# Profile-Based Portability The kernel ports to a new facility by writing a **profile**, not by changing code. A profile contains two things: 1. **Signal-to-rule mappings** — which site tags feed which of the [[Detection Rules|R1–R8]]. 2. **Baseline constants** — the per-site normal ranges (e.g. the pressure baselines that [[Pressure Baseline Drift|R5/R5b]] compare against). Everything else — the rule logic, the invariants, the [[Four-State Trust Machine|state machine]] — stays in the unmodified [[Common Trust Core]]. > [!tip] Consultancy vs. platform > This is the [[Deployment Velocity]] test from [[Industrial AI MOC]] applied to security: if each site needed bespoke detection engineering, the kernel would be a consultancy. Because onboarding is *profiling* against a fixed core, it scales like a platform. Portability is only credible because of [[Deterministic Detection]]: the same core plus a site profile yields reproducible behaviour, so a result proven in one domain transfers as a property of the core, not a coincidence of tuning. This is the mechanism behind [[Cross-Domain Validation]]. --- Related: [[Integrity Kernel MOC]] · [[Common Trust Core]] · [[Cross-Domain Validation]] · [[Deployment Velocity]] · [[Industrial AI MOC]]