███████╗ ██████╗██╗ ██╗████████╗██╗ ██╗███╗ ███╗
██╔════╝██╔════╝██║ ██║╚══██╔══╝██║ ██║████╗ ████║
███████╗██║ ██║ ██║ ██║ ██║ ██║██╔████╔██║
╚════██║██║ ██║ ██║ ██║ ██║ ██║██║╚██╔╝██║
███████║╚██████╗╚██████╔╝ ██║ ╚██████╔╝██║ ╚═╝ ██║
╚══════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝
We build software that helps nations protect critical infrastructure. Scutum fuses multi-modal sensor data into a unified operating picture, generates ranked courses of action, requires human authorization before execution, validates outcomes through digital twin simulation, and produces cryptographically auditable command trails — all deployed within sovereign boundaries.
SENSE FUSE DECIDE AUTHORIZE VALIDATE AUDIT
┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐
│ Video │──┐ │ │ │ Ranked │ │ Human │ │ Digital │ │ Hash- │
│ Thermal │──┤ │ Signal │───────>│ Course │───────>│ Operator│───────>│ Twin │───────>│ Chained │
│ RF │──┼────>│ Fusion │ │ of │ │ Approval│ │ Gate │ │ Audit │
│ OT/SCADA│──┤ │ Engine │ │ Action │ │ │ │ │ │ Trail │
│ AIS │──┤ │ │ │ │ │ │ │ │ │ │
│ ADS-B │──┘ └─────────┘ └─────────┘ └─────────┘ └─────────┘ └─────────┘
We publish the building blocks of sovereign infrastructure defense under Apache 2.0.
|
Declarative threat detection rules engine. Threshold, sequence, and correlation matchers with MITRE ATT&CK mapping. |
15 curated detection rules across 6 sectors: port, energy, airspace, maritime, OT, cyber-physical. Response playbooks and false positive guidance. |
Policy-as-code evaluation. Operational, safety, and sovereignty constraints with deny/require_approval/warn/allow verdicts. |
|
Structured safe logging with SafeArg/UnsafeArg. Prevents sensitive data leakage with automatic field detection and redaction guards. |
Tamper-evident SHA-256 hash-chained audit trails. Cryptographic verification and tamper detection for command records. |
Shared ESLint configuration for defense-grade TypeScript. Bans console.log, eval, enforces complexity limits and strict types. |
|
Digital twin simulation. Validate proposed actions against infrastructure models before execution. Outcomes: safe, unsafe, uncertain, degraded. |
Geospatial primitives. Zone classification, corridor deviation, threat corridor projection, haversine, point-in-polygon. |
|
|
Type-safe event bus with middleware pipeline, typed subscriptions, and the Scutum event protocol (12 event types). |
Canonical schema registry. 15 versioned schemas across events, entities, workflows, and geospatial primitives. |
Contract-first code generation. TypeScript interfaces + clients and Python Pydantic models from schema definitions. |
|
TypeScript SDK. Type-safe API client, SSE event streaming, authentication, and domain types. |
Python SDK. Sync and async clients with Pydantic v2 validation, mypy strict, tested across Python 3.10–3.12. |
Command-line interface. Platform health, incident inspection, audit trail queries, validation. |
|
Terraform provider for zones, corridors, detection rules, policies — infrastructure-as-code for the platform. |
Kubernetes Helm charts for sovereign single-tenant deployment. Network policies, security contexts, sovereignty config. |
React starter template. Pre-built hooks and components for building applications on the Scutum platform. |
|
Style guides for TypeScript, API design, security, testing, and defense-specific patterns (human-in-loop, audit chain, policy gate, twin validation). |
||
┌────────────────────────────────────────────────────────────────────────────────┐
│ SCUTUM COMMAND PLATFORM │
│ │
│ Operator Surfaces │
│ ┌────────────┐ ┌────────────┐ ┌────────────┐ ┌────────────┐ │
│ │ Command │ │ Decision │ │ Twin │ │ Audit & │ │
│ │ Console │ │ Workspace │ │ Validation│ │ Sovereignty│ │
│ └─────┬──────┘ └─────┬──────┘ └─────┬──────┘ └─────┬──────┘ │
│ └───────────────┴───────────────┴───────────────┘ │
│ Event Bus (event-kit) │
│ ┌───────────────┬───────────────┬───────────────┐ │
│ ┌─────┴─────┐ ┌─────┴─────┐ ┌─────┴─────┐ ┌─────┴─────┐ │
│ │ Signal │ │ AI COA │ │ Approval │ │ Audit │ │
│ │ Ingestion│ │ Engine │ │ Service │ │ Logger │ │
│ └───────────┘ └───────────┘ └───────────┘ └───────────┘ │
│ │
│ Core Libraries │
│ ┌────────┐ ┌────────┐ ┌────────┐ ┌────────┐ ┌────────┐ ┌────────┐ │
│ │ detect │ │ policy │ │ audit │ │ twin │ │ geo │ │ safe │ │
│ │ +packs│ │ engine │ │ chain │ │ │ │ │ │ logging│ │
│ └────────┘ └────────┘ └────────┘ └────────┘ └────────┘ └────────┘ │
│ │
│ ┌───────────────────────────────────────────────────────────────────┐ │
│ │ event-kit · schemas · codegen · eslint-config · engineering-guide│ │
│ └───────────────────────────────────────────────────────────────────┘ │
│ │
│ SDKs & Integration │
│ ┌───────────────────────────────────────────────────────────────────┐ │
│ │ sdk (TS) · python-sdk · cli · terraform-provider · starter-app │ │
│ └───────────────────────────────────────────────────────────────────┘ │
│ │
│ Infrastructure │
│ ┌───────────────────────────────────────────────────────────────────┐ │
│ │ PostgreSQL · Redis · Docker · Helm · Sovereign Single-Tenant │ │
│ └───────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
| Sovereign by default | All data, compute, and audit trails remain within national boundaries. Single-tenant. No shared infrastructure. |
| Human-in-the-loop | No autonomous action without explicit operator authorization. AI recommends, humans decide. |
| Auditable by design | Every decision produces a hash-chained, policy-labeled, tamper-evident record. |
| Safe by construction | No OT write without twin validation. Policy engine enforces safety at every boundary. |
| One platform | One ontology, one release train. Extend through schemas and detection packs, not forks. |
| Open core | Defense primitives are open source. Product platform is proprietary. |
Every repository ships with CI/CD, security scanning (CodeQL + TruffleHog), automated dependency updates (Renovate), CODEOWNERS, semantic versioning, and changelogs. See the engineering guide for our TypeScript, API design, security, testing, and defense pattern standards.
Abu Dhabi, UAE · scutum.defense