GLACIS Sidecars

GLACIS sidecars are lightweight proxy services that sit alongside your AI applications. They intercept requests to AI models, generate cryptographic attestations, and send them to the GLACIS receipt service for verification and storage.

Why Sidecars?

Traditional compliance approaches require manual evidence collection and point-in-time audits. GLACIS sidecars provide continuous attestation by:

• Intercepting every request to your AI models (OpenAI, Anthropic, etc.)
• Generating L0 attestations (metadata) for all requests
• Generating L2 attestations (evidence) for sampled requests
• Sending proofs to the GLACIS receipt service
• Auto-mapping evidence to ISO 42001 controls

Attestation Levels

L0 Attestations (Metadata)

Generated for every request. Contains:

• Blinded request ID (8 bytes)
• Request commitment hash
• Encoder identifier
• Ed25519 signature
• Timestamp

Storage: ~200 bytes per request

L2 Attestations (Evidence)

Generated for sampled requests (configurable rate). Contains:

• Full PRF tag (256-bit)
• Evidence commitment
• Policy scores (toxicity, PII, bias)
• Request/response content
• Ed25519 signature

Storage: ~2-10 KB per request

Deployment Options

Choose the deployment option that best fits your infrastructure:

Cloudflare Workers Global edge deployment with sub-millisecond cold start. Ideal for low-latency requirements.

Google Cloud Run Container-native deployment with ~200ms cold start. Great for GCP environments.

AWS Lambda Event-driven deployment with ~100ms cold start. Perfect for AWS-native stacks.

Kubernetes Zero-egress sidecar with NetworkPolicy enforcement. Best for on-prem or strict security.

Quick Start

npm

npm install @glacis/sidecar

Docker

docker pull ghcr.io/glacis-io/sidecar:latest

Cloudflare

npx wrangler deploy --config glacis-sidecar.toml

Basic Configuration

glacis.config.ts

import { defineConfig } from '@glacis/sidecar';

export default defineConfig({
  // Your GLACIS organization
  orgId: process.env.GLACIS_ORG_ID,
  apiKey: process.env.GLACIS_API_KEY,

  // AI provider configuration
  provider: {
    type: 'openai',
    apiKey: process.env.OPENAI_API_KEY,
  },

  // Sampling configuration
  sampling: {
    // L2 sampling rate (1 in N requests)
    rate: 100,
    // Policy scoring enabled
    policies: ['toxicity', 'pii', 'bias'],
  },

  // Receipt service endpoint
  receiptService: 'https://receipts.glacis.io',
});

How Sidecars Work

┌─────────────────────────────────────────────────────────────┐
│  Request Flow                                               │
└─────────────────────────────────────────────────────────────┘

1. Application sends request to sidecar
   App ──▶ Sidecar

2. Sidecar obtains epoch bearer token from witness
   Sidecar ──▶ Witness Service
   Sidecar ◀── Bearer Token + Epoch ID

3. Sidecar forwards request to AI provider
   Sidecar ──▶ OpenAI/Anthropic/etc.
   Sidecar ◀── AI Response

4. Sidecar generates attestation
   • L0: Always (metadata only)
   • L2: If sampled (full evidence)

5. Sidecar sends attestation to receipt service
   Sidecar ──▶ Receipt Service
   Sidecar ◀── Merkle Proof + Receipt

6. Sidecar returns response to application
   Sidecar ──▶ App

Cryptographic Guarantees

GLACIS sidecars provide strong cryptographic guarantees:

Property	Mechanism	Description
Non-repudiation	Ed25519 signatures	Attestations are cryptographically signed
Integrity	SHA-256 commitments	Request/evidence content is commitment-bound
Ordering	Merkle tree inclusion	Attestations are ordered in a verifiable log
Epoch binding	HMAC-SHA256	Attestations are bound to specific time epochs
Zero-egress	Commitment scheme	Only hashes leave your infrastructure

Auto-Evidence Controls

Sidecars automatically generate evidence for these ISO 42001 controls:

Control	Name	Auto-Evidence
A.6.2.6	AI System Monitoring	Request/response attestations
A.6.2.8	Performance Tracking	Latency and error rate metrics
A.7.5	Data Quality	Input validation scores
A.9.4	User Monitoring	Usage pattern attestations

Security Model

Sidecars are designed with security-first principles:

1. Zero-egress design: Evidence never leaves your infrastructure
2. Minimal permissions: Sidecars only need network access to witness/receipt services
3. No secret storage: API keys are passed at runtime, not stored
4. Audit logging: All sidecar operations are logged for compliance

Next Steps

Cloudflare Workers Deployment Deploy a sidecar on Cloudflare's global edge network.

Configuration Reference Full configuration options for GLACIS sidecars.

Attestation Deep Dive Understand the cryptographic details of attestations.