Trust Ledger & provenance

The audit trail you can hand an auditor.

Every governed run lands in a tamper-evident, hash-chained Trust Ledger — with signed receipts you can verify offline and a 10-hop provenance graph from the human who asked to the outcome that shipped. Move from governed to provable.

Aligned with EU AI Act · ISO 42001 · NIST AI RMF traceability

audit/verify
#101hash ✓#102hash ✓#103hash ✓#104hash ✓#105hash ✓
head 0x9f3a…c1ok: true
verifyChain ▸ chained SHA-256 · signed receipts
The problem

A log you can edit is not evidence.

Most AI platforms write an audit log — but a log a privileged insider can quietly insert, edit, delete, or reorder proves nothing to a regulator. When the question is 'can you prove this decision happened, with this input, and was approved?', a mutable table is a liability. Cortex seals the answer into a chain that breaks visibly the moment anything changes.

01 · Humanrisk-ops@nw02 · AgentFraud Triage03 · Skilltriage.v404 · Promptsha 0x3a…05 · Policyapprove≥5k06 · Modelclaude-opus07 · ToollookupCase08 · Artifactmemo #447109 · Outcomeapproved10 · Approvalj.lee
How it works

Four mechanisms, one provable record.

The Trust Ledger is built on @cortex/provenance — a pure, testable hash-chain core with zero IO — wired into the existing audit sink so the whole agent fleet gets sealed for free.

Hash-chained audit
  • Every event sealed with chained SHA-256
  • record_hash links to prev_hash
  • Monotonic seq per tenant chain
  • Go-forward genesis — honest, not retro-faked
Verify endpoint
  • GET /audit/verify over any range
  • Returns { ok, brokenAtSeq, head }
  • /audit/head exposes seq + hash
  • Recomputes the whole chain server-side
Signed receipts
  • Compact receipt per outcome: run, action, approval
  • Verifiable offline by a third party
  • HMAC-SHA256 today, Ed25519 publishable keys next
  • Keys operator-supplied — fail-closed in prod
Provenance graph
  • 10 hops: human → agent → skill → prompt → policy
  • → model → tool → artifact → outcome → approval
  • GET /lineage/:correlationId
  • Datapoint provenance: fact → filing · page · bbox
Tamper-evident by construction

Change one byte and the chain breaks — visibly, at the exact sequence.

Each record's hash is computed over its canonicalized fields plus the previous record's hash. verifyChain recomputes every link and compares. Insert, edit, delete, or reorder — any mutation surfaces as ok:false with the broken sequence number, not a silent diff buried in a log.

  • Insert / edit / delete / reorder all detected by verifyChain
  • Verdict is precise: { ok:false, brokenAtSeq, reason }
  • Canonical JSON (sorted keys) makes the hash deterministic and re-checkable
  • Append guard seals under concurrency with FOR UPDATE
verifyChain
Insertrow spliced mid-chainok:false · brokenAtSeq
Editpayload mutated after sealok:false · brokenAtSeq
Deleterow removed from rangeok:false · brokenAtSeq
Reordersequence shuffledok:false · brokenAtSeq
Intact chainno mutation across rangeok:true
provenance ▸ recompute every record_hash, compare to prev_hash link
Citation popover
Reported revenue was$4.13Bin Q4.
10-K · NORTHWIND 2025page 47 · bbox [318,602,196,24]
value_hash 0x7c4e…a9as reportedconfidence 0.98
fact-provenance ▸ value_hash · source_uri · page · bbox · asReported
Datapoint provenance

Every fact clicks through to its source filing, page, and box.

It is not enough to cite a document. Cortex pins each surfaced fact to the exact bounding box on the exact page of the source — with a value hash, an as-reported flag, and a confidence score. Click a number, see where it came from, and verify it wasn't paraphrased into something new.

  • Fact → source_uri · page · bbox
  • value_hash proves the number wasn't altered post-extraction
  • asReported flag distinguishes verbatim from derived values
  • Threaded through RAG so search citations carry their provenance
From run to receipt

How a run becomes provable.

No new services, no behavior change — sealing and lineage emit at the chokepoints every governed run already passes through.

  1. 01

    Seal on write

    The existing event path loads the chain tail, computes prev_hash and record_hash, signs the record, and appends it. One writer, so the whole fleet gets tamper-evidence transparently.

  2. 02

    Mint the receipt

    On executed or compensated, Action Fabric mints a signed outcome receipt over the payload hash, ledger seq, and ledger hash — a compact proof a third party can validate offline.

  3. 03

    Assemble the lineage

    On run completion the runtime emits lineage nodes and edges keyed by correlationId, stitching the 10-hop chain — async via the outbox so it never blocks the run.

10-hopProvenance graph on every outcome
256Chained SHA-256 sealing every record
95%Citation coverage on grounded answers
100Live-verified run quality score
Prove it — don't just claim it

The verdicts you'll see in the demo.

These are not slideware promises — they are the literal API responses the Trust Ledger returns when you challenge it.

audit/verify
#101hash ✓#102hash ✓#103tampered#104hash ✓#105hash ✓
head 0x9f3a…c1brokenAtSeq: 103
verifyChain ▸ chained SHA-256 · signed receipts
audit/verify · responses
Intact range{ ok:true, brokenAtSeq:null }verified
Tampered range{ ok:false, brokenAtSeq:103 }hashOk:false
Receipt verify{ valid:true } · offlinesigned
Forged receiptconstant-time comparevalid:false
head { seq, hash } ▸ ready for external anchoring
Compliance framing

Built for the frameworks your auditors already cite.

The sealed ledger, signed receipts, and lineage graph map directly to the logging, traceability, and AI-management-record controls in the regimes you report against. Aligned with — never claiming certification you don't hold.

EU AI Act · loggingISO 42001 · AI recordsNIST AI RMF · MeasureSOC 2 · auditISO 27001 · integrityFINRA · recordkeeping
The first time an examiner asked us to prove a decision, we opened the lineage view, showed the 10 hops, and verified the receipt on their own laptop. The conversation was over in five minutes.
Head of Model RiskTier-1 retail bank

Stop logging. Start proving.

Give every AI decision a receipt, a chain that can't be quietly edited, and a lineage you can hand straight to an auditor.