Overview
The SWT3 Dynamo adapter brings compliance witnessing to the infrastructure layer. Instead of wrapping AI client calls in application code, you instrument the inference server itself. Every request that flows through a Dynamo endpoint is automatically witnessed with the same SWT3 anchors, fingerprints, and clearing protocol used by the application-layer SDKs.
The adapter provides two integration layers. Use one or both depending on your deployment model.
Layer 1: Decorator (Zero Dependencies)
A Python decorator that wraps any async generator endpoint. Zero Dynamo-specific imports. Works with or without the Dynamo runtime. Tested on plain Python async generators.
from swt3_ai.adapters.dynamo import witness_endpoint
# Add one line. Chunks pass through untouched.
@witness_endpoint()
@dynamo_endpoint()
async def generate(self, request):
async for chunk in self.backend.generate(request):
yield chunkLayer 2: Service Graph (Dynamo-Native)
A Dynamo-native @service class that integrates into Dynamo's depends() graph. Reads request metadata from nvext extensions. Publishes Prometheus metrics. Requires pip install swt3-ai[dynamo].
from swt3_ai.adapters.dynamo_infra import WitnessInterceptor
# Inject as a Dynamo service
# Adds swt3_witness_total, swt3_clearing_level metrics
# Reads model_id, gpu_utilization, batch_size from nvextConfiguration
Option 1: DSN (Recommended)
A single environment variable contains the endpoint, API key, and tenant ID:
# Format: https://{api_key}@{endpoint}/{tenant_id}
export SWT3_DSN="https://axm_live_abc123@sovereign.tenova.io/MY_ENCLAVE"
# Optional: set clearing level (default: 1)
export SWT3_CLEARING_LEVEL=2The DSN format works with Docker, Kubernetes, Terraform, and any env-var-based configuration system. No config files, no secrets in code.
Option 2: Separate Environment Variables
export SWT3_ENDPOINT="https://sovereign.tenova.io"
export SWT3_API_KEY="axm_live_abc123"
export SWT3_TENANT_ID="MY_ENCLAVE"
export SWT3_CLEARING_LEVEL=1Option 3: Explicit Witness Instance
from swt3_ai import Witness
witness = Witness(
endpoint="https://sovereign.tenova.io",
api_key="axm_live_abc123",
tenant_id="MY_ENCLAVE",
clearing_level=2,
)
@witness_endpoint(witness=witness)
async def generate(self, request):
...Graceful Degradation
If no configuration is found, the decorator is a transparent no-op. Your endpoint works exactly as before. A single warning is logged at startup. This means you can deploy the decorator in all environments and only activate witnessing where the DSN is set.
What Gets Witnessed
Each request through a witnessed endpoint produces anchors for:
| Procedure | Factor Source | What It Captures |
|---|---|---|
AI-INF.1 | Request/response hashes | Inference provenance (SHA-256 of prompt + response) |
AI-INF.2 | Wall-clock timing | End-to-end latency against configured threshold |
AI-MDL.1 | model_id from request | Deployed model identity verification |
AI-MDL.2 | model_id hash | Model version identifier recorded |
AI-GRD.2 | Finish reason | Safety filter / content refusal detection |
Layer 2 adds infrastructure-specific factors that application-layer SDKs cannot observe:
- GPU utilization from
nvext.gpu_utilization - Batch size from
nvext.batch_size - Queue depth from Dynamo's request pipeline
- Engine version from the Dynamo runtime
Deployment Patterns
Docker / Kubernetes
# Dockerfile
RUN pip install swt3-ai
# kubernetes deployment.yaml
env:
- name: SWT3_DSN
valueFrom:
secretKeyRef:
name: swt3-credentials
key: dsnTerraform
resource "aws_ecs_task_definition" "dynamo" {
container_definitions = jsonencode([{
environment = [
{ name = "SWT3_DSN", value = var.swt3_dsn }
]
}])
}Air-Gapped / SCIF
Set SWT3_CLEARING_LEVEL=3 (Classified). At Level 3, only numeric factors and a hashed model ID leave the inference server. Combine with factor_handoff="file" to write full evidence to a local secure volume for offline analysis.
Metrics (Layer 2)
Layer 2 publishes Prometheus-compatible metrics through Dynamo's MetricsRegistry:
| Metric | Type | Description |
|---|---|---|
swt3_witness_total | Counter | Total anchors minted (labels: procedure, verdict) |
swt3_clearing_level | Gauge | Current clearing level |
swt3_flush_latency_ms | Histogram | Witness flush latency |
These metrics integrate with existing Dynamo monitoring dashboards. No additional scrape configuration required.
Clearing for Infrastructure
Infrastructure-layer witnessing uses the same four clearing levels as application-layer SDKs. The clearing level is set via SWT3_CLEARING_LEVEL or the clearing_level parameter.
Verification
Anchors produced by Dynamo endpoints are identical to those produced by application-layer SDKs. They use the same fingerprint formula, the same SWT3 anchor format, and can be verified through the same public verifier:
# Verify any anchor (browser, zero server calls)
sovereign.tenova.io/verify
# Formula (identical across all SDKs and adapters)
SHA256("WITNESS:{tenant}:{procedure}:{fa}:{fb}:{fc}:{ts_ms}")[0:12]Further Reading
- SDK Documentation (all providers, clearing levels, configuration)
- SWT3 Protocol Spec: Infrastructure-Layer Witnessing
- Design Rationale: Two-Layer Architecture
- Factor Handoff Protocol (air-gapped evidence custody)
- UCT Registry (162 procedures, full factor definitions)