Skip to main content

Audit Evidence & Provenance

Cordum Edge is designed to satisfy the most rigorous security audits. While developers see Cordum as a helpful "quiet" layer, auditors see it as an immutable, cryptographically-verified evidence chain.

The core of this capability is ProvenanceGate — a mechanism that ensures destructive actions are only permitted when there is a permanent, verifiable record of human approval.

The Auditor Moat

Traditional agent hooks or permission systems rely on transient local state. Cordum Edge creates a "moat" by separating the developer workspace from the policy authority and audit chain:

  1. Cryptographic Chain: Every action and approval is linked to a per-tenant audit hash chain.
  2. Resolved-Only Evidence: A destructive action (like rm -rf or git push) is only allowed if a "Resolved" approval event exists in the audit chain. A mere "Requested" event is not enough.
  3. Hash-Binding: Approvals are bound to the exact hash of the action and the redacted input. Any change to the command requires a new approval.
  4. Single-Use: Once an approval is consumed, it is marked as such in an atomic operation. There are no "class approvals" or "time windows" for risky actions.

ProvenanceGate

ProvenanceGate is the final gate in the Action Gates pipeline. It performs a "lookback" into the immutable audit stream to verify that the approval presented for a destructive action is real and hasn't been tampered with.

How it works

When a destructive action is attempted with an approval_ref:

  1. MutationGate first validates that the backend approval store has a record marked approved.
  2. ProvenanceGate then connects to the per-tenant audit chain (audit:chain:<tenant>).
  3. It searches for a canonical edge.approval_resolved event with:
    • A decision of approved.
    • Matching approval_ref.
    • Matching action_hash.
  4. If the event is missing, malformed, or belongs to a different tenant/action, the gate fails closed.

Verification for Auditors

Auditors can verify the integrity of the evidence using the standalone cordum-verify tool. This tool re-computes the hash chain and confirms that every governed action corresponds to a valid policy decision and approval event.

What an auditor sees

When an auditor inspects a session bundle:

  • Session Lifecycle: When the agent started and ended.
  • Policy Snapshot: Exactly which rules were in effect.
  • Action Timeline: Every governed action taken by the agent.
  • Approval Evidence: For every risky action, a link to the human reviewer, the time of approval, and the cryptographic proof from the audit chain.

Raw prompts, tool payloads, and sensitive output are never stored. Auditors see the fact of the action and the fact of the approval, without exposing PII or secrets.

Verification Failures

ProvenanceGate distinguishes between different failure modes to provide clear signals to security teams:

Reason CodeMeaningOutcome
audit_evidence_missingNo resolved approval event found in the chain.DENY
audit_chain_compromisedHash chain validation failed (possible tampering).DENY (Critical Alert)
audit_chain_verifier_unavailableThe verification service is down.DENY (Fail-Closed)