Model, prompt version, sources, confidence, and the pre-act verdict recorded before any side-effect fires — on a tamper-evident, hash-chained, signed ledger you can hand to a regulator. Runs on your infrastructure, with your own keys.
You are deploying AI that influences real decisions — prices, claims, repairs, access, sign-off — and you cannot prove, on demand, what the model saw, which version produced the output, what it was grounded on, how confident it was, and that a human, not the machine, executed anything irreversible. The EU AI Act makes automatic record-keeping a legal obligation for high-risk systems, with the deployer accountable even when the model is someone else's, at least six months of retention, and fines reaching the millions.
Ad-hoc application logs are not an audit trail: they are mutable, ungoverned, and prove nothing about tamper. The moment you let an off-the-shelf agent both decide and record its own actions, the evidence is written by the same thing it is meant to hold accountable. That is exactly the authority you cannot hand a model.
Fast — there is no new store to build and no second source of truth to reconcile. The trail extends the one shared actions ledger flow8 already uses; a pilot retrofits one reversible-only flow with the kill-switch on and runs shadow-first, so you see signed evidence rows before anything consequential is wired.
The same evidence contract covers every producing flow across your estate — one decision or ten thousand.
Before any side-effect fires, each AI decision writes a row with model, prompt version, retrieved sources and scores, per-output confidence, injection flag, and the pre-act policy verdict — the full context, not a stack trace.
A per-actor hash chain plus an HMAC signature, continuously re-verified. An attacker who edits an outcome and recomputes a self-consistent chain still fails the signature check, because the signing key never left your key store.
Money and identity actions are recorded prepare-only with proceed=false, and the dashboard reports the exact prepared-vs-committed ratio — so the trail that satisfies the regulator also proves the autonomy boundary held.
One auditor and CISO dashboard — actions by actor, prepared-vs-committed, itemized money/identity log, violation trend, chain-integrity status — recomputed every run instead of going stale between audits.
The ledger and corpus live in your own database and vector store, on-prem-capable; the embedding and LLM provider is swappable via config; the signing key never leaves your key store and is never written to a report.
Timestamp, operator and actor id, model version, input, output, governance policy applied, policy flags — the required fields land as columns, so evidence retrieval is a filter, not a forensic reconstruction.
The model proposes; a human executes; nothing touching money or identity ever auto-fires. It is the same secure spine every flow8 Solution runs — here worn as a signed, queryable audit trail.
proposed row written and signed on a shared, tamper-evident ledger — before the act, not after.proposed row — model, version, sources, confidence, verdict — hash-chained and HMAC-signed on the shared ledger.
draft, not act
Audit-Ready Compliance Trail turns every AI side-effect across your estate into a signed, queryable evidence record. At the moment a producing flow is about to act, it runs the injection pre-scan, lets a schema-locked LLM suggest structure while grounding and confidence are captured in code, and writes a prepared row carrying the full decision context — model, prompt version, the exact source chunks and scores it was grounded on, output confidence, an injection flag, and a deterministic pre-act verdict — into one shared, append-only ledger before the act.
After the act confirms, the same row is hash-chained to its predecessor and HMAC-signed, making the trail tamper-evident without forking the store, while a read-only sweep continuously re-walks the chain to catch tamper, ungoverned actions, and money/identity escapes. Because money and identity are recorded prepare-only and a human executes them, the guardrail is not a policy bolted on after the fact — it is the architecture. Off-the-shelf agents let a model act first and log later; flow8 signs the evidence before the side-effect ever fires.
Not rebuilt from scratch — composed from the same governed building blocks every flow8 Solution shares, so it ships in days.
Any business whose AI influences a consequential decision that a regulator can later demand you prove — with the model, the grounding, and who executed it.
Adopt this one and it plugs into the spine the others already write to.
Retrofit one reversible-only flow and watch it write signed, hash-chained evidence rows your team can query — no side-effects, full audit trail. When you're ready, light up the read-only sweep and the Article-12-shaped dashboard over it, then wire the producers you haven't touched yet on the exact same ledger.
Book a demo →