Audit Evidence & Provenance
Cordum Edge is designed to satisfy the most rigorous security audits. While developers see Cordum as a helpful "quiet" layer, auditors see it as an immutable, cryptographically-verified evidence chain.
The core of this capability is ProvenanceGate — a mechanism that ensures destructive actions are only permitted when there is a permanent, verifiable record of human approval.
The Auditor Moat
Traditional agent hooks or permission systems rely on transient local state. Cordum Edge creates a "moat" by separating the developer workspace from the policy authority and audit chain:
- Cryptographic Chain: Every action and approval is linked to a per-tenant audit hash chain.
- Resolved-Only Evidence: A destructive action (like
rm -rforgit push) is only allowed if a "Resolved" approval event exists in the audit chain. A mere "Requested" event is not enough. - Hash-Binding: Approvals are bound to the exact hash of the action and the redacted input. Any change to the command requires a new approval.
- Single-Use: Once an approval is consumed, it is marked as such in an atomic operation. There are no "class approvals" or "time windows" for risky actions.
ProvenanceGate
ProvenanceGate is the final gate in the Action Gates pipeline. It performs a "lookback" into the immutable audit stream to verify that the approval presented for a destructive action is real and hasn't been tampered with.
How it works
When a destructive action is attempted with an approval_ref:
- MutationGate first validates that the backend approval store has a record marked
approved. - ProvenanceGate then connects to the per-tenant audit chain (
audit:chain:<tenant>). - It searches for a canonical
edge.approval_resolvedevent with:- A decision of
approved. - Matching
approval_ref. - Matching
action_hash.
- A decision of
- If the event is missing, malformed, or belongs to a different tenant/action, the gate fails closed.
Verification for Auditors
Auditors can verify the integrity of the evidence using the standalone cordum-verify tool. This tool re-computes the hash chain and confirms that every governed action corresponds to a valid policy decision and approval event.
What an auditor sees
When an auditor inspects a session bundle:
- Session Lifecycle: When the agent started and ended.
- Policy Snapshot: Exactly which rules were in effect.
- Action Timeline: Every governed action taken by the agent.
- Approval Evidence: For every risky action, a link to the human reviewer, the time of approval, and the cryptographic proof from the audit chain.
Raw prompts, tool payloads, and sensitive output are never stored. Auditors see the fact of the action and the fact of the approval, without exposing PII or secrets.
Verification Failures
ProvenanceGate distinguishes between different failure modes to provide clear signals to security teams:
| Reason Code | Meaning | Outcome |
|---|---|---|
audit_evidence_missing | No resolved approval event found in the chain. | DENY |
audit_chain_compromised | Hash chain validation failed (possible tampering). | DENY (Critical Alert) |
audit_chain_verifier_unavailable | The verification service is down. | DENY (Fail-Closed) |
Related
- Action Gates — the deterministic pre-dispatch pipeline.
- Observability — operational metrics for provenance.
- Policy & Modes — the approval retry flow.