§02 primitives

three primitives. the whole product.

no dashboards, no rules engines, no policy editors. an append-only ledger and the proofs to verify it offline.

locked records

each event canonicalizes to a deterministic byte sequence. one byte changes, the sha-256 changes. the record's identity is its content.

canonicalization rfc 8785 (jcs)

digest sha-256 over canonical bytes

signature ed25519, customer kms key

timestamp rfc 3161 (digicert tsa)

linked chain

each event carries the digest of the one before it. rewrite a record in the middle, every record after it is invalid. the chain is its own audit log.

structure per-tenant hash chain

anchor hourly merkle root → public chain

proof size o(log n) inclusion proof

verification offline, no syen call required

audit ready

the proof package is a signed json bundle: the event, the chain context, the anchor, the kms attestation. an auditor verifies it with public tooling.

bundle json + detached ed25519 sig

frameworks sr 11-7 · nist ai rmf · soc 2

federal omb m-25-22 · fy2026 ndaa · eo 14365

tooling cli syen-verify proof.json

§03 try to rewrite history interactive · the signature moment

edit any byte of any record. watch the chain break.

this isn't a demonstration video. the bytes below are real. sha-256 runs in web crypto. ed25519 runs in @noble/ed25519. the demo keypair is fixed and committed (it secures nothing). open devtools — every call is on window.__syen. [server-only steps — kms, rfc 3161 tsa, public-chain anchoring — are labeled inline.]

#00114:02:09z

event_typepolicy.check.passed

actorsvc:policy-engine@v3

framework_mapping["sr_11_7", "nist_ai_rmf"]

sha2569c4ea01b…signed

prev_digest— (genesis)root

#00214:02:11z

event_typecredit.decision.made

actorsvc:underwriting-llm@2026.03.18

decisionapproved

amount_usd24000

applicant_idapp-991

human_reviewedtrue · reviewer:ariana.lee@acme.example

framework_mapping["sr_11_7"]

sha256a1f09e2c…signed

prev_digest9c4ea01b…linked

canonical bytes (rfc 8785) — bytes that changed

sha256 storeda1f09e2c4d8b7e1f4ad62c0bc7e914b58a3e2c91d4f0a98cb2…

sha256 recomputedcomputing…

ed25519 verifysignature_invalid · public key 0x7f…

block #002 fails verification. all subsequent blocks invalidated.

#00314:02:14z

event_typehuman.review.recorded

actoruser:ariana.lee@acme.example

attestation"reviewed and approved per sr 11-7 §iii.4"

sha256d8a31c77…signed

prev_digesta1f09e2c…linked

#00414:02:18z

event_typeproof.bundle.exported

actorsvc:export-api

recipientaudit-team@examiner.gov

sha2565522bb17…signed

prev_digestd8a31c77…linked

click any underlined value in block #002 to edit.

canonicalize. serialize the event under rfc 8785 (jcs). deterministic byte order.
digest. sha-256 over the canonical bytes. fixed 32 bytes regardless of payload.
chain. include the digest of block #001 (9c4ea01b…) in block #002's payload.
sign. ed25519 signature over (digest ‖ prev_digest), key in customer aws kms.
verify. recompute the digest. compare to the stored hash. check the signature against the customer public key.

awaiting input

edit a field above, or run the tamper preset, to see the diagram step through.

think of it as a mini blockchain for ai decisions: an internal, permanent, cryptographically chained record that nobody can alter without every subsequent record exposing it immediately.

a four-step walkthrough. record, sign, verify, retrieve.