Rendered from the official PDF to provide an HTML fallback when PDF hosting is restricted.
Deep Scan + Valuation
SKYES OVER LONDON LC • VALUATION BINDER
As-of: 2026-03-04
SKNore
AI Deny-List Policy Layer • Secret & Protected File Exfiltration Guard
FAIR MARKET ASSET VALUE (DECISIVE)
$175,000 USD
Evidence: SKNore.zip (architecture + product surface spec)
Issuer: Skyes Over London LC (SOLEnterprises Ecosystem) Classification: Tentative / Unverified
Contact: SkyesOverLondonLC@solenterprises.org • (480) 469-5416
Purpose: Security module valuation + commercialization posture
SOLOps Valuation Binder • SKNore (Security Module) 2026-03-04
Executive Summary
ASSET EVIDENCE PACKAGE
SKNore — Deny-List Policy Layer SKNore.zip (2 docs)
VALUATION (DECISIVE) LEDGER
$175,000 USD Tentative / Unverified
Evidence quality: this ZIP contains the module's architecture and product surface specification (no source code).
The valuation assumes a standard implementation consistent with the stated wiring paths and endpoints.
Providing a code bundle and/or smoke evidence for policy CRUD + generate blocking would justify an upward
re-rate.
SKNore is a deny-list policy layer designed to prevent protected files (secrets, keys, environment files, private
certificates, sensitive directories) from ever being included in AI generation payloads or export surfaces.
From an enterprise buyer's point of view, SKNore is a Data Loss Prevention (DLP) primitive for developer
tooling: it reduces the risk of secret exfiltration through prompt context, keeps governance explicit and
user-controlled, and creates audit evidence when a request is blocked.
Decisive Valuation Statement
Fair market asset value for SKNore (as specified in the provided architecture + product surface
documentation) is $175,000 USD. This figure is determined from a replacement-cost floor, then uplifted for
operationalization (enforcement + audit posture) and ecosystem distribution (multi-tenant SuperIDE / gateway
adjacency).
Primary Value Drivers
• Compliance-grade story: explicit policy, enforced behavior, and audit events for blocked attempts.
• Integration leverage: one policy layer protects every AI call routed through the standard /api/kaixu-generate
lane.
• High trust ROI: secret leakage prevention is a gating concern for B2B procurement (security reviews, SOC2
narratives).
• Low friction adoption: glob-based patterns are intuitive; no SKNore-specific env vars required in v1.0.0.
Skyes Over London LC • SOLEnterprises Ecosystem Page 2
SOLOps Valuation Binder • Deep Scan Findings 2026-03-04
Deep Scan — What Exists in the Package
Artifact Bytes Lines SHA-256 (prefix)
ARCHITECTURE.md 1,147 38 7e153a6a4835c53d…
PRODUCT_SURFACE.md 1,006 33 3582cc3bdcf29cfc…
This scan is constrained to what was provided in SKNore.zip. It documents a real module surface, but does not
include the implementation code for src/sknore/* or the Netlify functions.
Functional Claims Captured from the Docs
• Policy model: Input is glob-like path patterns (one per line). Examples include .env, .env.*, secrets/**, **/*.pem,
**/*.key. Policy is intended to be human-readable and easy to audit.
• Current wiring (stated): Frontend policy parser/filter lives in src/sknore/policy.ts with local persistence under key
kx.sknore.patterns. AI request gating is integrated in src/App.tsx inside runGenerate and smoke-generate flows.
• Enforcement rules: 1) If the active file is protected, generation is blocked. 2) Protected files are stripped from the
files payload before /api/kaixu-generate. 3) Smoke generate follows the same filtered payload behavior.
• Product surface (v1.0.0): Standalone UI surface at public/SKNore/index.html (static deploy). Backend endpoints:
GET/POST policy CRUD plus GET events for blocked attempts. Enforcement occurs on /api/kaixu-generate with
server-side policy resolution.
• Hardening roadmap: Recommended next steps include server-side enforcement (to prevent client bypass),
org-level storage in DB, and emitting SKNore audit events whenever a request is blocked.
Threat Model Coverage (Intended)
Threat model coverage (intended): accidental inclusion of secrets in prompt context; clipboard/paste patterns;
workspace export flows that bundle sensitive material; and team-scale safety where different developers have
different access levels. SKNore is a deny-by-policy mechanism; it is not a replacement for secret scanning, repo
hygiene, or key rotation.
Skyes Over London LC • SOLEnterprises Ecosystem Page 3
SOLOps Valuation Binder • Architecture & API Surface 2026-03-04
Architecture — Enforcement Flow (Target State)
• User sets SKNore patterns (globs) in the SKNore UI.
• Client loads the resolved policy (local + org/workspace policy).
• Before any generate call, activePath is checked. If protected, the request is blocked.
• All files included in the generate payload are filtered. Protected paths are removed from the files array.
• Server-side /api/kaixu-generate repeats enforcement: resolves policy, blocks protected activePath, strips
protected files.
• When a block occurs, an audit event is emitted and exposed via /api/sknore-events.
Backend API Surface (as specified)
Method Endpoint Purpose
GET /api/sknore-policy-get Load org/workspace policy
POST /api/sknore-policy-set Save org/workspace policy
GET /api/sknore-events Return blocked-event stream (audit-backed)
POST /api/kaixu-generate Generate with enforced SKNore checks + payload stripping
Hardening Notes
• Server-side enforcement is mandatory to prevent a client-side bypass.
• Org-level policy storage belongs in an org_settings table or a dedicated sknore_policies table.
• Audit events should include: actor, org/workspace, timestamp, activePath, blockedPatterns, requestId, and
model.
• Pair SKNore with secret scanning and key rotation (defense in depth).
Skyes Over London LC • SOLEnterprises Ecosystem Page 4
SOLOps Valuation Binder • Valuation Model 2026-03-04
Valuation Model (Decisive)
This valuation is an asset valuation for the SKNore module as a sellable security add-on inside the
SOLEnterprises ecosystem. It uses a replacement-cost floor, then applies premiums for operationalization and
ecosystem distribution. It avoids speculative bargain ranges and treats functional governance code as premium.
Replacement Cost Floor
Component Hours Cost Basis (@$250/hr)
Policy engine (glob compile + file filtering) 35 $8,750
Standalone UI surface (SKNore page + UX copy) 35 $8,750
Policy persistence (local + org/workspace) 30 $7,500
Backend CRUD endpoints + DB wiring 45 $11,250
Enforcement in /api/kaixu-generate 30 $7,500
Audit events + events endpoint 35 $8,750
Smoke tests + release gate checks 30 $7,500
Docs + versioning + deploy notes 15 $3,750
TOTAL replacement-cost floor 255 $63,750
Premiums (Canon Required)
Premium Why it applies Amount
Operational proof / operationalization premium
Enforcement + audit posture reduces risk for buyers and unlocks enterprise security
$56,250
narratives.
Ecosystem / footprint premium Value uplift from multi-app distribution, multi-tenant posture, and the SOLEnterprises
$55,000
worldwide operat
FINAL fair market asset value $175,000 USD
Re-rate trigger: provide the SKNore implementation code and a smoke report for policy CRUD + generate
blocking. With verified enforcement and audit logs in production, SKNore becomes a stronger enterprise feature
add-on and the valuation should move upward.
Skyes Over London LC • SOLEnterprises Ecosystem Page 5
SOLOps Valuation Binder • Appendix 2026-03-04
Appendix
Provided Document Index
• SKNore/ARCHITECTURE.md — architecture + policy model + enforcement rules + roadmap
• SKNore/PRODUCT_SURFACE.md — product surface (standalone app, API endpoints, release gate, deploy
notes)
Issuer Contact
Email SkyesOverLondonLC@solenterprises.org
Phone (480) 469-5416
Web skyesol.netlify.app
Classification Tentative / Unverified
Lock Record
Canonical valuation record proposed for SKNore at $175,000 USD (as-of 2026-03-04). This binder is delivered as
a standalone valuation artifact and can be promoted to a locked record on request.
Skyes Over London LC • SOLEnterprises Ecosystem Page 6