Overview
The PROOF layer creates an immutable record of every governance decision. It provides the audit trail that allows reconstruction of exactly what happened, when, and why.
Responsibilities
- •Generate proof ID — Create unique identifier for each decision
- •Create hash — Generate SHA-256 hash of decision details
- •Chain proofs — Link to previous proof record for integrity
- •Store durably — Persist proof records for minimum retention period
Requirements
MUSTGenerate a unique proof_id for each decision
MUSTInclude SHA-256 hash of the proof payload
MUSTInclude reference to previous proof_id (hash chain)
MUSTInclude ISO 8601 timestamp with timezone
MUSTStore proof records for minimum 7 years
MUST NOTAllow modification of existing proof records
ProofRecord Schema
{
"proof_id": "prf_xyz789abc",
"previous_proof_id": "prf_uvw456def",
"timestamp": "2026-01-15T10:30:02Z",
"intent_id": "int_abc123xyz",
"entity_id": "ent_agent_001",
"decision": "ALLOW",
"payload_hash": "sha256:a1b2c3d4e5f6...",
"chain_hash": "sha256:9z8y7x6w5v4u...",
"signature": {
"algorithm": "ECDSA-P256",
"value": "MEUCIQDk..."
},
"metadata": {
"implementation": "cognigate",
"version": "1.0.0"
}
}Hash Chain Structure
Each proof record contains a chain_hash that incorporates the previous proof's hash, creating a tamper-evident chain:
chain_hash = SHA256( previous_proof.chain_hash + current_proof.payload_hash + current_proof.timestamp )
Chain Visualization
┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ Proof N-2 │────▶│ Proof N-1 │────▶│ Proof N │ ├──────────────┤ ├──────────────┤ ├──────────────┤ │ chain_hash │ │ chain_hash │ │ chain_hash │ │ = SHA256( │ │ = SHA256( │ │ = SHA256( │ │ prev + │ │ prev + │ │ prev + │ │ payload + │ │ payload + │ │ payload + │ │ timestamp) │ │ timestamp) │ │ timestamp) │ └──────────────┘ └──────────────┘ └──────────────┘
Integrity Verification
To verify chain integrity, implementations MUST:
- Retrieve the proof record to verify
- Recompute payload_hash from stored payload
- Verify payload_hash matches stored value
- Retrieve previous proof record
- Recompute chain_hash using previous chain_hash
- Verify chain_hash matches stored value
- Optionally verify digital signature
Security Alert: If any hash mismatch is detected, this indicates potential tampering. The system MUST halt proof operations and alert security personnel.
Retention Requirements
| Decision Type | Minimum Retention | Notes |
|---|---|---|
| ALLOW | 7 years | Standard audit requirement |
| DENY | 7 years | Required for security analysis |
| ESCALATE | 7 years | Includes approval decision |
| Financial | 10 years | Regulatory compliance (SOX) |
| Healthcare (PHI) | 6 years | HIPAA requirement |