Pillar 1Shipped
Tamper-evident capture layer
Signed, chain-hashed token-level capture across providers and frameworks — the foundation everything else folds over.
The eight capability pillars
Eight pillars. One hash-chained substrate.
Every pillar is built on the same per-tenant TokenAuditEvent ledger — signed by the producer, chain-hashed by the server, anchored daily with a Merkle root. Pillars compose; they don’t fragment.
Pillar 1 is shipped today. The rest are in plan, not shipped — each ships with its own narrative page on this site, its docs page, and a video walkthrough.
Pillar 2In plan
Token attribution & influence analysis
Which retrieved chunk shaped which output token. Which system-prompt instruction drove which behavior.
Pillar 3In plan
Security incident forensics
Prompt-injection reconstruction, jailbreak replay, exfiltration detection. The MITRE ATT&CK equivalent for LLM attacks.
Pillar 4In plan
Cost forensics
Token-level cost attribution by feature, user, agent, team, prompt template. Find the leaks aggregate dashboards miss.
Pillar 5In plan
Compliance & audit evidence engine
PII/PHI provenance, GDPR right-to-be-forgotten, SOC 2 / HIPAA / FedRAMP / EU AI Act evidence trails. Admissible, not just informative.
Pillar 6In plan
Agent system reconstruction
Multi-agent token flow visualization, tool-selection investigation, time-travel replay of failed runs.
Pillar 7In plan
Behavior drift & quality forensics
Hallucination root cause at token level, model version diffing, regression analysis across model updates.
Pillar 8In plan
Investigator workbench
Case management, hypothesis tracking, collaborative investigation, evidence export. Built for analysts, not for ops teams.