FAQ + Troubleshooting
Sections:
Procurement & security
Does Trinitite store our prompts? By default, no. Inference response bodies are not persisted unless the tenant opts into replay support. The Glass Box Ledger stores only the cryptographic hashes of inputs, the verdict, and any correction patches — never the raw text. See Trust Center > Retention.
Does Trinitite train on our data? No. Closed-loop training (see Guardian Training) operates on embeddings of correction patches, not raw prompts, and is opt-in per tenant. Federated Defense aggregates embeddings only from tenants who have explicitly opted in.
Where is the data stored? US-East, EU-Central, or AP-Southeast at your choosing. Other regions on request. Self-hosted deployments stay entirely in your environment — see Self-hosting.
Can we self-host? Yes. Trinitite ships as Docker images you can deploy to Kubernetes, ECS, GCE, or air-gapped environments. See Self-hosting.
Do you have a SOC 2 report / BAA / DPA? Yes — available under NDA. Email trust@trinitite.ai. See Trust Center > Security artifacts.
Do you have a vulnerability disclosure program?
Yes. security@trinitite.ai, PGP available at /.well-known/security.txt. See Trust Center > Vulnerability disclosure.
What happens if Trinitite goes away? Your Glass Box Ledger receipts are independently verifiable via the public verifier — see Public Verification. Your trained Guardians are exportable as standard LoRA tensor files. You can run the inference path on any deterministic-mode SGLang or vLLM server.
Architecture
Why a separate Guardian model instead of fine-tuning the main LLM? Mathematical incompatibility: the same parameters can't be both creative (the Actor) and restrictive (the Censor). See Architecture > Why Separation of Concerns.
Why deterministic if the underlying LLM isn't? The Guardian doesn't need to be creative. It needs to map an input vector to one of three outcomes. That decision is made deterministic via batch-invariant kernel and fixed-tile reduction. See Architecture > Batch-Invariant Determinism.
How is this different from RAG? RAG retrieves context. The Guardian decides whether the output of any system (RAG-augmented or not) is safe to release. They compose well — see Observability > RAG Telemetry.
Can the Guardian itself be wrong?
Yes — and that's why every decision is hashed, signed, and replayable. The replay verdict taxonomy (bit_exact / semantic_only / divergent / original_missing) explicitly handles the case where a later run disagrees with an earlier one. See Glass Box Ledger > Replay Verdict Taxonomy.
What happens under load? Latency stays sub-400ms p99. Safety drift stays at 0.00%. See Benchmarks for the methodology.
Operational
My calls are hanging — what do I check first? Three things, in order:
- The L4 breaker for your provider —
GET /v1/governance/statewill show open breakers. - The L5 retry limiter on the offending tool.
- Network egress allowlists from your environment to
api.trinitite.aiand (if applicable) your upstream provider.
A Guardian is blocking calls I expect to pass.
Pull the receipt: GET /v1/logs/{ledger_id}. The correction_diff field shows the embedding distance and which Forbidden subspace was matched. Two common causes:
- The Guardian is operating against a stricter rubric than you expected — check
policy_hashon the receipt against the policy you intended. - A recent training run advanced the Safety Ratchet past your threshold. Roll back the adapter via
POST /v1/guardians/:id/rollback.
My MCP tool is returning Schema validation errors.
The per-tool Guardian validates against the schema you registered. If the LLM is consistently producing slightly off-schema arguments, retrain the Guardian via POST /v1/training/retrain — the Teleological Data Generator will pick up the new patterns.
I don't see my events in the SIEM. Three things, in order:
- Check the sink config:
GET /v1/observability/sinks— look for thelast_ship_atandlast_errorfields. - Verify the audit chain:
GET /v1/public-verify/anchorshould return a valid Merkle anchor for the time window in question. - Check the destination's quota / index settings.
Errors
| Code | Meaning | What to do |
|---|---|---|
unauthorized | Bearer token invalid or expired | Rotate the key; check it's tk_test_… for sandbox or tk_live_… for prod. |
guardian_not_found | The Guardian name does not exist for this tenant | List available: GET /v1/guardians. |
guardian_blocked | Output blocked by Guardian decision | Pull the receipt to see the reason. This is not an error in the platform — it's a policy decision. |
policy_finalization_pending | The Guardian is still training | Poll GET /v1/finalization-pipelines/:id until status is ready. |
route_breaker_open | L4 breaker is open on this route | Inspect with GET /v1/governance/state; close manually or wait for cool-down. |
economic_session_tripped | L3 breaker tripped on a session | Reset with operator approval; consider raising the per-session ceiling. |
nhi_suspended | The NHI making the request is L2-suspended | Lift the suspension if intentional; otherwise investigate why the NHI was suspended. |
org_blocked | L1 org-wide block applies | Inspect the block list at GET /v1/governance/state. |
emergency_shutdown | L0 fleet shutdown is active | Out-of-band restoration is required. |
rate_limited | Per-tenant rate limit hit | Back off; see Retry-After header. See SLA & Limits. |
idempotency_key_reused | The same idempotency key was used with different payload bytes | Generate a fresh key; idempotency window is 24h. |
provider_credential_invalid | The vaulted provider credential failed upstream | Re-vault it via POST /v1/provider-credentials. |
policy_hash_drift | The retrieved policy hash differs from the active rubric | Reconcile via POST /v1/policies/:id/finalize — surfaces in Observability > RAG Telemetry. |
imds_shield_blocked | L6 IMDS shield blocked egress to a metadata endpoint | If intentional, this is a policy bug — most legitimate workloads don't need IMDS. Investigate before raising the shield. |