The methodology.
Spectral geometry over LoRA fleet behavior. PCA basis from grade-space SVD. Reproducibility under sha-pinning. The mathematical substrate behind every attestation Astrolabe issues.
1. Subject of measurement.
Astrolabe measures behavioral variation across a finite set of comparable subjects evaluated on a finite set of comparable categories. The substrate is intentionally domain-agnostic: subjects may be LoRA adapters, model checkpoints, prompt scaffolds, retrieval configurations, or human-graded artifacts. Categories are discovered at intake from the customer's evaluation rubric; the engine does not assume a fixed taxonomy.
2. Mathematical core.
Given n subjects scored on k categories, Astrolabe constructs the centered n × k grade matrix and computes its singular value decomposition. The principal components form an orthonormal basis for variation. The first principal component (PC1) is the direction along which subjects most differ; the variance explained by PC1 is reported as a single scalar (e.g. PC1 = 0.701 on the Bibles reference). The cluster count is recovered from PC1 via a sign-change pass and confirmed against the populated subset of the k3-vector space when categories are trinary.
Projection from the high-dimensional grade space onto the PC1–PC2 plane is stereographic and conformal in the planispheric sense: angles between subject vectors are preserved under the projection, which is the property that makes the resulting 2-D figure admissible as a decision surface rather than a lossy summary.
3. Attestation.
Every measurement run emits a bundle: the input fleet manifest, the spectral report, per-subject signatures, and an ATTESTATION.json that names the engine version, lists every artifact with its SHA-256, and declares a Merkle root over the artifact list. The root is the attestation. A third party who receives the bundle recomputes each artifact's hash, rebuilds the Merkle tree, and verifies that their root equals the declared root. The reference bundle's declared root is 51b92e1ceec84a0d376ea438cab468862f9130a371ba79dd17371866662f1477; reproducing it from the bundle inputs alone is the proof.
4. Standards mapping.
Astrolabe's vocabulary deliberately tracks existing federal and IETF standards. The mapping below lets evaluators bind PSP terms to terms they already audit against.
| PSP term | Standard counterpart | Document |
|---|---|---|
| Attestation bundle | SCITT receipt / artifact | IETF SCITT (draft-ietf-scitt-architecture) |
| Attestation root | Receipt registration · transparent log root | IETF SCITT · RFC 9162 (CT) |
| Hash algorithm | SHA-256 | FIPS 180-4 · FIPS 202 (parity track for SHA-3-256) |
| Crypto module posture | Validation in process | FIPS 140-3 |
| Build provenance | SLSA L3 target · signed engine binary | SLSA v1.0 · in-toto · Sigstore (cosign) |
| Software bill of materials | SBOM with each release | NTIA minimum elements · CISA SBOM |
| Secure SDLC posture | SSDF practice mapping forthcoming | NIST SP 800-218 (SSDF v1.1) |
| Supply-chain risk | C-SCRM enclave | NIST SP 800-161r1 (C-SCRM) |
| AI risk management | Govern / Map / Measure / Manage envelope declared | NIST AI RMF 1.0 · ISO/IEC 42001 |
| AI controls | Mapping forthcoming | NIST SP 800-53 Rev. 5 · AI-specific overlays |
| Independent recompute | FFRDC / UARC co-attestation | FAR 35.017 · MITRE / Aerospace / Lincoln Lab · APL / GTRI / ARL-UT |
| Conformance vector | Published test vector + reference inputs | NIST CAVP / FRVT idiom |
5. Reproducibility.
The mathematical pipeline is deterministic under sha-pinning of (a) the input fleet, (b) the category rubric, and (c) the engine binary. Numerical paths use IEEE 754 binary64 with a fixed BLAS configuration declared in the bundle. Two parties running the same engine on the same inputs produce byte-identical bundles and identical Merkle roots. Any deviation from byte-identity is itself a measurable signal and is reported as an artifact mismatch on the verify path.
6. Limitations declared.
Astrolabe measures the variation that the supplied categories make visible; it does not certify that the rubric is complete. The engine's outputs are valid against the declared rubric only. Customers who require a different category set must declare it at intake — categories are part of the attestation, not an out-of-band assumption.
7. Citation.
Preprint PDF will land at /assets/methodology.pdf on publication. Citable hash and DOI will appear here on issue. Pre-publication citation: Ross, L. C. (2026). Astrolabe: a sha-pinned measurement engine for federal AI assurance. Methodology preprint v1.0, Planisphere. Recompute from /bundles/demo/.