Primitives

Evidence Pack

A cryptographically signed bundle of audit-grade evidence produced as the system runs.

What it is

An Evidence Pack is a complete audit trail for a single request or workflow. It contains: the signed user prompt, AI model outputs, policy decisions with justifications, data retrieval lineage, identity claims, approval signatures, and the timeline connecting them all. Each pack is cryptographically signed, independently verifiable, and structured for automated compliance checks. Think of it as a complete legal file for every AI interaction.

Evidence PackPRMPOLOUTLINIDPSIG
Building pack
  • PRM
    Signed Prompt
    user_id · org_id · ts
  • POL
    Policy Decision
    allow · with conditions
  • OUT
    Model Output
    tokens · params · model@v
  • LIN
    Data Lineage
    sources · transforms
  • IDP
    Identity Claims
    subject · roles · scopes
  • SIG
    Sign-offs
    named · time-stamped
Pack hash·······

Every request leaves behind its own pack — from prompt to signature.

Why it matters

Auditors don't need access to your running system — they need the evidence the system produced. Evidence Packs provide that proof without exposing your infrastructure. They accrue continuously as the system operates, not retrospectively at quarter-end when memory has faded. When a regulator asks 'prove this decision was compliant,' you hand them the pack. It's self-contained, independently verifiable, and maps to their compliance framework.

Where it lives in AIOP

The Attest primitive and Audit Stream generate Evidence Packs automatically during execution. Compliance templates map pack structure to regulatory frameworks: EU AI Act, DORA, MiFID II, FINMA. Adding a new framework means creating a new template, not rewriting the system.

Business Value

Cut audit preparation drastically.

  • Pass regulatory reviews on the strength of cryptographic proof, not narrative.
  • Eliminate the cost of reconstructing decisions from logs.
  • Defend against liability claims with cryptographic proof.
  • Enable AI in regulated sectors where evidence requirements block competitors.
Value for Teams
Legal teams

Get court-admissible evidence instead of ambiguous logs.

Compliance officers

Download packs directly for auditor review.

Operations teams

Diagnose issues from complete evidence instead of partial logs.

Executives

Present documented proof to boards and regulators.