- Every event sealed with chained SHA-256
- record_hash links to prev_hash
- Monotonic seq per tenant chain
- Go-forward genesis — honest, not retro-faked
The audit trail you can hand an auditor.
Every governed run lands in a tamper-evident, hash-chained Trust Ledger — with signed receipts you can verify offline and a 10-hop provenance graph from the human who asked to the outcome that shipped. Move from governed to provable.
Aligned with EU AI Act · ISO 42001 · NIST AI RMF traceability
A log you can edit is not evidence.
Most AI platforms write an audit log — but a log a privileged insider can quietly insert, edit, delete, or reorder proves nothing to a regulator. When the question is 'can you prove this decision happened, with this input, and was approved?', a mutable table is a liability. Cortex seals the answer into a chain that breaks visibly the moment anything changes.
Four mechanisms, one provable record.
The Trust Ledger is built on @cortex/provenance — a pure, testable hash-chain core with zero IO — wired into the existing audit sink so the whole agent fleet gets sealed for free.
- GET /audit/verify over any range
- Returns { ok, brokenAtSeq, head }
- /audit/head exposes seq + hash
- Recomputes the whole chain server-side
- Compact receipt per outcome: run, action, approval
- Verifiable offline by a third party
- HMAC-SHA256 today, Ed25519 publishable keys next
- Keys operator-supplied — fail-closed in prod
- 10 hops: human → agent → skill → prompt → policy
- → model → tool → artifact → outcome → approval
- GET /lineage/:correlationId
- Datapoint provenance: fact → filing · page · bbox
Change one byte and the chain breaks — visibly, at the exact sequence.
Each record's hash is computed over its canonicalized fields plus the previous record's hash. verifyChain recomputes every link and compares. Insert, edit, delete, or reorder — any mutation surfaces as ok:false with the broken sequence number, not a silent diff buried in a log.
- Insert / edit / delete / reorder all detected by verifyChain
- Verdict is precise: { ok:false, brokenAtSeq, reason }
- Canonical JSON (sorted keys) makes the hash deterministic and re-checkable
- Append guard seals under concurrency with FOR UPDATE
Every fact clicks through to its source filing, page, and box.
It is not enough to cite a document. Cortex pins each surfaced fact to the exact bounding box on the exact page of the source — with a value hash, an as-reported flag, and a confidence score. Click a number, see where it came from, and verify it wasn't paraphrased into something new.
- Fact → source_uri · page · bbox
- value_hash proves the number wasn't altered post-extraction
- asReported flag distinguishes verbatim from derived values
- Threaded through RAG so search citations carry their provenance
How a run becomes provable.
No new services, no behavior change — sealing and lineage emit at the chokepoints every governed run already passes through.
- 01
Seal on write
The existing event path loads the chain tail, computes prev_hash and record_hash, signs the record, and appends it. One writer, so the whole fleet gets tamper-evidence transparently.
- 02
Mint the receipt
On executed or compensated, Action Fabric mints a signed outcome receipt over the payload hash, ledger seq, and ledger hash — a compact proof a third party can validate offline.
- 03
Assemble the lineage
On run completion the runtime emits lineage nodes and edges keyed by correlationId, stitching the 10-hop chain — async via the outbox so it never blocks the run.
The verdicts you'll see in the demo.
These are not slideware promises — they are the literal API responses the Trust Ledger returns when you challenge it.
The ledger sits under every other control.
Provenance is the moat because it threads through everything — identity, actions, ontology, and oversight all write into the same sealed record.
Control Tower
Watch the verify badge flip green or red live, and pause the fleet the moment a chain breaks.
Action Fabric
Every executed and compensated action mints a signed receipt into the ledger as evidence.
Ontology
Datapoint provenance pins facts to typed objects, properties, and their source filings.
Agent IAM
The human and agent identities at hops 1 and 2 of every lineage chain are enforced at issuance.
Oversight
Approval decisions are hop 10 — sealed and signed alongside the outcome they gate.
Trust Center
Map sealed ledger, receipts, and lineage to the EU AI Act, ISO 42001, and NIST AI RMF.
Built for the frameworks your auditors already cite.
The sealed ledger, signed receipts, and lineage graph map directly to the logging, traceability, and AI-management-record controls in the regimes you report against. Aligned with — never claiming certification you don't hold.
“The first time an examiner asked us to prove a decision, we opened the lineage view, showed the 10 hops, and verified the receipt on their own laptop. The conversation was over in five minutes.”
Stop logging. Start proving.
Give every AI decision a receipt, a chain that can't be quietly edited, and a lineage you can hand straight to an auditor.