Skip to main content
CrawlQStudio

The substrate, in its own words

CrawlQ’s engineering backbone has a name.
pip install graqle

GraQle is Quantamix’s Apache-2.0 open-core knowledge-graph and AI-governance SDK — built in public since March 2026, backed by published research, protected by three patent-pending European filings, and independently named as the architecture layer in a public model of EU AI Act audit-trail evidence. This page is its story; every number on it links to a public source.

Built in public

Four months of engineering, all of it on the record.

No stealth period, no curated launch. The repository, the CI, the release history, and even the SDK's own internal bug reports are public artifacts you can read today.

  1. March 2026

    The repository goes public

    Apache-2.0 open-core SDK on GitHub. First PyPI releases ship the same month — the substrate has developed in the open ever since.

  2. March 2026

    Three European patent applications filed

    EP26162901.8 (6 March, 18 claims), EP26166054.2 (19 March, 15 claims), EP26167849.4 (25 March, 15 claims). All patent-pending.

  3. 9 March 2026

    The TAMR+ / TRACE research preprint publishes

    Trust-aware multi-signal retrieval with graph-based scoring, on Zenodo (CC-BY 4.0) and SSRN — the research foundation under the SDK's reasoning layer.

  4. 11–17 May 2026

    The public audit-trail exchange

    A public LinkedIn exchange among senior AI-governance practitioners produces a three-layer model of AI-governance evidence — with GraQle named as the architecture-layer anchor.

  5. July 2026

    v0.77.0 — 150+ releases in four months

    Continuous public releases on PyPI, public CI on Python 3.10–3.12, 14 public CI workflows — the SDK is developed through its own governance gates.

The unusual part: GraQle’s own development journal — the brutal internal scorecards, the bugs published with their diffs, the self-ratings that started harsh and earned their way up — is part of the public record too. Nothing sells engineering honesty like publishing your own bug reports. Read the field-journal story →

Research foundation

The reasoning layer is published research, not a black box.

The graph-based retrieval and scoring approach inside GraQle is documented in a citable, openly licensed preprint. Quote the paper, check the method, reproduce the result.

TAMR+: Trust-Aware Multi-Signal Document Retrieval with Graph-Based Scoring and Gap Attribution for Regulatory AI Systems — Kumar, Harish (Quantamix Solutions BV). Preprint v2.6, published 9 March 2026, CC-BY 4.0.

The paper’s headline result, quoted as research: mean TRACE score 0.680 vs. 0.385 for vector-only RAG — a 76.6% improvement (p < 0.001) across 250 regulatory questions spanning four domains. That is the preprint’s result on its benchmark — a research finding, not a CrawlQ product metric.

Cite it: Zenodo DOI 10.5281/zenodo.18929634 · SSRN 6359818 · the long-form methodology article.

The three-layer model

GraQle is the named architecture layer in a public model of AI-governance evidence.

In May 2026, a public exchange among senior AI-governance practitioners — spanning standards, compliance methodology, technology risk, forensics, procurement, and director attestation — produced a three-layer model of EU AI Act audit-trail evidence. GraQle is the named architecture-layer anchor in that model; the methodology and standards layers are anchored in their own named external owners. The layers are composed, not absorbed. (Not legal advice.)

Methodology

Andrii Matiash — VERITAS Framework, Pillar 16 Part 1

Defines the rules before deployment: baseline historical data, scoring anchors, red-flag override conditions (Q16.1–Q16.5).

ArchitectureGraQle’s layer

Quantamix Solutions — the GraQle SDK + TraceGov audit chain

Preserves and verifies the decision: graph-anchored context, governance gates, tamper-evident audit records.

Standards

Peter Borner — Open Privacy Standards Foundation, Privacy Claims Token (PCT) specification

Makes the proof portable: a wire format a regulator can read independently of vendor or operator.

The exchange ran publicly on LinkedIn from 11 to 17 May 2026, and the model is published — with named external owners — in the Methodology, Architecture, Standards article and the EU AI Act Audit-Trail Stack pillar.

The following practitioners contributed to the public EU AI Act compliance model in which GraQle serves as the architecture layer. Their statements below are drawn from the public LinkedIn exchange (11–17 May 2026) and reflect their views on the model — not a commercial endorsement of CrawlQ Studio or Quantamix.

Methodology fails on rigour. Architecture fails on tamper-evidence. Standards fail when the proof is not portable across organisations.
Peter Borner

Chairman, Open Privacy Standards Foundation (OPSF)

LinkedIn, May 2026

Governance moves from vendor reporting into operational control. The real issue is not only whether an audit log exists. It is whether the organisation can prove, at the point of execution, that the decision was authorised, governed, reproducible, and defensible under the policy, given the evidence state that existed at the time.
Sue Eze

AI Governance & Technology Risk Lead (ISO/IEC 42001)

LinkedIn, 16 May 2026

The standard has to be: claim, evidence object, independent inspection, claim limit.
Ricky Jones

AI Governance Systems Engineer, TrinityOS / AlvianTech

LinkedIn, 14 May 2026

“Honest scope on what we ship today: tamper-detectable within the operator’s own tenant. Any local modification breaks the chain when re-verified.”
Harish Kumar — Founder, Quantamix Solutions, in the same public exchange. The honest-limits discipline applies to our own layer first.

Read the published series

Patent portfolio

Three European patent applications. All pending, all disclosed.

The methods underneath the SDK — graph-anchored retrieval, governance scoring, audit anchoring — are covered by three EP filings from March 2026. Patent-pending means exactly that: filed applications, not granted patents.

EP26162901.8

Filed 6 March 2026 · 18 claims

Patent-pending

EP26166054.2

Filed 19 March 2026 · 15 claims

Patent-pending

EP26167849.4

Filed 25 March 2026 · 15 claims

Patent-pending

Full portfolio details on the Quantamix Solutions patents page →

Quickstart

From zero to a governed knowledge graph in four commands.

The SDK installs from PyPI, builds a knowledge graph from your repository, and exposes its reasoning tools over MCP to any compatible IDE or agent.

pip install graqle          # Apache-2.0, from PyPI
graq init                   # scan the repo, build the graph
graq mcp serve              # expose the tools over MCP
graq trustctl verify        # verify the signed wheel yourself
  • PyPI Trusted Publishing (OIDC) — no long-lived tokens in the release path
  • Sigstore-signed wheels — verify any release yourself with `graq trustctl verify`
  • CycloneDX SBOM attached to every release
  • pip-audit gate blocks releases with CRITICAL/HIGH CVEs
  • Reproducible builds (SOURCE_DATE_EPOCH-pinned)

What CrawlQ runs on it

The same primitives, pointed at your brand.

CrawlQ Studio is the SDK's largest deployment. Three of its primitives map directly onto shipped Studio capabilities — no more, no fewer.

Graph pruning Brand Memory

The knowledge-graph pruning that keeps GraQle's reasoning context small is what grounds every Studio brief in your brand's own graph instead of a cold prompt.

Governance gates Generation guardrails

The gate machinery that blocks ungoverned writes in the SDK is what stands behind Studio's scored, reviewable, human-approved content workflow.

Audit anchoring Article 50-aligned provenance

The tamper-evident record machinery is what produces Studio's exportable provenance records — model, sources, prompt and content hash, with one-click tamper verification. (Not legal advice.)

Scope notes, stated plainly: GraQle is not a high-risk AI system provider under Article 6, makes no general-purpose-AI (Article 51) claims, and ships governance signals and primitives — regulatory determinations belong to deployers and their counsel.

What we don't claim

The honest remainder.

Same list as the engineering disclosure, unchanged — a substrate page that only lists strengths would fail its own discipline.

  • Open-core, not fully open: the Apache-2.0 SDK is public; proprietary Studio/Enterprise components are not in the distribution, and reserved patent rights are not granted.
  • Young repository: public since March 2026. Read the engineering discipline and release velocity (140+ releases in months), not community size — we make no adoption claims.
  • The MultiGov-30 harness is public and reproducible, but no headline accuracy result is committed to the repo yet — so we don't quote one. Run the harness; trust your own output.
  • Public CI currently skips ~26 test files — documented inside the workflow itself as tracked tech debt, not hidden.
  • No third-party or peer-reviewed validation of the benchmark results yet. What we publish is the apparatus, so anyone can produce their own.

The claim ledger

Every number on this page, and where it comes from.

If a figure isn't in this table with a public source, it isn't on this page.

Claim on this pagePublic source
150k+ lines, 522 Python files, 440 public test files (~7,700 test functions), public CI on Python 3.10–3.12Public repository github.com/quantamixsol/graqle @ commit ca18a3d (counted 2026-07-07)
v0.77.0 · 150+ PyPI releases, March–July 2026 · Apache-2.0pypi.org/project/graqle release history (checked 2026-07-08)
Mean TRACE 0.680 vs 0.385 vector-only RAG — 76.6% improvement, p < 0.001, 250 regulatory questionsTAMR+ preprint v2.6, Zenodo DOI 10.5281/zenodo.18929634 (CC-BY 4.0, published 2026-03-09); also SSRN 6359818. A research result — not a CrawlQ product metric.
Three EP patent applications — 18 + 15 + 15 claims, filed March 2026, all pendingquantamixsolutions.com/patents/
Three-layer model, named external owners, and every contributor quote on this pagePublic LinkedIn exchange 11–17 May 2026, republished verbatim with attribution in the EU AI Act Audit-Trail Stack series

Keep reading — or start verifying.

The engineering disclosure has the full verifiable-numbers set; the trust page has the platform posture; the repo has everything else.