From enterprise evidence to verifiable assurance
DigiTrust is verifiable trust infrastructure for the AI era.
This public architecture explains how the reference implementation preserves evidence identity and provenance, verifies quality and claim support deterministically, governs agent authority, and binds trust decisions to signed assurance outputs.
Reference implementation, design-partner stage, limited onboarding, and production hardening in progress. This page does not claim general availability or independent certification.
Evidence → Provenance → Verification → Trust Decision → Assurance Output
Each stage preserves enough identity and context for a reviewer to understand what was evaluated, which rules applied, what failed, and which limitations remain.
Three layers, one inspectable trust boundary
Evidence Packets remain an important outcome, while the platform boundary extends from durable evidence through deterministic verification to multiple assurance outputs.
Evidence Fabric
Tenant- and case-scoped services register immutable artifact metadata, link collection events and governed tool invocations, derive supersession and revocation state, project minimized provenance, and produce signed audit exports. Raw secrets, credentials, tool parameters, and customer evidence bytes stay outside public outputs.
Verification Engine
Strict policy, claim, and plan contracts bind exact identities and input snapshots. Deterministic rules assess eight evidence-quality dimensions, claim support, verifier authority, separation of duties, stale or revoked evidence, and signed-report integrity without LLM calls or fuzzy semantic inference.
Assurance Outputs
Verification reports, audit exports, findings, remediation guidance, buyer-facing summaries, and Evidence Packets expose the basis, identity, evaluated inputs, decision effects, and current limitations of the assurance provided.
Architecture that fails visibly
DigiTrust is designed so critical trust outcomes remain explicit, attributable, and resistant to silent normalization.
Deterministic verification and bounded AI assistance
Current trust outcomes do not depend on an LLM deciding whether evidence is true or semantically sufficient.
Deterministic responsibilities
- Canonical identity, hash, signature, and chain checks
- Artifact lifecycle and terminal replacement resolution
- Exact provenance paths and semantic link requirements
- Declared evidence-type, source, control, and mapping criteria
- Freshness thresholds, evidence minimums, and scoring formulas
- Agent authority, delegation, and separation-of-duties checks
- Non-downgradable hard trust outcomes
Bounded AI-assisted responsibilities
- Guide a user through approved evidence and review workflows
- Summarize already-verified findings for a defined audience
- Help explain remediation without changing the underlying decision
- Operate only through governed tools and delegated authority
- Keep public demonstrations synthetic and read-only
Future semantic analysis, if introduced, must remain separately bounded and cannot override deterministic hard failures.
Eight dimensions make support inspectable
DigiTrust verifies the quality of evidence, not merely whether a document exists. Current checks use declared metadata and policy, not semantic truth inference or content-level contradiction analysis.
Bind what matters. Expose only what is needed.
Reference controls demonstrate the architecture without claiming production key management, certification, or deployment maturity.
Current reference safeguards
- Tenant- and case-scoped durable records
- Append-only histories and canonical SHA-256 hashes
- Demo HMAC signatures over bound identities and inputs
- Governed tool authorization and explicit delegation scope
- Minimized provenance and customer-safe output patterns
- Synthetic, read-only public ChatGPT demonstration
Explicit exclusions
- No production KMS or hardware-backed signing claim
- No independent certification or audit opinion
- No general production availability claim
- No production customer evidence in the public demo
- No guarantee that an assurance output replaces legal, audit, compliance, or procurement judgment
- No current semantic truth or contradiction inference claim
Reference implementation with limited onboarding
DigiTrust currently demonstrates immutable artifact integrity, lifecycle lineage, minimized provenance, signed audit exports, governed agent and delegation checks, deterministic evidence-quality verification, and signed verification reports.
Commercial work is in design-partner and soft-launch stages. Production hardening, customer-specific integrations, operating controls, retention, and production key management require scoped validation.
Known limitations
- 1Reference persistenceSQLite demonstrates durable behavior but is not the target production data architecture.
- 2Reference signingDemo HMAC validates binding logic but is not production KMS signing or non-repudiation.
- 3Metadata verificationCurrent relevance checks explicit metadata and criteria rather than inferred semantic truth.
- 4Planned integrationsCloud reference patterns and production connectors remain subject to design and validation.
AWS Trust Verification Reference Pattern
AWS is the first planned flagship cloud reference integration. Candidate AWS evidence sources may include authorized configuration, identity, security, logging, and control-assessment records selected for a defined trust use case.
Qualification: the pattern is being prepared and is to be validated through an upcoming AWS engagement. It does not represent AWS endorsement, AWS Marketplace availability, partnership status, certification, or a production integration.
Intended validation path
- 1Collect authorized AWS evidenceDefine approved accounts, regions, services, sources, and collection authority.
- 2Preserve provenanceBind evidence to source context, collection events, governed invocations, and lifecycle.
- 3Verify quality and claim supportApply explicit policy, control mappings, evidence criteria, and hard trust outcomes.
- 4Generate signed assurance outputsProduce audience-appropriate findings and trust decisions bound to evaluated inputs.
Review the architecture against one real trust decision
Choose a workflow, evidence source, or planned cloud pattern and request a scoped walkthrough with DigiTrans.