NAICOM

An AI operations control plane built for regulated environments.

NAICOM turns AI-assisted software development into an auditable, issue-linked process. Every session traces back to a ticket, a prompt file, and a specific change — so compliance teams can answer the questions auditors are starting to ask.

Request early access See integrations

The problem

AI coding assistants leave no structured audit trail.

Enterprise AI coding tools produce code at the pace of the developer's typing. What they do not produce is a durable record of which instruction produced which change, linked to which requirement, under whose authority.

That gap is tolerable in commercial software. It is not tolerable in a FedRAMP boundary, a DoD IL environment, or any system whose controls derive from NIST 800-53 or the emerging NIST AI RMF. Auditors will ask which prompts produced code inside the authorization boundary. Most teams have no way to answer.

NAICOM closes that gap without slowing developers down.

How it works

Four pillars of AI traceability.

Each pillar is a concrete artifact the platform produces and retains — not a policy statement, not a workflow diagram.

Issue-first traceability

Every AI session opens against a Jira issue. Business requirement → issue → session → prompt file → commit → deployed artifact. No untracked AI work exists in the repository.

Prompt files as audit artifacts

Each task is defined in a versioned prompt file committed to the repo alongside the code it produced. A permanent, diff-able record of what instruction produced what change.

Structured session logging

Sessions are tracked with a durable session ID, role, interface, issue reference, and status. The full transcript is retained as a queryable artifact, not ephemeral terminal scrollback.

Role-scoped dispatch

Operator roles (Research, Arch, Code, QA, DevOps) are spawned as scoped subprocesses with explicit cwd, permissions, and issue context. Separation of duties is enforced at dispatch.

From the command line

One command opens an audited session.

The novaicom dispatch command opens a scoped subprocess with cwd pinned, permissions enforced, operator identity verified, and the prompt file hashed. Nothing runs outside a session.

—Role, issue key, and prompt file are required arguments.
—Session ID is allocated before the agent process starts.
—Abandoning a session without a receipt raises a flag in the audit log.

~/repos/ssp-api

$ novaicom dispatch \
    --role code \
    --issue NCC-441 \
    --prompt docs/prompts/NCC-441-patch.md

[+] session naic-f804 opened · role=code
[+] issue NCC-441 linked · jira remote-link created
[+] prompt NCC-441-patch.md · hash sha256:9a1c…
[+] operator alice@customer.gov · oidc ✓
[+] cwd pinned /repos/ssp-api · write scope
[+] engine listening on unix:/run/naicom.sock

  session ready · ctrl-c abandons (without receipt)

Integrations

Two systems of record. One continuous chain of custody.

NAICOM treats Jira as the source of intent and Git as the source of truth. Every AI session binds the two together.

Jira integration

Every session opens against a specific issue. The session is cross-linked into the Jira ticket as a remote link, with status transitions and work logs written back automatically.

— Issue key required to open a session; sessions without one are rejected at dispatch.
— Session status mirrors into the Jira workflow: coding, reviewing, awaiting-feedback.
— Prompt files attach as remote links on the issue at session close.
— Supports Jira Cloud (REST API v3) and Data Center.

blackmesa.atlassian.net / NAC-132

NAC-132

Implement prompt-file dispatch for Code operators

In Progress Story · 5 pts

NAICOM sessions (3)

naic-7c3e · Code ✓ closed

naic-a219 · QA ✓ closed

naic-f804 · Code ● coding

Git integration

Prompt files live in the repository under docs/prompts/, named with the issue key. Commits reference the session ID. A pre-push hook enforces the chain before anything leaves the developer's machine.

— Supports GitHub, GitLab, Gitea, and Bitbucket.
— Enforces branch-per-issue naming and PR-to-issue cross-linking.
— Commit trailers record the session ID and prompt-file path.
— Pre-push hooks reject commits that lack a valid chain of custody.

git log --format=full

commit a7f3c12…

Author: operator <code@novaprospect>

Date: Apr 21 09:14:22 2026

NAC-132: wire prompt-file dispatch

Session-Id: naic-f804

Prompt-File: docs/prompts/NAC-132-dispatch.md

Operator-Role: code

Reviewed-By: naic-a219

✓ chain-of-custody verified · 4/4 trailers present

Prompt file

Every session is bound to a versioned Markdown prompt file in docs/prompts/. Front-matter records the issue key, role, operator, and creation timestamp; the body is the instruction the agent executes.

—Reviewed as a pull request before dispatch.
—Hash recorded at session open and at close.
—Diffs across prompt versions are first-class audit evidence.

docs/prompts/NCC-441-patch.md

---
issue:    NCC-441
role:     code
operator: alice@customer.gov
created:  2026-04-21T09:14:22Z
---

# Patch the SSP dispatch chain

## Context
The dispatch chain currently bypasses deploy-
verification when target = prod.

## Requirements
- Invoke pack deploy-verify-NCC-441
- Fail closed if drift > 0
- Emit signed receipt to the engine

## Constraints
- No change to public API shape
- Land behind existing feature flag

## Success criteria
- `npm test` green
- verification pack runs on CI
- receipt signature verifies

✓ reviewed in PR #87 · merged 2026-04-20 · sha256:9a1c…

Paired with the platform

AI-assisted development, end-to-end attributed.

NAICOM runs best alongside the FedRAMP Management Engine and Citadel. NAICOM logs the work; the Engine attributes the resulting change to the controls it affects; Citadel verifies, at the host level, that the change actually landed as intended. One continuous, signed chain of custody — not three parallel stories.

Chain of custody

01 · JIRA

Issue

Requirement recorded against a boundary component.

→

02 · NAICOM

Session + prompt

AI session logged, prompt file versioned in git.

→

03 · GIT

Commit + trailers

Change signed with session ID + prompt path.

→

04 · CITADEL

Host verification

Deploy-verification pack confirms state on every target host.

05 · ENGINE

Control mapping

Change is attributed to affected 800-53 controls.

→

06 · OSCAL

Evidence artifact

SSP, POA&M, and audit records updated automatically.

Session receipt

At session close, NAICOM emits a signed receipt that references every upstream and downstream artifact in the chain. The receipt is the single source for reconstructing what the AI agent did and under whose authority.

—Operator identity (via Citadel) and agent model fingerprint.
—Prompt file hash at session open and at close.
—All commits produced within the session.
—Control IDs the Engine attributed to the change.

naicom / receipts / naic-f804.json

{
  "session_id": "naic-f804",
  "role": "code",
  "issue": "NCC-441",
  "operator": "alice@customer.gov",
  "agent": {
    "model": "claude-opus-4-7",
    "fingerprint": "sha256:4e…"
  },
  "prompt_file": "docs/prompts/NCC-441-patch.md",
  "prompt_hash": "sha256:9a1c…",
  "commits": ["3b9d017", "a7f3c12"],
  "controls": ["SA-11", "SI-7", "CM-3"],
  "host_verification": {
    "source": "citadel",
    "pack":   "deploy-verify-NCC-441",
    "hosts":  247,
    "drift":  0
  },
  "signature": "ed25519:…"
}

✓ signed · forwarded to engine · OSCAL §sa-11 updated

Deploy verification at host level

Citadel re-runs a deploy-verification osquery pack after every NAICOM-tracked change and attaches the result to the session receipt.

Automatic AI-SDLC evidence

NAICOM session receipts satisfy SA-11, SI-7, CM-3, CM-5, and AU-2 for AI-assisted work — without a separate collection pass.

Control-linked changes

The Engine attributes every AI change to the controls it touches. SSP and POA&M update without human reconciliation.

One audit surface

Assessors see one OSCAL artifact per control, with identity, AI work, and infra state fully attributed.

Compliance alignment

Evidence auditors can actually use.

The platform is designed against specific control families so the artifacts it produces map to published requirements — not a vendor-invented framework.

NIST AI RMF

Addresses Govern, Map, Measure, and Manage functions. Prompt files satisfy Map 4.1 (documented AI inputs); session logs satisfy Measure 2.8 (traceability of AI-driven actions).

NIST 800-53 — AU family

Contributes to AU-2 (Event Logging), AU-3 (Content of Audit Records), AU-6 (Audit Review), and AU-12 (Audit Generation) for AI-assisted development events.

FedRAMP ConMon

Provides queryable evidence for continuous monitoring of AI-in-the-SDLC: who changed what, under what instruction, linked to what authorization-boundary component.

Architecture

Deploys inside your boundary.

NAICOM runs as a self-hosted control plane inside the customer's authorization boundary. Session transcripts, prompt files, and audit data never leave the environment. Supported model endpoints include commercial APIs, private-cloud inference services, and air-gapped on-premises models.

The control plane is delivered as Docker containers with IaC templates. A lightweight daemon runs alongside the developer's terminal to enforce session lifecycle and dispatch rules. Audit storage targets Postgres by default, with write-forward to the customer's SIEM or log aggregation platform.

Elsewhere in the platform

SYSTEM OF RECORD

FedRAMP Management Engine →

The OSCAL-native authorization automation NAICOM feeds into.

HOST STATE

Citadel →

The osquery fleet that verifies every NAICOM change actually landed on the hosts.

Interested in NAICOM?

Early-access pilots are open to organizations operating under FedRAMP, DoD IL, or equivalent regulatory regimes.

Get in touch