How long does it take to implement The Integrity Framework?

A diligent founder reaches Bronze tier (public INTEGRITY.md self-mapped against the six Layer 1 vetoes) in about half a day of honest work. Silver tier (Bronze plus integrity-cli green or a versioned methodology page) takes another one to two days depending on the product surface. The 90-day plan in this guide assumes you are doing the work alongside other founder responsibilities, not full-time.

What artifacts do I need to publish?

Bronze: a public INTEGRITY.md file at your repo root or product website containing the six Layer 1 veto self-mappings. Silver: Bronze plus one of (a) integrity-cli green output committed to the repo, or (b) a public methodology page with a versioned changelog. Both tiers require a directory listing submission at theintegrityframework.org/submit.

Where do I put the INTEGRITY.md?

Most products put it at the repo root (alongside README.md). For closed-source products, the public website is the canonical location: a /integrity URL or similar. The directory listing accepts either a GitHub repo URL or a public website URL pointing to the artifact.

What's the difference between the six Layer 1 vetoes?

Six pre-build vetoes screen the product idea against unrecoverable design choices. Each veto is a question: dark patterns, dependency lock-in, ambient surveillance, contractual integrity, the TechCrunch test, and the regulatory scope question. The framework does not require you to answer "no" to all six — it requires you to publish your honest answer to each so buyers can decide.

Does integrity-cli run on closed-source products?

Partially. integrity-cli runs static checks (presence of INTEGRITY.md, schema validity, required sections, link health). For closed-source products, run it in CI against the public-facing repo or the public methodology page. The CLI cannot inspect proprietary code; the audit posture works on the published artifacts.

What happens after I submit a listing?

Startvest reads the INTEGRITY.md, verifies the tier credential (Bronze: presence + completeness; Silver: integrity-cli output or methodology page), and publishes the listing with a tier badge. Approval takes a few business days. Quarterly re-scans run automatically; framework version bumps trigger re-verification.

Can I implement at Silver tier without first hitting Bronze?

No. Silver requires the Bronze artifact (the INTEGRITY.md) plus one additional credential. The INTEGRITY.md is the foundation; integrity-cli or the methodology page is layered on top. There is no path to Silver that skips the public INTEGRITY.md.

What if my product fails one of the Layer 1 vetoes?

Publish the honest answer anyway. The framework is a transparency standard, not a gate. A product that uses dark patterns is allowed to publish "yes, the product uses confirmshaming during downgrade" in its INTEGRITY.md. Buyers then decide whether to use the product. The framework rejects performative compliance, not honest disclosure.

How does this compare to SOC 2?

SOC 2 is an audited control framework requiring an external auditor, costing $20K-$80K per year, scoped at enterprise spend tiers. The Integrity Framework is self-mapped, free to publish, and scoped at sub-enterprise AI-product purchases (the segment SOC 2 prices out). They occupy different tiers of the trust-signal stack and serve different buyer profiles.

Operational walkthrough

How to implement The Integrity Framework in 90 days

Implementing The Integrity Framework at Bronze tier takes about half a day of honest work; reaching Silver tier takes another one to two days. The 90-day plan in this guide assumes a founder doing the work alongside other responsibilities. By the end you have a published INTEGRITY.md, a Silver-tier credential, and a live listing at theintegrityframework.org with a tier badge buyers can verify themselves.

The two tiers, in 60 seconds

Bronze

Public INTEGRITY.md with all six Layer 1 vetoes self-mapped. Half a day for a thoughtful founder. The foundation.

Silver

Bronze plus one of: integrity-cli green, or a public methodology page with a versioned changelog. One to two days of additional work.

The 90-day plan, week by week

Week 1

Read and absorb

Outputs

Read the v1.0 spec at /framework/v1
Read the rationale at /framework/why
Read 2-3 published Bronze listings in your category at /listings

No writing yet. The reading is what makes the self-mapping honest. Founders who skip this step end up writing performative INTEGRITY.md files that miss the point.

Weeks 2-3

Draft the INTEGRITY.md

Outputs

Write a 1-2 paragraph self-mapping per Layer 1 veto
Note any vetoes the product currently fails honestly
Identify which architectural constraints (Layer 2) and operational guardrails (Layer 3) apply

Half a day of focused writing. The honest answer to each veto is more valuable than a clean answer to all six. Buyers reading the file are looking for honest disclosure, not a marketing pass.

Week 4

Internal review

Outputs

Pass the draft to a co-founder, advisor, or trusted peer for the TechCrunch test
Adjust language where the draft sounds defensive or evasive
Cross-reference the spec to confirm every required section is present

External eyes catch the places where the draft slipped into marketing voice. The fix is usually to make a section shorter and more specific, not longer.

Week 5

Publish at Bronze tier

Outputs

Commit INTEGRITY.md to repo root, OR publish to public website at a stable URL
Add a link to the file from your homepage footer or trust page
Verify the file is reachable from an unauthenticated browser

You now have a Bronze credential. Many founders stop here and submit the listing. The 90-day plan continues into Silver because the additional credential is cheap to add and meaningfully strengthens the listing.

Weeks 6-8

Add the Silver credential

Outputs

Path A: install integrity-cli, get it green against your INTEGRITY.md, commit the output
Path B: publish a public methodology page describing how your product makes its decisions
Set up a versioned changelog if you took Path B

Pick the path that fits your product shape. integrity-cli is faster for products with a public repo. A methodology page is faster for closed-source products that have an existing /how-it-works or similar.

Week 9

Submit listing

Outputs

Submit at /submit with the artifact URL and tier claim
Provide a contact email for editorial follow-up
Wait for editorial review (typically a few business days)

Editorial review is fast unless the artifact is hard to find or the tier claim does not match what the artifact actually shows. Have the artifact URL working before submitting.

Weeks 10-12

Maintenance + iteration

Outputs

Add the directory badge to your product homepage (optional)
Set a quarterly reminder to re-read the INTEGRITY.md and update where the product has changed
Subscribe to the framework changelog so version bumps do not surprise you

The INTEGRITY.md is a living document. Quarterly review keeps the artifact honest as the product evolves. Framework version bumps trigger re-verification by the directory; staying current is easier than catching up.

Common failure modes

Skipping the read. Founders who write the INTEGRITY.md without reading the spec produce performative artifacts that fail editorial review. Read the spec first.
Defensive prose.Self-mappings that bury the honest answer under hedging language. The fix: write the honest answer first, then trim until each veto's section is one or two paragraphs.
Tier inflation. Submitting at Silver when only the Bronze artifact is in place. Editorial catches this; the listing comes back asking for the missing credential. Submit at the tier you actually have.
Stale artifacts. An INTEGRITY.md that was honest in Q1 stops being honest after a Q3 product pivot. The quarterly review cadence in week 10-12 prevents this. Skip it and the listing goes stale.
Marketing voice. The INTEGRITY.md is not a sales page. Buyers reading it can tell the difference. The artifact has to read like a memo to a skeptical reviewer, not a landing page.

Frequently asked

How long does it take to implement The Integrity Framework?: A diligent founder reaches Bronze tier (public INTEGRITY.md self-mapped against the six Layer 1 vetoes) in about half a day of honest work. Silver tier (Bronze plus integrity-cli green or a versioned methodology page) takes another one to two days depending on the product surface. The 90-day plan in this guide assumes you are doing the work alongside other founder responsibilities, not full-time.
What artifacts do I need to publish?: Bronze: a public INTEGRITY.md file at your repo root or product website containing the six Layer 1 veto self-mappings. Silver: Bronze plus one of (a) integrity-cli green output committed to the repo, or (b) a public methodology page with a versioned changelog. Both tiers require a directory listing submission at theintegrityframework.org/submit.
Where do I put the INTEGRITY.md?: Most products put it at the repo root (alongside README.md). For closed-source products, the public website is the canonical location: a /integrity URL or similar. The directory listing accepts either a GitHub repo URL or a public website URL pointing to the artifact.
What's the difference between the six Layer 1 vetoes?: Six pre-build vetoes screen the product idea against unrecoverable design choices. Each veto is a question: dark patterns, dependency lock-in, ambient surveillance, contractual integrity, the TechCrunch test, and the regulatory scope question. The framework does not require you to answer "no" to all six — it requires you to publish your honest answer to each so buyers can decide.
Does integrity-cli run on closed-source products?: Partially. integrity-cli runs static checks (presence of INTEGRITY.md, schema validity, required sections, link health). For closed-source products, run it in CI against the public-facing repo or the public methodology page. The CLI cannot inspect proprietary code; the audit posture works on the published artifacts.
What happens after I submit a listing?: Startvest reads the INTEGRITY.md, verifies the tier credential (Bronze: presence + completeness; Silver: integrity-cli output or methodology page), and publishes the listing with a tier badge. Approval takes a few business days. Quarterly re-scans run automatically; framework version bumps trigger re-verification.
Can I implement at Silver tier without first hitting Bronze?: No. Silver requires the Bronze artifact (the INTEGRITY.md) plus one additional credential. The INTEGRITY.md is the foundation; integrity-cli or the methodology page is layered on top. There is no path to Silver that skips the public INTEGRITY.md.
What if my product fails one of the Layer 1 vetoes?: Publish the honest answer anyway. The framework is a transparency standard, not a gate. A product that uses dark patterns is allowed to publish "yes, the product uses confirmshaming during downgrade" in its INTEGRITY.md. Buyers then decide whether to use the product. The framework rejects performative compliance, not honest disclosure.
How does this compare to SOC 2?: SOC 2 is an audited control framework requiring an external auditor, costing $20K-$80K per year, scoped at enterprise spend tiers. The Integrity Framework is self-mapped, free to publish, and scoped at sub-enterprise AI-product purchases (the segment SOC 2 prices out). They occupy different tiers of the trust-signal stack and serve different buyer profiles.

What is The Integrity Framework? — the definitional anchor.
The Integrity Framework vs COSO Internal Control Framework — disambiguation guide.
The Integrity Framework v1.0 spec
Why The Integrity Framework exists
Submit a listing

How to implement The Integrity Framework in 90 days

The two tiers, in 60 seconds

Bronze

Silver

The 90-day plan, week by week

Read and absorb

Draft the INTEGRITY.md

Internal review

Publish at Bronze tier

Add the Silver credential

Submit listing

Maintenance + iteration

Common failure modes

Frequently asked

Related