Trust, IAM & Audit
Zero-trust nodes, capability-gated execution, and forensic-grade evidence
Node Identities
• Ed25519 for signing/verification
• X25519 for E2EE mesh transport
• SHA256 fingerprints
• QR-based TOFU pairing
Trust Store
• Trusted / Blocked / Unknown status
• Fingerprint-based verification
• Optional labels and metadata
• Revocation support
Capability Tokens
• Scoped permissions
• Time-bound validity
• No ambient authority
• Runtime enforcement
Execution Evidence
Not just logs — structured proof suitable for compliance and forensic analysis.
• Trace ID links all events
• Step timeline with timestamps
• Node labels and platform info
• Verified/degraded status
• Input/output summaries (safe, no PII)
• Execution path reconstruction
Audit Logging
JSONL event logs with Chain-of-Thought separation.
• Internal reasoning retained for audit
• Public reasoning for APIs/webhooks
• Step-level event logging
• Workflow completion events
• Tamper-evident timestamps
• Exportable for SIEM integration
Observability & Monitoring
Mesh Visibility
Real-time node discovery, trust status, capabilities, location (opt-in)
Execution Paths
Track which nodes executed each step, failover events, degraded status
Environment Data
BLE/WiFi observations, network topology, offline/online transitions
Designed for Regulated Environments
Policy enforcement • Execution evidence • Audit trails • Forensic reconstruction