AuditChain
Tamper-aware records for prompts, dispatches, decisions, returns, evidence links, and operator approvals. Ed25519-signed, hash-chained, canonical pipe-delimited format.
Where AI meets accountability
The governance brain behind defensible AI work.
AIREC is NorthGate's evidence and policy infrastructure: the layer that records what AI was asked to do, who approved it, what changed, what proof came back, and whether the work can survive review.
AIREC
Policy, context, trust, and audit infrastructure for AI work.
1
Prompt and authoritywho asked, what scope, what policy
captured
2
Agent returnresult, evidence, drift signals
verified
3
Audit chainsigned record, confidence, replay path
anchored
~260K
LOC AIREC runtime + API
12+
enforcement engines wired into
/v1/enforce
Ed25519
signed checkpoints · canonical hash chain
MIT
open-source verifier — offline, no platform access
6
regulated verticals · HIPAA / federal / finance / legal
The infrastructure underneath the AI team.
AIREC is not another chat surface. It is the control and evidence layer behind FlightDeck and TrustSHIELD: context, authority, policy, proof, and reviewable decisions. Twelve named runtime engines, ~260K LOC of runtime + API, all wired into one /v1/enforce decision path.
TruthAnchor
Cryptographic anchoring for checkpoints and proof artifacts so important AI decisions are not just screenshots and memory.
ForensicConfidence
Composite per-tenant trust score that rolls Reflex, Streaks, AISAL, symbiotic-trust, and override-detector signals into one number procurement can read.
ContextMesh
Context continuity across projects, sessions, agents, and machines so the same work does not have to be re-explained every time. Backed by a multi-agent coordination fabric.
Policy Mesh
Policy gates and authority checks that decide what an AI agent can do, who must approve it, and what proof is required. Per-tenant, runtime-hot-reload.
AISAL
AI Safety Action Layer — the decision matrix indexed by risk level. What's allowed at trust level L1 differs from L4. Wired into the enforcement pipeline.
Trust Reflex & Streaks
Real-time behavioral trust scoring (0–150 range, four modes: EMPOWERED / BALANCED / CAUTION / RESTRICTED) plus a long-running reputation ladder for repeated agent behavior.
InjectionShield
Prompt-injection blocking with weighted detection patterns. Blocks identity drift and unsafe delegation before the response leaves the box.
IdentiGUARD
Credential and jailbreak detection. Catches secrets, tokens, and known jailbreak templates before they reach the model.
PhantomRedactor
PII removal via configurable patterns. Strips personally identifying information from prompts and responses on the way through.
HalGuard
Hallucination scoring on model responses. Tracks claim verifiability against source quality and known facts; downgrades trust when responses drift.
TrueNorth Synthesis
Multi-provider LLM orchestration: cost metering, budget gating, citation counting, and the synthesis path that turns several model responses into one defensible answer.
The verifier your auditor already trusts.
TrustFlash Verifier is a single MIT-licensed Python script. Your auditor runs it against the evidence pack offline. No platform access. No proprietary readers. No vendor in the room.
MIT-licensed · standalone
Open-source proof, by design.
Federal procurement, SOC 2 assessors, and enterprise security teams don't trust black boxes. The TrustFlash Verifier is a single Python file that validates the entire evidence chain: Ed25519 signatures on each checkpoint, hash chain integrity across audit events, canonical formats enforced, SHA256SUMS verified.
An auditor can read it, run it, and confirm a NorthGate evidence pack tells the truth — without ever talking to us. That is the point.
Source: tools/trustflash-verifier/trustflash_verify.py · shipped inside every evidence pack and published as a standalone CLI.
$ ./trustflash_verify evidence-pack-v4.0.6.tar.gz
[ok] archive structure valid
[ok] manifest.json schema valid
[ok] SHA256SUMS — 19/19 files verified
[ok] checkpoint chain — 184/184 signed (Ed25519)
[ok] canonical hash chain unbroken
[ok] SBOM present (CycloneDX 1.5, SPDX 2.3)
[ok] SARIF container scan present
[ok] threat model + attack surface present
[ok] capability statement present
[verified] evidence pack is intact and authentic
# exit 0
Inside the evidence pack.
Every signed export from AIREC is one .tar.gz file. Open it with standard tools. Verify with standard SHA-256. Nineteen artifacts inside, including the verifier you just ran.
M
manifest.jsoncontents, versions, hashes
JSON
S
SHA256SUMSevery file integrity-checked
text
C
airec-api-sbom.cdx.jsonSoftware Bill of Materials
CycloneDX 1.5
C
airec-api-sbom.spdx.jsonSBOM, second standard
SPDX 2.3
T
gl-image-scan-report.sarifcontainer CVE scan
Trivy · SARIF
F
forensic-confidence-score.jsontenant trust posture
JSON
T
Threat-Model.mdSTRIDE-style adversary model
Markdown
A
Attack-Surface-Inventory.mdendpoints, scope, exposure
Markdown
B
public-benchmark-result.jsondefended vs undefended baseline
JSON
V
trustflash-verify.pythe MIT-licensed verifier itself
Python
Built for AI work that has to survive review.
The first serious markets are the teams that cannot afford invisible AI work: healthcare, federal/defense, finance, and engineering groups shipping software with agents.
HIPAA-aware governance, hallucination scoring, audit trails, and policy-backed AI review.
Evidence packs, authority controls, review-ready posture, and defensible chain records.
Traceable advisory workflows, review proof, approval records, and confidence scoring.
Context continuity, drift detection, cross-agent review, and mission-level evidence for AI-built software.
Commercialized through products.
FlightDeck uses AIREC to govern multi-agent engineering work. TrustSHIELD uses AIREC to govern defended AI chat. The same infrastructure powers both product paths.
Structured as a strategic asset.
The audit-chain, trust-anchor, and forensic-confidence layer is designed to be understandable, defensible, and portable enough for serious diligence when the market proof is ready.