The substrate is real and auditable.

Every protocol decision is documented. The user-side software is open source. The audit log is HMAC-chained on both sides of every privileged call. The cryptography defaults are listed below.

Sovereignty

Your data lives in your container. The skema-gateway daemon, running on your local machine, encrypts every backed-up row with AES-256-GCM before it leaves you. The hosted side holds ciphertext. We can't read it — we don't have the keys.

Audit

Every gateway-authorized action writes two HMAC-signed rows: one on your local machine, one on the hosted container. The chains are independently verifiable. Tampering with either chain breaks the HMAC and surfaces immediately. You can inspect either log at any time.

Cryptography

• Ed25519 for app signatures
• argon2id (m=256MiB, t=3) for backup KDF
• AES-256-GCM for backup data
• EC P-256 + TLS 1.3 for transport
• HMAC-SHA256 for audit chains

CEIGAS

CEIGAS — Cognitively Encoded Identity-Gated Authorization System — is the authorization layer. Eighteen governance domains, ninety-two synapses, a seven-step authorization flow, a kill switch the operator can pull to freeze the Entity. Every privileged action runs through it; nothing privileged runs around it.

Protocol stack

Open-source gateway

The piece of software that touches your local machine is open source. github.com/CEIGASOpenSource/skema-gateway — source-available under PolyForm Noncommercial 1.0.0. Read it, audit it, fork it, run a modified version. The gateway has no hidden behavior because there is no hidden source.

Recovery

At backup install you generate a recovery code. Lose both your passphrase and your recovery code, you lose access to the backup — we have no copy. Real privacy comes with real recovery responsibility. We tell you the trade up front.