{
  "schema": "mvg.aims_descriptor@1",
  "issued_utc": "2026-02-22T00:00:00Z",
  "canonical_surface": "https://meridianverity.com/aims/",
  "boundary": {
    "no_patent_license_by_publication": true,
    "non_binding_unless_incorporated": true,
    "not_a_certification": true,
    "public_safe": true
  },
  "summary": "Public-safe overview of MVG's AI Management System (AIMS): decision rights, stop authority, continuous improvement, and verification surfaces expressed as replayable receipts (fail-closed).",
  "aims": {
    "name": "MVG AIMS (public-safe)",
    "purpose": [
      "Define AI risk surfaces and acceptance criteria before release.",
      "Standardize HOLD triggers so uncertainty never yields silent PASS.",
      "Emit verifiable receipts (descriptors + evidence pointers) for auditors."
    ],
    "operating_principles": [
      "Receipts, not promises.",
      "Evidence before action (Verify \u2192 Permit \u2192 Gate).",
      "Fail-closed by design (missing evidence => HOLD)."
    ]
  },
  "stop_authority": {
    "source_of_truth": "https://meridianverity.com/.well-known/mvg-governance.json",
    "public_summary": "Stop authority and escalation are defined in the governance descriptor. Any missing or ambiguous evidence MUST result in HOLD."
  },
  "continuous_improvement": {
    "model": "NIST_AI_RMF_like_loop",
    "loop": [
      {
        "phase": "Govern",
        "summary": "Decision rights, escalation, stop authority, incident posture."
      },
      {
        "phase": "Map",
        "summary": "Intended use, stakeholders, context, risk surfaces."
      },
      {
        "phase": "Measure",
        "summary": "Tests, controls, and replayable verification outputs."
      },
      {
        "phase": "Manage",
        "summary": "Remediation, change control, release gates, monitoring."
      }
    ],
    "note": "This mapping is provided for auditor familiarity and does not claim certification."
  },
  "public_safe_boundary": {
    "public": [
      "System overview, governance linkage, and escalation posture (high level)",
      "Verification surfaces and canonical URLs",
      "Receipt pointers (descriptors, ticket pack, transparency)"
    ],
    "withheld": [
      "Internal personnel lists and private contact details",
      "Customer-specific data, private tickets, and confidential incident artifacts",
      "Internal-only runbooks not required for public assurance"
    ],
    "release_policy": "Additional diligence materials may be provided upon procurement request (and NDA if required)."
  },
  "discovery": {
    "trust_center": "https://meridianverity.com/trust-center/",
    "governance_descriptor": "https://meridianverity.com/.well-known/mvg-governance.json",
    "company_descriptor": "https://meridianverity.com/.well-known/mvg-company.json",
    "security_review_packet": "https://meridianverity.com/trust/security-review/",
    "procurement_dsse": "https://meridianverity.com/.well-known/mvg-procurement-ticket-pack.dsse.json"
  },
  "verification": {
    "detached_signature": "https://meridianverity.com/.well-known/mvg-aims.json.asc",
    "openpgp4fpr": "94EC8CD8863A2D0CCAF92990B8BF65777FC5A47F",
    "verify_hint": "gpg --verify mvg-aims.json.asc mvg-aims.json",
    "expected_outputs": {
      "PASS": "Good signature (valid detached OpenPGP signature over mvg-aims.json).",
      "HOLD": "Signature not yet published (READY_TO_SIGN placeholder) \u2014 fail-closed by design.",
      "FAIL": "Signature present but invalid, mismatched, or not from the expected key."
    }
  },
  "openpgp4fpr": "58335BA12693400891BF13285A9E187C3BB18C94"
}