared directly. This is the north the system is measured against."},{"heading":"Always-on analysis","body":"A six-month audit finds the sum of six months of change with no attribution. Plumbline sees deviation at the moment it appears."},{"heading":"Three layers of deviation","body":"Behavioral (doing something different), structural (architecture has changed), intent (responsibilities outside declared scope). All three evaluated continuously."},{"heading":"Alerting with context","body":"Not 'something changed' but 'this specific deviation, against this specific scope reference, owned by this specific team, at this severity.' Actionable, attributable, defensible."}]},{"id":"artifact","label":"§4 Drift event = artifact","heading":"Every drift event is an artifact.","paragraphs":["Plumbline produces more than alerts. Every detected deviation is captured as an evidentiary artifact: what drifted, when, against which scope reference, with what severity, owned by which team, and what was done about it. The audit trail is continuous and immutable.","For a regulated organization, this is the difference between having observability and having a defensible record. If a regulator or opposing counsel asks when you knew, the answer is in the artifact."],"items":[{"body":"SOC 2 audit artifacts"},{"body":"HIPAA security incident records"},{"body":"SOX change-management evidence"},{"body":"Generic audit-trail export"}],"data":{"formatsHeading":"Supported evidentiary formats","formats":["SOC 2 audit artifacts","HIPAA security incident records","SOX change-management evidence","Generic audit-trail export"]}},{"id":"architecture","label":"§5 Architecture & scale","heading":"Architecture and scale.","items":[{"heading":"Tenancy","body":"Single-tenant by default. Observation data, scope references, and drift artifacts never cross customer boundaries, even in memory. Enterprise tier supports customer-deployed installation."},{"heading":"Integration surface","body":"Read-only access to source control, CI/CD telemetry, runtime observability, and existing audit / identity systems. No production write scope. No agent injection."},{"heading":"Scale parameters","body":"Calibrated for systems between 500k and 50M lines of code with 20 to 2,000 services. Systems outside these bands supported through custom enterprise scoping."}]}],"closing":{"heading":"The moment your system drifts is the moment you need to know. Not six months later. Not at the next audit. Now."}}