Skip to content
Talk to us
Back to Built by Cynsta

Evidence and trust layer

Available

Portable evidence for high-risk AI actions.

AAP is a portable evidence standard and verifier for AI system activity. It packages manifests, hash-chained events, file hashes, timestamp evidence, and profiles for independent review.

Talk to us View AAP spec on GitHub View all products

AAP Core

portable evidence package / verifier
PASS 
$ aap-verify evidence.aap --output json{  "verification": "PASS",  "standard": "aap-core",  "version": "1.0",  "files_checked": 10,  "sessions_checked": 1,  "events_verified": 6,  "anchors_checked": 1}
manifestfile hashesevent chaintimestamp evidence

Problem

Reviews cannot rely on screenshots.

When AI systems operate in regulated or high-risk workflows, teams need more than logs scattered across dashboards. They need a portable chain of custody that can prove what happened without forcing everyone to trust a hosted UI.

Fit

Where it fits

Use AAP when evidence needs to leave the originating system: audits, incident review, regulated workflows, release control, runtime witness records, or third-party verification.

Package anatomy

Evidence that can leave the system.

AAP is designed as a portable standard, not another product dashboard. The artifact carries the structure reviewers need to verify what happened.

Abstract Cynsta governance illustration with layered paths and fine verification lines

required

manifest.json

Package identity, producer, evidence scope, integrity settings, timestamps, and declared file hashes.

required

tool_versions.json

The verifier and producer context needed to understand how the artifact was created and checked.

required

events/session_*.jsonl

Hash-chained event streams with sequence index, previous hash, data hash, and event data.

optional

anchors and profiles

Timestamp proofs, batch Merkle roots, release-control records, runtime-witness records, or domain profiles.

Verifier behavior

What the verifier checks

The verifier is intentionally narrow. It checks structure, hashes, chains, timestamp references, and profile-required files; it does not claim to judge the business decision.

01

manifest schema, required fields, and evidence scope

02

declared file hashes and undeclared archive files

03

event-chain continuity and per-record data hashes

04

batch Merkle roots and timestamp evidence references

05

profile-required files when strict profile mode is enabled

06

local anchor proofs when verifier keys are available

Trust boundary

What AAP proves

  • the bundle is internally consistent
  • declared files match their hashes
  • event chains were not silently rewritten
  • timestamp and profile references are linked

Trust boundary

What stays outside

  • whether the external anchor operator is trusted
  • whether the product policy was the right policy
  • whether every source system captured complete facts
  • whether an organization should approve the action

Spec and verifier

Two repos, one evidence layer.

aap-spec

Normative AAP Core structure: package layout, manifest schema, hash algorithms, event chains, Merkle roots, anchors, and profile extension model.

Open repository

aap-verify

Public verification CLI for `.aap` evidence bundles. It verifies consistency and cryptographic linkage, but does not generate evidence.

Open repository
Abstract Cynsta governance illustration with layered paths and fine verification lines

Cynsta view

Evidence is not a dashboard view. It is a record that can travel beyond the system that created it.

Audience

Who it is for

Regulated AI teams
Security and governance leaders
Audit and compliance reviewers
Teams building agentic systems

Want to discuss AAP Evidence Layer?

We can help you decide whether this product, a custom system, or a broader AI architecture engagement is the right path.

Talk to Cynsta