What runs, where, and what happens when things fail.

This page is the engineering operator's map of the 3DCIPHER AI runtime in production. It is the page we send a customer's SRE team before deployment. If the page below does not give your team enough to plan a deployment, the runbook (separately delivered under support contract) fills the rest; this page is the public scaffolding for that conversation.

$ai-runtime

AI runtime boundaries.

AI services run in the customer-controlled deployment boundary unless a customer explicitly chooses a hosted review flow. Model outputs are advisory evidence: signatures, manifests, HSM counters, and customer approval policy remain authoritative.

service	input	output
evidence extractor	QMS exports, inspection reports, material records	TwinCert draft fields
anomaly scorer	Vault3D posture and bundle metadata	risk score and reviewer queue
watermark detector	mesh, slicer output, point cloud	payload match and confidence
audit summarizer	signed artifacts and reviewer decisions	auditor-facing summary with source links

$topology

Topology.

                    // 3DCIPHER runtime, deployed at a customer site

  +--------------------+         +--------------------+         +--------------------+
  |  slicer host       |  bundle |  printer host      |   sig   |  customer manifest |
  |  - signed slicer   | ------> |  - 3dc daemon      | ------> |  - append-only log |
  |  - operator login  |  v3     |  - Vault3D HSM     |   v3    |  - signed Merkle   |
  |  - slice + attest  |         |  - firmware signed |         |  - posture publish |
  +--------------------+         +--------------------+         +--------------------+
                                          |                                |
                                          |  HSM-signed posture, 1/min     |
                                          v                                v
                                 +--------------------+         +--------------------+
                                 |  customer console  | ------> |  ceremony anchor   |
                                 |  - SAML/OIDC IdP   |  pull   |  - root pin        |
                                 |  - posture view    |         |  - verifier-CLI    |
                                 |  - audit package   |         |  - mirror agreement|
                                 +--------------------+         +--------------------+

Four plane shapes: AI evidence plane (review and anomaly scoring), slicer plane (work originates), printer plane (work is signed), customer plane (work is archived and audited). 3DCIPHER infrastructure is the ceremony anchor only — we do not hold customer keys, customer manifests, or customer telemetry.

$signing-path

The signing path.

One bundle, from operator click to archive. The numbers are p99 from production fleet measurement; the median is approximately 0.55× each step.

Slicer attests its own build (~4 ms). The signed slicer binary publishes its build hash and slicer-attestation key. Verifier-CLI cross-checks against the manifest.
G-code is canonicalised (~8 ms). The slicer emits canonical-form G-code (sorted comments, normalised whitespace) so identical inputs produce identical bundle hashes.
Operator binding is captured (~12 ms). The operator's IdP-issued session token is bound to the bundle; without it, the daemon refuses to sign.
Bundle is composed (~28 ms). G-code, slicer build hash, firmware hash, sensor envelope, operator token, machine-monotone counter. Composed as a canonical-form CBOR payload.
HSM signature is requested (~95 ms). The 3dc daemon submits the canonical CBOR digest to the printer's HSM. The HSM signs without the daemon ever seeing the private key.
Signature is verified locally (~10 ms). The daemon verifies the HSM signature against the printer's published public key before continuing — defends against HSM firmware misbehaviour.
Bundle is committed to the manifest (~22 ms). Append-only log; signed Merkle root recomputed.
Posture is updated (~4 ms). The printer's posture record is updated; the next posture publish (max 60s away) carries the new state.

End-to-end p99: 183 ms. Of which ~52% is HSM signature operation, which is by design — the HSM is the slowest step and the most security-critical.

$boot

Boot sequence.

What happens when a 3DCIPHER-equipped printer boots from cold.

T+0.0s   power on
T+1.2s   bootloader verifies firmware signature against manifest pin
T+1.4s   firmware loads; refuses to start if signature fails
T+1.5s   3dc daemon starts in verify-only mode (cannot yet sign)
T+1.8s   daemon pulls latest manifest; verifies against ceremony root
T+2.6s   daemon establishes session with printer-side HSM
T+2.9s   HSM challenge-response: daemon confirms HSM is the enrolled HSM
T+3.1s   HSM-side health check: tamper switch state, key inventory, RNG self-test
T+3.6s   daemon enters sign mode; posture flips to active
T+3.6s+  first posture publish; subsequent every 60s

         # total cold-boot path: under 4 seconds to first signable state.

$keys

Key custody.

Three key tiers, with rotation cadence and ceremony scope.

tier	holder	scope	rotation	ceremony
ceremony root	5-of-9 quorum HSMs	signs build keys and customer roots	36 months	RB-10 (12 h, witnessed, observer report)
build keys	3DCIPHER engineering HSM	signs firmware, SDK, slicer attestation, advisories	3 months	RB-15 (90 min, dual-control, internal)
customer root	customer-controlled HSM	signs printer enrolment certificates, manifest	12 months	RB-20 (~2 h, dual-control, observer-optional)
printer-side key	per-printer HSM	signs bundles produced by that printer	routine: never; on event: RB-21 (~2 h)	provisioned at enrolment ceremony

Printer-side keys never leave their HSM. The HSM has no exfiltration interface; the cryptographic boundary is the HSM enclosure. Rotation of a printer-side key is a decommission-and-re-enrol of that printer.

$failures

Failure modes.

What goes wrong, and what the system does about it.

Manifest pull stale (network partition).: The printer-side daemon enters verify-only mode after the manifest TTL elapses (default 24 h, configurable 1–72 h). It can still verify past bundles but will not sign new ones. The posture record carries the stale-since timestamp. Remediation: restore network reach. RB-30.
HSM unresponsive.: The daemon retries with exponential backoff (4s, 8s, 16s, fail). On fail, the daemon transitions to fault mode; the printer is taken offline by the daemon (the print job will refuse to start). Customer console raises an alarm. Field intervention required. RB-31.
Signature verification mismatch (after HSM sign).: The daemon verifies every HSM signature before committing it. If verification fails, the bundle is not committed and the HSM is quarantined — we suspect HSM firmware misbehaviour. This is the only condition that escalates direct to on-call engineering. RB-32.
Operator IdP outage.: The daemon caches the most recent operator session for the IdP-configured TTL (default 8 h). After cache expiry, signing is refused. Customer-configurable per policy. RB-33.
Posture publish unreachable.: The daemon queues posture records locally (up to 7 days) and publishes when reach is restored. Signing continues. RB-34.
Ceremony root rotation in flight.: During a ceremony root rotation, both old and new roots are advertised in the manifest. The verifier-CLI accepts either for a 30-day transition window. No customer action required unless their integration hard-pins the old root.

$slos

SLOs.

We publish the SLOs we hold ourselves to. The aggregate posture endpoint exposes the live values.

SLO	target	current	measurement
attestation latency p99	< 250 ms	183 ms	median of fleet-wide measurement over rolling 28 d
attestation latency p99.9	< 500 ms	318 ms	as above
sign success rate	≥ 99.99%	99.997%	signed / (signed + failed) over rolling 28 d, excluding scheduled maintenance
manifest publish latency	< 60 s from event	14 s median	posture event to publish, fleet aggregate
advisory acknowledgement time	< 4 h working time	1 h 18 min median	disclosure receipt to first signed response
key-compromise rate	0 per year	0 since 2024	conservative count; near-misses tracked separately

$observe

What we expose to your monitoring.

3DCIPHER does not run an opaque control plane. Everything we observe about a customer's fleet, the customer can also observe.

Prometheus metrics endpoint on the printer-side daemon: sign rate, sign latency histogram, HSM round-trip latency, manifest staleness, posture publish lag.
Structured JSON logs on the printer-side daemon, with redaction guarantees for bundle contents (only hashes and identifiers, never the underlying G-code).
Signed posture events over the manifest publish endpoint: machine-readable, intended for the customer's SIEM.
Audit trail on the customer console: every operator action, every ceremony record, every rotation. Read-only from the console; exportable to your SIEM.