Outbound intent

Leave Kenshiki Labs

You're about to open another destination.

Destination

external destination

Kenshiki Labs
  • Home
  • The Claim Ledger

Technical Specification

The Claim Ledger

The Claim Ledger is a tamper-evident record of every retrieval decision, REBAC resolution, coverage gap, gate firing, and policy evaluation that informed a given AI response. It produces a chain-of-custody record for AI outputs that is exportable in JSON and CSV for regulatory examination. No assertion — cryptographic proof.

What it is

The Claim Ledger is a structured record created for every AI inference. It captures:

  1. Query ID: Unique identifier for this inference.
  2. Requester profile: User identity, role, REBAC clearances.
  3. Compiled query plan: How the prompt compiler interpreted the request.
  4. Evidence scope: Which documents were eligible for retrieval.
  5. Retrieved documents: What was actually fetched (with evidence metadata).
  6. Evidence coverage: How much of the eligible evidence was examined (percentage).
  7. Gate outcomes: Which policy gates fired and their decisions.
  8. Output state: AUTHORIZED, PARTIAL, REQUIRES_SPEC, or BLOCKED.
  9. Model and prompt versions: Full reproducibility.
  10. Claim mappings: Each claim in the output mapped to its source evidence.
  11. Timestamps: Immutable proof of when this happened.
  12. Cryptographic signatures: HMAC-SHA-256 on each field for tamper detection.

Why it matters

Without a Claim Ledger, an AI audit is a guessing game. You can log what the model said, but not what it was allowed to know. You can’t prove whether a wrong answer was a hallucination or authorized data access. You can’t show regulators that policy was enforced.

The Claim Ledger closes that gap. It’s the evidence file. When someone asks “How did this AI reach this conclusion?” you can replay the ledger and show exactly what it knew, what it could access, and what policy gates it passed.

Data model

Key schema fields (JSON):

  • id: UUID of this ledger entry
  • query_id: Request identifier
  • created_at: ISO 8601 timestamp
  • requester: { user_id, email, clearances: [list] }
  • evidence_scope: { total_eligible, retrieved, coverage_pct }
  • gates: [{ name, rule, outcome, timestamp }]
  • output_state: enum (AUTHORIZED | PARTIAL | REQUIRES_SPEC | BLOCKED)
  • claims: [{ claim_text, source_id, evidence_text, matched }]
  • model: { name, version, adapter_version }
  • signature: HMAC-SHA-256 of all fields

How Kenshiki Labs implements this

  1. Integration point: After model inference, before output emission.
  2. Recording: Every retrieval, gate, and output decision is logged.
  3. Signature: Each entry is signed with a service key (key rotation every 90 days).
  4. Export: JSON/CSV export for compliance audits.
  5. Replay: Deterministic replay of any inference decision.
  6. Long-term storage: Encrypted at-rest in compliance-audited storage.

Use cases

  1. Compliance audit: Prove to regulators that policy was enforced.
  2. Incident investigation: Understand exactly what an AI did and why.
  3. Model evaluation: Measure coverage, gate performance, and output state distributions.
  4. User transparency: Show users what evidence backed their answer.
  5. Forensics: Detect unauthorized access or policy violations.

The Claim Ledger is the difference between “trusting” an AI system and “proving” an AI system works the way you think it does.

Frequently asked questions

Can I use the Claim Ledger to prove my AI system followed policy?

Yes. The Claim Ledger records every policy gate that fired, what it checked, and whether it passed. An auditor can verify that for any given inference, the policy boundaries were enforced. It's not assertion — it's cryptographically signed proof.

How long should I retain Claim Ledgers?

That depends on your regulation. Healthcare: 3-10 years. Finance: 6-7 years. Government: often longer. Ledger entries are small (KB per inference), so storage cost is negligible even for millions of entries. Retention policy should match your compliance requirements.

Is the Claim Ledger accessible to end users?

Typically no — it's for operators and auditors. But you can surface key information to the user: output state (AUTHORIZED, PARTIAL, BLOCKED), what evidence was retrieved, and why the output was approved or degraded. Full ledger export happens during audits.

Can I regenerate a Claim Ledger if the original is lost?

Only partially. If your logs captured the request, evidence retrieved, and model response, you can reconstruct some information. But if policy gates are not logged, you can't know for certain what gates fired. This is why ledger generation must be built in from the start, not retrofitted.

What happens if someone tries to tamper with a Claim Ledger?

Each ledger entry is signed with HMAC-SHA-256 based on the entry content and a server-side key. If anyone modifies the entry, the signature becomes invalid. An auditor can detect tampering by re-checking the signature — no database access needed.

Can the Claim Ledger prove the model wasn't hallucinating?

No. The ledger shows what evidence was retrieved and what the model claimed. If the claim doesn't match the evidence, the ledger proves it — but that's not the same as proving the model wasn't hallucinating, just that the hallucination was caught and the output state was appropriately degraded.

How does the Claim Ledger work in air-gapped environments?

The same way. Ledger entries are cryptographically signed on-system. They can be exported to offline storage (USB drive, secure media transfer). An auditor can verify signatures offline — no network connection needed.

Is Claim Ledger data exportable for regulatory submission?

Yes. The Claim Ledger exports to JSON or CSV, with signatures intact. Regulators can import the data into their own systems and verify signatures independently. The format is designed for interoperability with compliance platforms.

What if an inference doesn't generate a Claim Ledger entry?

That's a failure. The system is designed such that every inference produces a ledger entry — enforced by database constraints, not application logic. If an entry is missing, something went critically wrong and the inference should be considered invalid.

Related concepts