How it works
Two parallel narratives. One defensible system.
Research security and export control are different obligations with different artifacts and different signing surfaces. Vigilarx unifies them on the same audit trail and the same citation discipline.
Track 1 · Research security
Five steps from sign-up to a signed RSP certification.
01
Set up your institution (Day 1)
WHAT
Capture the institutional metadata that anchors the cert PDF — federal R&D volume, General Counsel, VP Research, RSP signatory.
WHY
The RSP certification names the institutional officer as author. Vigilarx is the methodology platform; the named officer signs. Exhibit A on the cert PDF documents the signatory's role + authority.
HOW
/settings/institution captures the required fields once. Audit emits org.institution_metadata_set. Subsequent cert signings reference this row by id.
ARTIFACT
/settings/institution → org.institution_metadata_set audit row
02
Import your roster + screen everyone (Week 1)
WHAT
Upload up to 365 covered individuals via CSV. Each row screened against 14 federal + open-source watchlists; a 6-section Person Report renders for each.
WHY
Defensibility is non-negotiable: every claim anchored to a verifiable source row, no fabricated citations, every DOJ enforcement reference cross-referenced to a real announcement. Reports persist with tamper-evident attestation.
HOW
Batch upload via /screen → CSV parse → per-row screening → roster-level synthesis. Reports persist with SHA-256 attestation hash for FCA-defensibility.
ARTIFACT
365 6-section Person Reports + roster-level synthesis JSON
03
Attest the four pillars (Months 2–3)
WHAT
Cyber, Foreign Travel, Training, Export — track operational state, not just attestations. Pillar 3 (training) reflects ≥80% covered-individual coverage; Pillar 4 (export) the same.
WHY
NSPM-33 implementation guidance requires demonstrable pillar coverage. A pillar marked COMPLETE without underlying operational data is not defensible under federal review.
HOW
/compliance pillar cards consume operational data when COMPLIANCE_GATE_V4_5_ENABLED=TRUE. Per-pillar evidence uploads + expiry tracking. POC accountability per pillar.
ARTIFACT
Four green pillar cards with operational evidence row counts
04
Sign the RSP certification
WHAT
Four-step modal flow: review pillars → assign signatory → sign with attestation → render cert PDF. Per-pillar APPROVED stamps applied inline; Exhibits A/B/C appended.
WHY
An RSP certification needs to survive a False Claims Act audit. Exhibit A documents the signatory; Exhibit B freezes the methodology snapshot at sign-time; Exhibit C captures the audit trail snapshot. Verbatim — never overwritten on supersede.
HOW
/cc → Sign certification modal → /api/cert/sign → puppeteer-rendered PDF with the institutional cert template (cover + body + per-pillar stamps + Exhibits A/B/C + branded footer + audit row id).
ARTIFACT
FCA-defensible cert PDF with Exhibits A/B/C + per-pillar APPROVED stamps
05
Generate audit packets, on demand
WHAT
One-click HTML + PDF audit packet. Friendly action labels, human-readable entity names, source-data versions populated per event row.
WHY
When a federal sponsor asks 'what watchlist version was in effect when you flagged this researcher,' the answer needs to be exact and immediate. Source-data versioning makes that lookup deterministic.
HOW
/audit → 'Export packet' → HTML + PDF render. Audit_log entries resolved to friendly labels via lib/audit/action-labels.ts; entity_id resolved to human names via the EntityCell component.
ARTIFACT
Audit packet HTML + PDF with per-event source_data_version JSON
Track 2 · Export Control
Five steps from project description to maintained TCP chain.
01
Triage every new project (Week 1 of project)
WHAT
Plain-English description of the project, its personnel, and any controlled technology in. FRE_APPLIES, TCP_REQUIRED, or LICENSE_REQUIRED out, with cited reasoning + signed PDF.
WHY
Whether Fundamental Research Exclusion applies is the first export-control question on every project — and getting it wrong creates §764 penalty exposure later. Vigilarx generates the determination as an audit-trail artifact, not a memory.
HOW
/export/triage form → 15 CFR §734.8 + §734.13 deterministic decision tree → cited verdict with linked authorities → forward-link to TCP Builder when TCP_REQUIRED.
ARTIFACT
Signed Triage Determination PDF anchored to EAR §734.8 + §734.13
02
Build the TCP when FRE doesn't apply
WHAT
10-section guided plan: project identification, personnel, classified technology, physical controls, IT controls, training, foreign-national clearance, transfer controls, attestations, signature.
WHY
EAR §734.8(c) requires institutional Technology Control Plans when FRE does not apply. The plan IS the institutional commitment; signing without one is the indefensible posture.
HOW
/export/tcp/[id] guided builder → personnel section EC-5 ownership cross-check → Section 1 ECCN-classification helper forward-link → statutory awareness panel at signing → SHA-256 hash recorded.
ARTIFACT
10-section signed TCP PDF with supersede chain + amendment workflow
03
Classify the technology (when ECCN matters)
WHAT
Plain-English item description in. Ranked candidate ECCNs from the full Commerce Control List + USML categories, each with confidence scores + citation-anchored reasoning.
WHY
ECCN classification drives license requirements, country/embargo screening, and deemed-export decisioning. A wrong-classification chain creates EAR §764 + ITAR §127 exposure.
HOW
/export/classify form → deterministic 5-component scorer + LLM reasoning anchored to cited CCL rows → confidence floors enforce defaults to MANUAL on ambiguity (helper, NOT a CCATS replacement).
ARTIFACT
Signed Classification PDF with primary candidate + alternates + cited reasoning
04
Vet the foreign nationals + screen the country pairs
WHAT
Per-scholar 7-status workflow with deemed-export decisioning. Country/embargo screening for travel + technology pairings. License-required determinations cited to authorities.
WHY
EAR §734.13 deemed-export rules and ITAR §120.50 deemed-export analysis are the two surfaces most likely to produce a §764 violation when handled informally. Country/embargo screening (22 CFR §126.1, 31 CFR Chapter V) is the third.
HOW
/export/scholars/[id] per-status state machine → cited authority resolution → statutory awareness panel acknowledgement → /export/country guided screener for travel + tech pairings.
ARTIFACT
Per-scholar clearance record + country-screening determinations with verdict + license analysis
05
Maintain — annual TCP review + Affiliates Rule + audit packet
WHAT
365-day TCP review timer with T-30 / T-7 / T-0 nudge cadence. BIS Affiliates Rule cascade screening (50%-rule). Annual cert PDF + audit packet generation.
WHY
TCPs that aren't reviewed annually become indefensible artifacts. The Affiliates Rule reactivates 2026-11-10 and requires institutions to trace ownership cascades on every listed-party-adjacent collaboration. The audit packet is the FCA-defensibility deliverable.
HOW
Daily 10:00 UTC nudge cron → /export/tcp-reviews dashboard → Mark Reviewed extends supersede chain → /export/affiliates cascade lookup → /audit packet export.
ARTIFACT
Refreshed TCP chain + Affiliates Rule cascade record + annual audit packet PDF
Why two tracks and one system
Both tracks share the same audit trail and the same citation discipline.
The artifacts are different — RSP certs vs TCP signatures, pillar attestations vs ECCN classifications, audit packets vs annual TCP reviews. The defensibility shape is the same: every claim cites a named federal authority, every signature carries a SHA-256 attestation hash, every source-data version is captured at the moment the action was taken.
Walk through both tracks in the live demo.
Demo University tenant pre-loaded — sample researchers, four pillars, sample signed cert PDF, plus example triage / TCP / classification / scholar vetting / country screening / Affiliates Rule cascade artifacts. No sign-up wall.