SM / Truth Stack

Secret Mediation

Controlled secret mediation under proof.

SM is the release-mediation system for secrets. It proves whether a secret was released, to whom, under what conditions, or whether release was refused.

Layer Truth Stack

Status Core Truth Stack system.

Boundary One system, one question

What it is

SM is the release-mediation system for secrets. It proves whether a secret was released, to whom, under what conditions, or whether release was refused.

What problem it solves

Secret managers optimize for retrieval and caching. Under coercion, audit, or litigation, that model collapses because disclosure truth is weak and often unverifiable.

What it does

Accepts sealed secrets under doctrine and binds release to capability, time, identity, and execution context.
Supports mediation primitives such as lease, use-once, derive, inject-into-process, and transform-without-disclosure.
Emits release, revocation, and refusal evidence as first-class proof.

What it does not do

It does not expose a raw plaintext retrieval primitive.
It does not act as long-term secret storage, a general KV database, or an admin bypass layer.
It does not privilege convenience, caching, or silent rotation over proof.

Who it is for

Operators who treat secrets as liabilities to constrain rather than assets to distribute.
Systems where blast radius and future provability outweigh developer ergonomics.

Where it fits

SM is the Truth Stack mediation layer. It arbitrates disclosure without owning authority or material lifecycle.

Typical deployment context

Used where secret use must remain bounded, re-authorized, and provable years later.

Primary source docs

Why SMsm/docs/01_why_sm.md
Refusal doctrinesm/docs/03_refusal_doctrine.md
CLI/API contractsm/docs/06_cli_api_contract.md