The substrate, in its own words
CrawlQ’s engineering backbone has a name.
pip install graqle
GraQle is Quantamix’s Apache-2.0 open-core knowledge-graph and AI-governance SDK — built in public since March 2026, backed by published research, protected by three patent-pending European filings, and independently named as the architecture layer in a public model of EU AI Act audit-trail evidence. This page is its story; every number on it links to a public source.
Built in public
Four months of engineering, all of it on the record.
No stealth period, no curated launch. The repository, the CI, the release history, and even the SDK's own internal bug reports are public artifacts you can read today.
March 2026
The repository goes public
Apache-2.0 open-core SDK on GitHub. First PyPI releases ship the same month — the substrate has developed in the open ever since.
March 2026
Three European patent applications filed
EP26162901.8 (6 March, 18 claims), EP26166054.2 (19 March, 15 claims), EP26167849.4 (25 March, 15 claims). All patent-pending.
9 March 2026
The TAMR+ / TRACE research preprint publishes
Trust-aware multi-signal retrieval with graph-based scoring, on Zenodo (CC-BY 4.0) and SSRN — the research foundation under the SDK's reasoning layer.
11–17 May 2026
The public audit-trail exchange
A public LinkedIn exchange among senior AI-governance practitioners produces a three-layer model of AI-governance evidence — with GraQle named as the architecture-layer anchor.
July 2026
v0.77.0 — 150+ releases in four months
Continuous public releases on PyPI, public CI on Python 3.10–3.12, 14 public CI workflows — the SDK is developed through its own governance gates.
The unusual part: GraQle’s own development journal — the brutal internal scorecards, the bugs published with their diffs, the self-ratings that started harsh and earned their way up — is part of the public record too. Nothing sells engineering honesty like publishing your own bug reports. Read the field-journal story →
Research foundation
The reasoning layer is published research, not a black box.
The graph-based retrieval and scoring approach inside GraQle is documented in a citable, openly licensed preprint. Quote the paper, check the method, reproduce the result.
TAMR+: Trust-Aware Multi-Signal Document Retrieval with Graph-Based Scoring and Gap Attribution for Regulatory AI Systems — Kumar, Harish (Quantamix Solutions BV). Preprint v2.6, published 9 March 2026, CC-BY 4.0.
The paper’s headline result, quoted as research: mean TRACE score 0.680 vs. 0.385 for vector-only RAG — a 76.6% improvement (p < 0.001) across 250 regulatory questions spanning four domains. That is the preprint’s result on its benchmark — a research finding, not a CrawlQ product metric.
Cite it: Zenodo DOI 10.5281/zenodo.18929634 · SSRN 6359818 · the long-form methodology article.
The three-layer model
GraQle is the named architecture layer in a public model of AI-governance evidence.
In May 2026, a public exchange among senior AI-governance practitioners — spanning standards, compliance methodology, technology risk, forensics, procurement, and director attestation — produced a three-layer model of EU AI Act audit-trail evidence. GraQle is the named architecture-layer anchor in that model; the methodology and standards layers are anchored in their own named external owners. The layers are composed, not absorbed. (Not legal advice.)
Methodology
Andrii Matiash — VERITAS Framework, Pillar 16 Part 1
Defines the rules before deployment: baseline historical data, scoring anchors, red-flag override conditions (Q16.1–Q16.5).
ArchitectureGraQle’s layer
Quantamix Solutions — the GraQle SDK + TraceGov audit chain
Preserves and verifies the decision: graph-anchored context, governance gates, tamper-evident audit records.
Standards
Peter Borner — Open Privacy Standards Foundation, Privacy Claims Token (PCT) specification
Makes the proof portable: a wire format a regulator can read independently of vendor or operator.
The exchange ran publicly on LinkedIn from 11 to 17 May 2026, and the model is published — with named external owners — in the Methodology, Architecture, Standards article and the EU AI Act Audit-Trail Stack pillar.
The following practitioners contributed to the public EU AI Act compliance model in which GraQle serves as the architecture layer. Their statements below are drawn from the public LinkedIn exchange (11–17 May 2026) and reflect their views on the model — not a commercial endorsement of CrawlQ Studio or Quantamix.
“Methodology fails on rigour. Architecture fails on tamper-evidence. Standards fail when the proof is not portable across organisations.”
Chairman, Open Privacy Standards Foundation (OPSF)
LinkedIn, May 2026
“Governance moves from vendor reporting into operational control. The real issue is not only whether an audit log exists. It is whether the organisation can prove, at the point of execution, that the decision was authorised, governed, reproducible, and defensible under the policy, given the evidence state that existed at the time.”
AI Governance & Technology Risk Lead (ISO/IEC 42001)
LinkedIn, 16 May 2026
“The standard has to be: claim, evidence object, independent inspection, claim limit.”
AI Governance Systems Engineer, TrinityOS / AlvianTech
LinkedIn, 14 May 2026
“Honest scope on what we ship today: tamper-detectable within the operator’s own tenant. Any local modification breaks the chain when re-verified.”
Read the published series
- The EU AI Act Audit-Trail Stack→ — The pillar — the five-layer model, with all ten contributors
- Methodology, Architecture, Standards→ — The positioning frame — where GraQle is named as the architecture-layer owner
- Recall vs. Verifiability→ — Why an audit trail that explains today is not proof of yesterday
- Five Questions for AI-Governance Procurement→ — The pre-contract diagnostic
- Five Dimensions of Regulator-Grade Governance→ — Authorised, governed, reproducible, defensible, evidence-state
- Director Attestation under Articles 26–27→ — Personal, portable evidence one layer above the system
- Forensic Ground Truth→ — The trail is only as good as its adversarial inspection
Patent portfolio
Three European patent applications. All pending, all disclosed.
The methods underneath the SDK — graph-anchored retrieval, governance scoring, audit anchoring — are covered by three EP filings from March 2026. Patent-pending means exactly that: filed applications, not granted patents.
EP26162901.8
Filed 6 March 2026 · 18 claims
Patent-pending
EP26166054.2
Filed 19 March 2026 · 15 claims
Patent-pending
EP26167849.4
Filed 25 March 2026 · 15 claims
Patent-pending
Full portfolio details on the Quantamix Solutions patents page →
Quickstart
From zero to a governed knowledge graph in four commands.
The SDK installs from PyPI, builds a knowledge graph from your repository, and exposes its reasoning tools over MCP to any compatible IDE or agent.
pip install graqle # Apache-2.0, from PyPI
graq init # scan the repo, build the graph
graq mcp serve # expose the tools over MCP
graq trustctl verify # verify the signed wheel yourself- PyPI Trusted Publishing (OIDC) — no long-lived tokens in the release path
- Sigstore-signed wheels — verify any release yourself with `graq trustctl verify`
- CycloneDX SBOM attached to every release
- pip-audit gate blocks releases with CRITICAL/HIGH CVEs
- Reproducible builds (SOURCE_DATE_EPOCH-pinned)
What CrawlQ runs on it
The same primitives, pointed at your brand.
CrawlQ Studio is the SDK's largest deployment. Three of its primitives map directly onto shipped Studio capabilities — no more, no fewer.
Graph pruning Brand Memory
The knowledge-graph pruning that keeps GraQle's reasoning context small is what grounds every Studio brief in your brand's own graph instead of a cold prompt.
Governance gates Generation guardrails
The gate machinery that blocks ungoverned writes in the SDK is what stands behind Studio's scored, reviewable, human-approved content workflow.
Audit anchoring Article 50-aligned provenance
The tamper-evident record machinery is what produces Studio's exportable provenance records — model, sources, prompt and content hash, with one-click tamper verification. (Not legal advice.)
Scope notes, stated plainly: GraQle is not a high-risk AI system provider under Article 6, makes no general-purpose-AI (Article 51) claims, and ships governance signals and primitives — regulatory determinations belong to deployers and their counsel.
What we don't claim
The honest remainder.
Same list as the engineering disclosure, unchanged — a substrate page that only lists strengths would fail its own discipline.
- Open-core, not fully open: the Apache-2.0 SDK is public; proprietary Studio/Enterprise components are not in the distribution, and reserved patent rights are not granted.
- Young repository: public since March 2026. Read the engineering discipline and release velocity (140+ releases in months), not community size — we make no adoption claims.
- The MultiGov-30 harness is public and reproducible, but no headline accuracy result is committed to the repo yet — so we don't quote one. Run the harness; trust your own output.
- Public CI currently skips ~26 test files — documented inside the workflow itself as tracked tech debt, not hidden.
- No third-party or peer-reviewed validation of the benchmark results yet. What we publish is the apparatus, so anyone can produce their own.
The claim ledger
Every number on this page, and where it comes from.
If a figure isn't in this table with a public source, it isn't on this page.
| Claim on this page | Public source |
|---|---|
| 150k+ lines, 522 Python files, 440 public test files (~7,700 test functions), public CI on Python 3.10–3.12 | Public repository github.com/quantamixsol/graqle @ commit ca18a3d (counted 2026-07-07) |
| v0.77.0 · 150+ PyPI releases, March–July 2026 · Apache-2.0 | pypi.org/project/graqle release history (checked 2026-07-08) |
| Mean TRACE 0.680 vs 0.385 vector-only RAG — 76.6% improvement, p < 0.001, 250 regulatory questions | TAMR+ preprint v2.6, Zenodo DOI 10.5281/zenodo.18929634 (CC-BY 4.0, published 2026-03-09); also SSRN 6359818. A research result — not a CrawlQ product metric. |
| Three EP patent applications — 18 + 15 + 15 claims, filed March 2026, all pending | quantamixsolutions.com/patents/ |
| Three-layer model, named external owners, and every contributor quote on this page | Public LinkedIn exchange 11–17 May 2026, republished verbatim with attribution in the EU AI Act Audit-Trail Stack series |
Keep reading — or start verifying.
The engineering disclosure has the full verifiable-numbers set; the trust page has the platform posture; the repo has everything else.