The code behind audit-grade observability
Each primitive in the architecture diagram maps to a concrete module in the Cognita codebase. Analyst reviewers, customer platform engineers, and external auditors can trace any marketing claim to the file that implements it.
Evidence row + chain link
Every state-changing route fires recordAuditLog() or recordEvidence(). Both append a row to audit_log (Postgres) with hash = SHA-256(canonicalJSON(payload) + prevHash + signature). Chain integrity is intrinsic — a missing or modified row breaks the next row's hash.
WS7 audit-log coverage gate (99 mutating routes, 100% covered via scripts/audit-log-lint.ts)
View source →Object Passport (source badge)
Every governed object (model, AIIA, policy, attestation, finding) carries a sourceBadge JSON field with a 5-type provenance taxonomy: human / ai / referential / calculated / imported. CHECK constraint in migration 0018 enforces the shape at the database layer.
Provenance shape enforced by Zod validators per object type
View source →Merkle anchoring (hourly)
Hourly Inngest cron drains the audit_log's unanchored entries, computes a Merkle tree over the entry hashes, and writes the segment root to the configured anchor backend. Idempotent — re-runs are safe; markAnchored() locks in the receipt.
View source →S3 Object Lock backend
Anchor receipt = AWS PutObject response on a bucket configured with Object Lock COMPLIANCE-mode retention (default 2557 days = 7 years). Once written, neither AWS console users nor IAM principals (including root) can modify or delete the object until retention expires. The receipt is the external attestation that the segment existed at the recorded timestamp.
Bucket configuration: versioning ON · Object Lock ON · COMPLIANCE mode · cross-region replication for DR
View source →Bundle export
Export route assembles chain.json + anchor.json + verify-ledger.mjs (the offline verifier) + manifest.json (per-file SHA-256s) into a signed ZIP. Phase-2 added an aiia-summary.json extras file with per-model AIIA posture so external auditors get the AIMS state without separately requesting PDFs.
View source →Public verifier
POST {entries, anchor} → returns ok=true with the recomputed Merkle root, or ok=false with the precise tamper diff (chain_break / merkle_mismatch / count_mismatch / firstId_mismatch). No auth, no tenant access — by design. The bundled verify-ledger.mjs CLI implements the same algorithm offline.
Rate-limited at 30 req/min per IP via lib/rate-limit.ts
View source →Counter-signature (AuditorCredential)
Phase-1 ships the productized counter-signature. Each signed deliverable creates an auditor_credentials row carrying accreditation_tier=IAF-MLA (the moat — portable across CBs) + cb_anchor (interchangeable). document_hash + signature chain into the same persisted-ledger evidence stream.
View source →60-day audit-pass guarantee
Bundle / Certification purchases create an audit_pass_guarantees row. Daily cron sweep at 14:00 UTC calls list_pending_audit_pass_due() SECURITY DEFINER helper; for each PENDING row whose firing_by has elapsed, audit-logs audit_pass.refund_due. External audit verification stays human — we never auto-refund.
- Whitepaper — the why (regulatory framing under EU AI Act Article 72)
- 15-min demo — three artifacts in JSON form
- Live verifier — GET returns the verifier metadata
- OpenAPI spec — every endpoint with auth + scope
- Red-team series — commissioned reconstructions in production
- IAF-MLA framing — why the credential is the moat, not the CB