Trust model · LA-13.v2

You can verify your own audit trail without trusting us.

Every governance verdict is written to a tamper-evident chain, anchored daily to a neutral third party. You run our open-source verifier against your own copy of the data to confirm nothing was altered, deleted, or reordered. Your governance history is yours to verify.

What it actually does

Every verdict is cryptographically linked to the one before it.

Each audit entry includes a hash of the entry before it, so they form a chain:

// Each entry's hash depends on the entry before it. Entry 1: verdict + findings + timestamp + ... hash = hash_A Entry 2: verdict + findings + timestamp + ... + prev=hash_A hash = hash_B Entry 3: verdict + findings + timestamp + ... + prev=hash_B hash = hash_C ...

Edit any past entry and its hash changes, which breaks every entry after it. The chain snaps visibly. The verifier walks every link on your own machine, so you don't have to trust the server to tell you it's fine.

In your language

Same trust property. Three audiences.

For your CTO

Cryptographic integrity

Each verdict is chained to the previous one. Modify any historical entry and the chain breaks visibly. Run our open-source verifier against your log anytime. You don't have to trust us, you can check.

For your CISO

Tamper-evident, customer-verifiable

A tamper-evident trail for every governed commit, each entry cryptographically linked to the last. Run our verifier on your own infrastructure to confirm nothing was altered, deleted, or reordered, the same property behind certificate-transparency logs, applied to code governance.

For your Board

A statement you can audit

Every review creates a permanent, tamper-proof record, and a tool to verify it wasn't changed by us or anyone else. Like a bank letting you audit your own statement history without taking the bank's word for it.

How to verify

One command. No vendor in the loop.

The verifier is a standalone tool with two modes:

  • Offline — walks the chain locally, no network. For air-gapped audits or verifying a snapshot.
  • Online — also checks your recomputed head against the server's, catching both local tampering and server-side divergence.
Run it

Verify your own ledger.

Pull the verifier from the AIOS SDK, point it at your audit log, get a clean exit code or a list of broken chain links with line numbers.

$ aios verify \ --ledger ./your-audit-log.jsonl \ --server $AIOS_SERVER \ --api-key $AIOS_API_KEY ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ AIOS Verifier ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Found 4,217 ledger entries. ✓ Chain integrity: PASSED. head = 8b3f...d1c9 ✓ Head reconciliation: PASSED. Local and server agree.

A broken link exits non-zero with the affected line and expected-vs-actual hashes, capture it and follow our discrepancy protocol (rare, treated as high-severity with an SLA). Prefer no install? Paste a bundle into the browser verifier at /trust/proof, same verifier, running it locally stays the zero-trust path.

Integrity and authenticity

The chain proves nothing changed. The signature proves it came from us.

Two different guarantees, and AIOS gives you both:

  • Integrity is the chain, any edit snaps a visible link, proving contents are unchanged.
  • Authenticity is the signature, exported bundles are signed with a key that never leaves our servers, proving the bundle really came from AIOS.

Integrity alone isn't enough: a tamperer can recompute hashes to look consistent again. Only the AIOS private key produces a signature that verifies against our published key, so a valid signature could only have come from us.

The published key

Verify the signature yourself.

Every signed bundle embeds the public key and fingerprint it was signed with. Confirm that fingerprint matches the one we publish, then the verifier checks the signature for you. No vendor in the loop.

$ curl https://aios.visnryentertainment.com/trust/pubkey { "algorithm": "ed25519", "key_id": "aios-ed25519-b39c77b409749fa9", "fingerprint": "b39c77b4...fdaa849", "public_key_pem": "-----BEGIN PUBLIC KEY-----..." } # The verifier compares this to the fingerprint embedded # in your bundle and reports a match before checking the signature.

The live fingerprint is always at /trust/pubkey, treat that as the source of truth. Key rotations are published, never silent: the full record of which key was active when is at /trust/key-history, so a bundle signed under an earlier key still verifies against the right one.

What's NOT in your audit log

We never store your source. We never publish your records.

The chain is about integrity, not exposure. We never publish customer ledgers. What goes in:

What gets recorded

  • Verdict metadata, pass / advise / block, finding categories, rule IDs, line numbers, timestamps
  • SHA-256 hash of each governed artifact (so the chain can prove which version was reviewed). never the artifact itself
  • Authorship attestation, human / AI / mixed, per-commit
  • Rule-set version + active critic catalog versions (so verdicts are replayable against the exact rules in effect)

What never gets recorded

  • Your source code. On the never-transits path it never reaches our server at all, AIOS evaluates a value-free shape (counts, no code). Elsewhere it transits only during evaluation and is discarded immediately, never written to disk, databases, backups, or the log.
  • Your file contents. The chain proves which file was governed via its hash, not the file.
  • Your secrets, API keys, or any literal value from your codebase.

Verdicts come back categorical (rule IDs, line numbers, severity), never source, which is how the chain stays in MB, not GB.

Live external anchors

The proof, updating in real time.

On a schedule (and on every deploy), AIOS pins a fingerprint of the whole ledger to DigiCert's RFC 3161 timestamp authority. You can't backdate a timestamp, so anchored history can't be rewritten. Opaque hashes only, no code, no customer data.

Loading live anchors…

Or check a token against DigiCert yourself: base64-decode a tokenBase64 from /trust/anchors to anchor.tsr and run openssl ts -reply -in anchor.tsr -text.

The summary

You don't have to trust the vendor. You can verify your own data.

Your governance records are yours, and their integrity is yours to verify with a tool we ship openly. That holds whether AIOS is online or not, and whether you're auditing for SOC 2 next week or in a deposition five years from now. Build records that survive.

Betacoverage and behavior may change · advisory only