Docs / Security / Evidence
Evidence and audit readiness.
Decision records are exportable, regulator-ready, and provable without internal access.
How to use
1. Review control
Understand the control definition.
2. Verify implementation
Confirm evidence output exists.
3. Export proof
Generate evidence for auditors.
4. Monitor drift
Track changes to control posture.
Audit exports
Regulator view
Read-only evidence access with deterministic exports.
Evidence integrity
Receipts and hashes allow third-party verification.
Decision evidence
Intent payload + policy basis
Decision outcome and reasoning
Immutable audit identifiers
Key API endpoints
GET /evidence/ledger — decision recordsGET /exports/registry — export registryEvidence outputs
Evidence ledger exports
Receipt hashes