Tim Wolfe

AI Platform Architect · A2A · Agents · MCP · Secure Systems

Advisory

Private A2A · Agent · MCP Advisory Practice

Governance. Compliance. Security. Architecture.

A2A · Agents · MCP

Production-grade AI agent systems for regulated enterprises — where "it mostly works" isn't an answer, and a regulator can audit any decision down to the hash.

The thesis. Most enterprise AI deployments fail the audit they haven't had yet. I build the stack that passes it — compile-time governance, runtime enforcement, post-quantum A2A transport, and compliance automation across 22 regulatory frameworks. Agents are governed before they run, validated before they deploy, and recallable in under one turn.

Bastion · Deployment Envelopes

Four SKUs · one platform

Citadel

Hosted SaaS

Fortune 500 · GovCloud

Stronghold

Enterprise On-Prem

Regulated · Full stack

Enclave

DoD Air-Gap

IL4/IL5 · SCIF · ATO

Sovereign

Classified IL6

IC · CLI · Zero network

Six practices, one operator. Click any to expand. Filter by sector to narrow the list.

Agent Governance & Constitutional AI

Production AI agents with hard governance guarantees — compile-time enforcement, runtime validation, instant recall.

Flagship Castellan OWASP Agentic

What ships

Constitutional policy compilation · 6-stage deterministic pipeline · Rust runtime enforcement · 30-check policy gate · kill switch propagation.

Frameworks supported

LangGraph · CrewAI · AutoGen · Haystack — governance embedded inline via --governed export.

Audit posture

Every decision traceable to the specific policy rule and spec field that triggered it. Zero LLM in the enforcement path.

Scope this engagement →

Compliance & Regulatory Navigation

FedRAMP, NIST, HIPAA, ISO 42001, EU AI Act — mapped to your AI systems with automated SSP generation.

22 Frameworks OSCAL JSON SPRS scoring

Federal

FedRAMP · NIST 800-53/171/207 · CMMC · DoD AI RMF · DISA STIG · FDA PCCP.

Industry

HIPAA · PCI-DSS · SOC 2 · ISO 42001 · ISO 27001 · CSA Agent Trust Framework.

International

EU AI Act · GDPR · FZ-152 · CNSA 2.0 · CNSSP-12 alignment.

Scope this engagement →

MCP Security & Supply Chain

Harden agent tool chains against poisoning, rug pulls, and exploit chaining. 20+ detection patterns.

OpenClaw SHA-384 Level 6 hardened

Design-time defense

Tool description poisoning scanner · 20 regex patterns · 4 severity levels · shadowing detection.

Runtime protection

Tool integrity re-verification · 4-dimensional trust scoring · PII redaction at call-site · per-channel policy.

Arsenal coverage

52+ hardened Rust MCP servers across 9 DoD functional areas · SCIF-grade isolation.

Scope this engagement →

DoD Hardening & TS/SCI Deployment

AI agents compiled to DoD specification — SCIF, air-gap, classified network-ready with full ATO packages.

Defense Only TS/SCI CNSA 2.0

ATO deliverables

SSP (OSCAL JSON, NIST 800-53 Rev 5) · PPS · CMR · STIG checklists (V-ID, CAT I/II/III) · CycloneDX AI SBOM.

Crypto & identity

FIPS 140-3 · post-quantum (ML-DSA-87, SLH-DSA-256) · SPIFFE/SPIRE · CAC authentication · 60-second token TTL.

Deployment posture

Air-gapped · classification banners UNCLASSIFIED → TS//SCI · zero cloud dependencies · Level 6 hardened Rust.

Scope this engagement →

AI SDLC Automation & Gates

Deterministic pipelines producing SHIP / REVIEW / BLOCK verdicts at the merge gate.

Charlotte 54 checks CI/CD native

Pipeline stages

Validate → Compile → Scan → Lint → Test. Context engineering for system prompts, Claude Code skills, MCP servers.

Security coverage

OWASP Top 10 Agentic · prompt injection filtering · PII leakage · MCP tool poisoning · 21 categories.

CI integration

castellan ci-diff posts APPROVE / REVIEW / BLOCK as PR comment. GitHub · GitLab · Jenkins.

Scope this engagement →

Enterprise AI Platform Architecture

Multi-provider orchestration with governance woven into the design — ReAct runtime, A2A protocol, circuit breakers.

3 providers Post-quantum A2A Circuit breaker

Runtime design

Async-first ReAct (Observe → Think → Act → Validate) · Anthropic · OpenAI · Google · MCP client · RAG · LRU+TTL caching.

Multi-agent patterns

Supervisor · pipeline · broadcast · peer collaboration · delegation depth limiting · dynamic routing.

Cost governance

Per-run budget enforcement · model routing by cost/capability · circuit breaker states · per-tenant tracking.

Scope this engagement →

The regulatory fluency that underpins every engagement. Grouped by jurisdiction.

Why this matters. Most AI deployments are built first and compliance-fit later — a costly inversion. These frameworks are baked into my toolchain: live codebase scanning, automated SSP generation, and behavioral policy templates pre-aligned to each.

Federal · U.S. Government

7 frameworks

FedRAMP Low / Moderate / High baselines · OSCAL JSON SSP

NIST 800-53 Rev 5 · full control family mapping

NIST 800-171 110 CUI requirements · SPRS scoring

NIST 800-207 Zero Trust Architecture

CMMC Levels 1–3 · DoD supply chain

NIST AI RMF AI Risk Management Framework

FDA PCCP Predetermined Change Control · 7 categories

Defense · Classified & Tactical

6 frameworks

DoD AI RMF Department of Defense AI Risk Framework

DISA STIG V-ID mapping · CAT I/II/III · CKL export

DoD IL4 / IL5 Impact Level classifications

FIPS 140-3 Cryptographic module validation

CNSA 2.0 Commercial National Security Algorithm

CNSSP-12 TS/SCI classified systems floor

Industry · Commercial Regulated

6 frameworks

HIPAA Healthcare · PHI handling & audit

PCI-DSS Payment Card Industry Data Security

SOC 2 Type II · Trust Services Criteria

ISO 42001 AI Management System · 32 clauses

ISO 27001 Information Security Management

OWASP Agentic Top 10 for Agentic Applications

International · Cross-Border

3 frameworks

EU AI Act European Union AI regulation

GDPR General Data Protection Regulation

FZ-152 Russia · personal data localization

Drawbridge Plus — post-quantum ready A2A transport. Triple-signature hybrid, CNSA 2.0 on the wire, downgrade-strict verification.

The crypto foundation. Post-quantum cryptography isn't a roadmap item — it's already shipping. Every agent-to-agent message signs with three independent layers (classical + PQ lattice + PQ hash-based), encrypts with CNSA 2.0 mandated AEAD, and authenticates with downgrade-strict verification. Live TCP round-trip proven end-to-end.

Security properties

Triple-Signature Hybrid Signing

Every envelope signs with three independent signature schemes. Classical + PQ lattice + PQ hash-based. A break in any single algorithm does not forge.

Ed25519 · ML-DSA-87 · SLH-DSA-256

Downgrade-Strict Verify Enforcement

If a bundle declares a PQ layer, the signature MUST carry it. Stripping layers is a hard verification failure, not a silent fallback.

has_pqc · has_slh_dsa bundle gates

CNSA 2.0 Wire Crypto Compliance

NSA Commercial National Security Algorithm suite on every wire payload. The mandated baseline for U.S. national security systems.

AES-256-GCM · SHA-384 · HMAC-SHA384 · HKDF-SHA384

Forward Secrecy + Replay Session

Fresh ephemeral hybrid-KEM keypair per call. Timestamp + nonce replay window. Per-operator rate limit keyed on fingerprint, not IP.

X25519 + ML-KEM-1024 · ±5 min freshness

Algorithm inventory

Layer	Primitive	Standard
Sig	Ed25519	FIPS 186-5 · RFC 8032
Sig	ML-DSA-87	FIPS 204 (lattice)
Sig	SLH-DSA-256	FIPS 205 (hash-based)
KEM	X25519	RFC 7748 (classical DH)
KEM	ML-KEM-1024	FIPS 203 (HKDF combined)
AEAD	AES-256-GCM	FIPS 197 · SP 800-38D
Hash	SHA-384	FIPS 180-4
MAC	HMAC-SHA384	FIPS 198-1 · RFC 2104
KDF	HKDF-SHA384	RFC 5869
At-rest	Argon2id	OWASP 2024 (identity KEK)
At-rest	XChaCha20-Poly1305	RFC 8439 ext (192-bit nonce)

Standards alignment

CNSA 2.0 Wire Crypto

FIPS 140-3 Module Validation

FIPS 203/204/205 Post-Quantum

Three ways to work together, scoped to the shape of the problem. Most clients start with Assessment.

Assessment

2–4 weeks · fixed fee

Diagnose where you stand before committing to a build. Architecture review, governance-gap analysis, compliance mapping, remediation roadmap.

Architecture & compliance review
Governance-gap diagnostic
Framework mapping
Remediation roadmap
Executive briefing

Build

6–20 weeks · milestone-based

Implementation engagement. Stand up the governance stack, integrate compliance automation, ship with your team trained to operate it.

Governance stack
Compliance automation
MCP hardening
DoD packaging
CI/CD gates
Team training

Retainer

Ongoing · monthly

Technical advisory board seat. Monthly strategic review, continuous compliance monitoring, on-call incident response.

Advisory board seat
Drift monitoring
Framework tracking
Incident response
Quarterly review

Los Altos, California

Tim Wolfe

AI Platform Architect · A2A · Agents · MCP · Secure Systems

Fastest path is email with a one-paragraph description of the problem. I'll respond within 48 hours with a scoped proposal or a referral.

Email rtwolfe@gmail.com Direct 650.390.5003 LinkedIn /in/timwolfe Telegram @timwolfe GitHub /rtwolfe/portfolio

⚬ Available for select engagements

DoD · NIST-aligned · CSPO · A-CSM