Project AIR
vindicara.io / admissibility
View source · MIT $ pip install projectair
Admissibility

Built for the people who have to prove it.

Chain-of-custody designed for a skeptical reviewer. This page is written to survive the questions a security lead, a general counsel, or an insurer will actually ask. We are explicit about what Project AIR gives you and what stays your responsibility.

Signed at the source

Records are signed in-process by the same code that handles the action, at the moment it happens. Not tailed from logs. Not reconstructed by a batch job.

Tamper-evident

Forward-chained BLAKE3 content hashing with Ed25519 signatures and opt-in ML-DSA-65 post-quantum signing. Any altered or missing hop fails verification.

Publicly anchored

Chain roots are anchored to Sigstore Rekor. Anyone can verify a record against the public transparency log with zero Vindicara infrastructure in the path.

Court-supportable

FRE 902(13) self-authentication templates and an eIDAS mapping, with an honest disclosures section so nothing is overstated to a reviewer.

Project AIR provides

  • Records signed in-process at the moment of action, not reconstructed from logs.
  • FRE 902(13) self-authentication templates and an eIDAS mapping for EU proceedings.
  • Forward-chained BLAKE3 integrity with opt-in ML-DSA-65 post-quantum signing.
  • Public anchoring to Sigstore Rekor, independently verifiable.
  • Default-deny redaction so sensitive payloads are hashed, not stored in the clear.

You provide

  • An operator-declared agent registry for the identity and scope detectors.
  • A qualified person to attest the records under FRE 902(13).
  • Your retention policy and your own legal review of any filing.
  • The decision on whether host-clock timestamps meet your evidentiary bar.
AB
316
California AB 316 removes the defense that an AI system acted on its own. When "the agent did it autonomously" is off the table, the question becomes who authorized the agent, and can you prove what it did. That is the record Project AIR produces, and it is why delegated authority, not raw logging, is the thing worth proving.

The frameworks your auditor already speaks

EU AI Act
Articles 12 and 72. Audit-trail retention and post-market monitoring evidence, exportable as conformity artifacts.
HIPAA
HIPAA audit trail requirements (45 CFR 164.312(b)), with named clinician identity bound into the chain.
NIST AI RMF
Map, Measure, Manage, and Govern functions backed by runtime evidence rather than policy documents.
AgDR
AI Decision Records: BLAKE3 hashing, Ed25519 and opt-in ML-DSA-65, UUIDv7 ordering, forward-chained integrity.

Honest disclosures

Project AIR is technical documentation, not legal advice. It produces evidence inputs for the frameworks above. It is not a certification, and it does not judge an agent's intent. What it proves is narrow and defensible: that an agent's authority was bounded, that the boundary was enforced, and that the record of what happened was signed and anchored.

Self-authentication under FRE 902(13) is a template and a workflow; admissibility in a specific matter is decided by a court, on your evidence, with your qualified witness. Host-clock timestamps are advanced, not court-qualified by default. Identity and scope detectors depend on an operator-declared agent registry that you maintain.

We would rather you read this section and trust the rest than overclaim and lose you at the first hard question.