Phase Compression Plan

The PRD describes twelve months of product, compliance, customer, and standards work. This plan compresses local execution into artifacts that unblock parallel teams immediately.

Phase 0

• Publish AGT integration docs.
• Resolve all open decisions.
• Document AGT as an added integration path across existing SDKs and framework integrations.
• Publish control-plane PDP, audit, and identity contracts.
• Reposition docs around the neutral control plane narrative.

Phase 1

• Harden meshguard around mandatory tenant scoping, PDP HTTP fallback, audit schema, identity/SPIFFE design, and load-test targets.
• Enhance meshguard-action toward policy-as-code PR review and historical dry-run workflows across SDK, AGT, sidecar, and proxy enforcement paths.
• Document operator console v2 requirements for fleet, policy, audit, identity, alerting, RBAC, and tenant administration.

Phase 2

• Scaffold public OSS repos for guardian sidecar, egress proxy, audit witness, policy library, standards, and regulated blueprints.
• Publish SIEM/OCSF, deployment, sovereign, air-gapped, streaming inspection, federation, cost, and lineage implementation plans.

Phase 3

• Publish HIPAA, FedRAMP Moderate, FINRA, SOC 2, PCI, ISO 27001, GDPR, and DORA blueprint skeletons.
• Publish standards engagement material for MCP, A2A, AgentCard, IATP, OCSF, OpenInference, SPIFFE, and W3C Verifiable Credentials.

Human-Only Gates

• Paying-customer commitments.
• Upstream Microsoft AGT merge.
• External pen test.
• SOC 2, HIPAA, ISO 27001, FedRAMP, PCI, FINRA, and audit-firm attestations.
• Public named reference customers and analyst coverage.