There is a meaningful gap between governed and provable. A governed system makes the right decisions in the moment. A provable system can demonstrate, after the fact, to a third party who does not trust you, that those decisions were made and were not altered since. The Trust Ledger is the layer that moves Cortex from the first to the second — and the phrase "tamper-evident" carries a precise, testable meaning that is worth pinning down.
Tamper-evident is not tamper-proof
Be precise: nothing stops a sufficiently privileged operator from editing a row in a database. "Tamper-proof" is a claim almost no one can honestly make. "Tamper-evident" is the achievable and more useful property — any insertion, edit, deletion, or reordering becomes detectable. You may not be able to prevent every change, but you can prove whether one happened.
Cortex achieves this with a hash chain. Each audit record carries the hash of the record before it, so the records form a sequence where every link depends on all the links before it. Change one record and its hash changes; that breaks the link to the next record, and the break propagates down the whole chain.
What the chain proves
Run verifyChain over a range and you get a single, honest verdict: either the chain is intact, or it is broken at a specific sequence number. That is what the ledger actually proves:
- Completeness — sequence numbers are monotonic per tenant, so a missing record leaves a detectable gap. You can prove nothing was quietly deleted.
- Integrity — every record's hash is recomputed and compared, so any edit surfaces as a mismatch at the exact sequence where it happened.
- Order — because each record commits to its predecessor, records cannot be reordered without breaking the chain.
- Authenticity — each governed outcome also emits a compact signed receipt a third party can verify offline, independent of your live systems.
The ledger does not ask you to trust that the record is honest. It lets anyone — an auditor, a regulator, you in six months — recompute it and find out.
Provenance: from a fact back to its source
Integrity of the log is half the story; the other half is provenance — knowing where a fact came from. Cortex stitches a lineage chain across the run: Human, Agent, Skill, Prompt, Policy, Model, Tool, Artifact, Outcome, Approval. On top of that, datapoint provenance pins every surfaced figure to its source document, page, and bounding box, with a value hash proving the figure was not altered after extraction. When an agent asserts a number, you can click straight through to the page it came from.
Why provable beats governed
The practical payoff shows up the day someone challenges a decision. A merely governed system asks the challenger to take your word for it. A provable system hands them a sealed record they can verify themselves — the eight-gate verdicts that fired, the approver who signed off, the source the figure came from — generated as a by-product of the run, not assembled in a hurry afterward.
That is the whole point of building evidence by construction. Honest systems do not assert that they behaved; they make it cheap for a skeptic to check. A tamper-evident ledger is how you turn "trust us" into "verify it yourself."