Skip to content

Keon-Systems/keon-evidence-vault

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 

Repository files navigation

Keon Evidence Vault

⚠️ Write-once. Read-only. Verifiable.

This repository is the append-only evidence vault for Keon-governed workflows.
It stores sealed evidence packs, receipts, and verification artifacts that prove what happened, under which policy, and under whose authority.

Execution proposes. Governance decides. Receipts prove.

See LICENSE.md for permitted and prohibited use.

What Is an Evidence Vault?

An evidence vault is a repository designed to store sealed, immutable proof of governed system behavior.

In Keon, evidence vaults exist to ensure that:

  • outcomes can be independently verified
  • decisions are attributable to explicit human authority
  • system behavior can be audited without trust in narratives or logs

Evidence stands on its own. Verification is the source of truth.

This repository is intentionally append-only. Existing artifacts must never be modified or replaced. New runs produce new evidence.

What This Repository Is

This repository contains:

  • Sealed evidence packs (sealed.zip)
  • Deterministic receipts (receipts.jsonl)
  • Human decision records (directive_receipts.json)
  • Policy versions applied during execution
  • Integrity manifests and cryptographic hashes

These artifacts are generated by policy-driven, Keon-governed workflows.

Git history is not the authority.
Cryptographic verification is.

What This Repository Is Not

  • ❌ Not source code
  • ❌ Not documentation meant for reuse or modification
  • ❌ Not an open-source library
  • ❌ Not a narrative record or marketing artifact

No file here is accidental.
No artifact here is mutable.

Repository Structure

evidence/
  <workflow-id>/
    <run-id>/
      sealed.zip
      seal-manifest.json
      summary.json
      receipts.jsonl
      decisions/
        directive_receipts.json
        file_decisions.jsonl
  policies/
    policy.<name>.yaml
ledger/
  VAULT_LEDGER.jsonl
  • Each workflow run lives in its own directory
  • Corrections result in new runs, not edits
  • Meaning follows placement. Placement follows governance.

The Evidence Ledger (VAULT_LEDGER.jsonl)

VAULT_LEDGER.jsonl is an append-only index of all evidence packs stored here.

Each entry records:

  • timestamp of sealing
  • workflow ID and run ID
  • source repository and commit SHA
  • policy ID, version, and hash
  • sealed archive hash
  • manifest hash

The ledger enables:

  • quick discovery of evidence
  • independent verification
  • external audit without repo traversal

The ledger itself is not authoritative — it is a map.
The sealed evidence packs are the authority.

How to Verify an Evidence Pack

Verification is intentionally simple and tool-agnostic.

1. Locate the Evidence Pack

Each run directory contains:

  • sealed.zip
  • seal-manifest.json

2. Verify the Sealed Archive

sha256sum sealed.zip

Compare the result to the hash recorded in seal-manifest.json.

They must match exactly.

3. Verify Individual Artifacts (Optional)

unzip sealed.zip
sha256sum <filename>

Confirm hashes match those recorded in the manifest.

4. Review Receipts and Decisions

  • receipts.jsonl — deterministic workflow receipts
  • directive_receipts.json — explicit human authority
  • file_decisions.jsonl — derived actions under approved directives
  • Human authority is explicit, non-delegable, and receipted.
  • No silent changes. No implicit approval.

Immutability Guarantees

This repository is enforced as write-once, read-many.

  • Existing evidence must not be modified or deleted
  • Only new directories may be added
  • History rewriting is blocked by policy and repository protections
  • Any modification invalidates integrity guarantees.

Referenced By

Evidence in this vault is referenced by:

  • Keon documentation (keon-docs, keon-docs-internal)
  • OMEGA workflows (omega-docs, omega-docs-internal)
  • Governed remediation and categorization workflows
  • Repositories reference evidence by hash and path, not by trust.

Why This Exists

While Keon Evidence Vault is technology-agnostic by design, it is commonly used to govern and audit AI-driven systems, including large language model (LLM) workflows, agentic execution frameworks, and automated decision-making systems.

In these contexts, evidence packs provide verifiable answers to questions such as:

  • Why did an AI system make this decision?
  • Under which policy was the decision permitted?
  • Where did human authority intervene?
  • What evidence proves the decision path?

The same verification and governance model applies regardless of whether execution is performed by humans, software systems, or AI agents.

Most systems ask you to trust logs, dashboards, or explanations. Keon systems provide evidence instead. Sealed. Deterministic. Auditable.

Evidence stands on its own.

About

Write-once, read-only evidence vault for Keon-governed workflows. Stores sealed evidence packs, receipts, and verification artifacts for audit and review.

keon.systems

Topics

compliance governance evidence audit-trail append-only ai-governance keon compliance-ai evidence-vault cryptographic-evidence decision-receipts immutable-records verification-auditability

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors