Skip to content

Bureau — Overview

Bureau for operators

A one-page evaluation guide for the operator deciding whether Pluck Bureau belongs in a production deployment. Print it, circulate it, mark it up.

What you get

  • Tamper-evident dossiers – Every observation is canonical-JSON serialized, hashed, and signed with an operator-held Ed25519 key. Any byte-for-byte modification after signing is detectable.
  • Court-admissible chain-of-custody – The composite dossier shape (Election-Day-Watch, SCIF-Audit, Pharma-Mirror, Autonomy-Ledger) is designed against FRE 901 and FRE 902 self-authentication standards. Per-substrate red dots, cross-program clustering math, peer cosigns, and Merkle inclusion proofs are part of the artifact, not bolted on.
  • Offline verification – Any third party with the operator's public key and the standard cosign binary can verify a cassette without network access. No Pluck server is in the trust path.
  • Public-log permanence – Every published cassette anchors to Sigstore Rekor, the same append-only public log used to sign open-source software. Once anchored, entries cannot be retracted.
  • Peer co-signing – The Gossip layer supports k-of-n quorum across independent operators. A single compromised key cannot retroactively change a multi-cosigned record.
  • Per-program threat model – Every program in the 51-program catalog ships with a dedicated threat-model document covering what attacks it catches, what it does not, and the kill-switch.
  • One toolset, seven domains – AI vendor honesty (14 programs), RF substrate (5), cyberphysical (8), side-channel and physical model identity (5), social/cognitive/civic (6), distributed trust (3), moonshots (6), and composite dossiers (4). All compose over the same @sizls/pluck-bureau-core primitives.

What you need to bring

  • An operator-held Ed25519 signing key. Generate it locally with pluck bureau keys generate --out ./keys --name <op>. The directory is forced to 0700; the private key is forced to 0600. Treat the private key like a passport – escrow only with parties you would trust to file in your name.
  • Sigstore Rekor access. The public Linux Foundation Rekor (https://rekor.sigstore.dev) is free and globally available. A private Rekor instance is supported for air-gapped or jurisdictionally-scoped deployments.
  • An observability stack. Bureau emits structured BureauMetrics events (counters, gauges, histograms) over a pluggable transport. OpenTelemetry, Prometheus, Datadog, or a JSON-line tail all work. The operator picks the sink.
  • A peer relationship for cosigning. Single-operator dossiers verify, but the strongest evidentiary posture comes from k-of-n peer cosigning. Identify peers before launching: civic partners, sister utilities, peer auditors, allied newsrooms.
  • For RF and cyberphysical programs: the appropriate hardware. RTL-SDR (~$40) for Stingray and Celeste, an OBD-II adapter for Ignition, an RFID/NFC reader for Sigil, an industrial protocol bridge for Turbine. Each program documents its hardware envelope. Many programs have demo modes that run with no hardware.
  • Operator capacity for the duty list. Operator Duties – the Permanent-Public-Log rule, probe-pack supply-chain hygiene, quorum participation, whistleblower-source protection, court-evidence custody, compromise response. Read before generating a key.

What it costs

  • The npm packages are MIT and free. @sizls/pluck, @sizls/pluck-cli, @sizls/pluck-mcp, @sizls/pluck-api, and the full @sizls/pluck-bureau-* set carry no per-seat or per-cassette cost.
  • Sigstore public-good Rekor is free. The Linux Foundation operates the public log as a community-good service. There is no fee for anchoring entries.
  • Operator infrastructure is your responsibility. Capture-time compute (a phone, a laptop, an RTL-SDR USB stick, or – for fleet deployments – a small server), storage for cassette archives, observability sinks, and peer-cosign coordination overhead are operator-owned costs.
  • Hardware costs are program-specific. RTL-SDR captures cost ~$40 in hardware. Industrial Turbine bridges cost more. Research-grade programs (Cherenkov-Witness, QKD-Witness, Graviton-Ghost) require specialized equipment and may not be cost-effective for most operators today.
  • There is no hosted Pluck Bureau service today. The runtime is the runtime. Studio (operator UI) at studio.pluck.run/bureau is a free read-only viewer over public cassettes; it is not a custody service.

How to evaluate

A three-step path from zero to a production decision.

  1. Read the foundations document. Bureau Foundations covers the dossier shape, the canonical-JSON digest, the RFC 6962 inclusion-proof verifier, the operator-key ceremony, the kill-switch, and the redactor. Forty-five minutes. Tells you whether the cryptographic posture matches what your compliance team needs.
  2. Run the demo end-to-end. Pluck Bureau in 5 minutes – install the CLI, generate a key, run pluck bureau election-day-watch demo, verify the cassette with cosign verify-blob. No hardware required. Five minutes. Tells you whether the operator workflow lands.
  3. Pick one program and pilot it. Choose the program closest to your existing threat model – Dragnet for AI vendor compliance, Turbine for SCADA chain-of-custody, Custody for AI-conversation chain-of-custody, Election-Day-Watch for civic deployment. Run it for two weeks against a non-critical target. Tells you whether the program's specific assumptions match your environment.

If the three-step pass succeeds, the next decision is peer relationships and key escrow. If any step fails, file an issue against the specific program – the per-program threat model is the canonical place to land corrections.

When NOT to use Bureau

Honesty about limits matters more than honesty about strengths.

  • The RF and cyberphysical tracks are alpha. Stingray, Karma, Celeste, Cosmos, Knob, Icarus, Ignition, Turbine, Meridian, and Embodied-Ledger are usable today and have working demos, but the hardware bridges (SDR adapters, CAN bus interfaces, industrial-protocol gateways) are deferred to per-deployment integration. Production deployment requires operator engineering.
  • Hardware-bridge programs are deferred. Several programs – particularly the side-channel suite (Power-Ledger, Tempest-Witness, Ember, Thermal-Afterglow) and the moonshot tier – depend on specialized capture hardware that Pluck does not vend. Operators must source, calibrate, and characterize their own.
  • Neuro-Consent's cryptographic primitive needs design review. The BCI command and visual-stimulus prompt-injection attestation surface is documented as research-grade. The cryptographic envelope around neural-signal capture has not been independently reviewed. Do not deploy as a sole compliance control.
  • Bureau is not a custody service. Operators hold their own keys, archive their own cassettes, and arrange their own peer cosigning. If your organization needs a vendor-managed key custody service, Bureau is not that.
  • Bureau is not a court of jurisdiction. A signed cassette is evidence; it is not a verdict. The legal weight of any cassette depends on the jurisdiction, the court, the operator's standing, and the evidentiary procedures of the venue. Pluck does not represent operators in legal proceedings.
  • The Permanent-Public-Log rule is permanent. Anything notarized to public Rekor cannot be erased. Operators who notarize personal data, PHI, faces, government IDs, or financial records create permanent records of that data. The redactor exists, but the operator is the last line of defense.
  • Single-operator dossiers are weaker than multi-cosigned dossiers. A bureau cassette signed only by you is verifiable evidence that you signed it. A cassette countersigned by an independent peer is verifiable evidence that two independent parties observed the same fact. Plan peer relationships before deployment.

See also

Edit this page on GitHub
Previous
Bureau Overview
Next
Foundations

Ready to build?

Install Pluck and follow the Quick Start guide to wire MCP-first data pipelines into your agents and fleets in minutes.

Get started →