The evidence walks out the door with you.
Adjudon is your custodian until the moment you don't want us to be. Every customer can export a portable bundle of their policy versions, transcripts, review outcomes, and effectiveness snapshots. The bundle architecture is dual-signed (D-Trust QTSP + Sigstore Cosign) and verifiable offline. If Adjudon disappears tomorrow, your evidence still verifies.
Status today (2026-05-11): the bundle generator + Node CLI verifier ship and run offline; the D-Trust qualified-timestamp signature and Sigstore Cosign keyless signature are wired but produce deterministic-mock tokens until their respective procurement gates fire (D-Trust commercial contract; GitHub Actions OIDC for Cosign). The standalone self-contained binary (cedar-wasm embedded) is built by backend/scripts/build-replay-binary.sh; pre-built signed binaries publish in Phase 3.1. See court-admissibility for the per-gate detail.
One archive. Eight directories.
A bundle is a .tar.gz archive with a structured manifest. Generated by POST /api/policies/export-bundle; downloadable via GET /api/policies/export-bundle?download=1.
adjudon-policy-bundle-{orgId}-{period}.tar.gz
├── manifest.json # canonical (RFC 8785 JCS) — hashed root
├── policies/
│ └── {policyId}.json # current Policy document
├── versions/
│ └── {versionHash}.json # immutable PolicyVersion records (chained)
├── transcripts/
│ └── {versionHash}/
│ └── {traceId}.json # per-evaluation PolicyTranscript records
├── reviews/
│ └── {policyId}.ndjson # PolicyReviewOutcome stream
├── effectiveness/
│ └── {policyId}.json # latest precision/recall/F1/FPR
├── signatures/
│ ├── manifest.json.sig # D-Trust QTSP qualified-timestamp + sig
│ └── manifest.json.bundle # Sigstore Cosign keyless + Rekor v2 proof
└── verifier/
├── adjudon-replay-linux-x64
├── adjudon-replay-macos-arm64
└── adjudon-replay-windows-x64.exeOne command. Five checks.
Court-appointed expert opens the bundle on an air-gapped laptop. Runs:
./verifier/adjudon-replay-linux-x64 \ --bundle adjudon-policy-bundle-acme-2026-Q1.tar.gz \ --verify-signatures \ --verify-chain \ --replay-all-transcripts ✓ manifest signature valid (D-Trust QTSP, issued 2026-04-01T00:00:00Z) ✓ Sigstore Rekor v2 inclusion proof verified (logIndex 18742091) ✓ PolicyVersion chain: 47 versions, no breaks ✓ Replayed 12,938 transcripts, 0 divergences ✓ Hash chain head matches manifest digest
Each transcript is replayed by recompiling the pinned ADL/JSON v1 source through the embedded Cedar substrate and matching the recorded decision. A divergence is a red flag — and the verifier exits non-zero so the expert has a deterministic outcome to enter into the record.
Defense in depth — two independent anchors.
D-Trust QTSP
EU-registered Trust Service Provider under eIDAS Art. 24. Qualified electronic timestamp — self-authenticating in German civil court per §371a Abs. 3 ZPO. Cryptographic strength backed by a regulator-supervised infrastructure.
Sigstore Cosign + Rekor v2
CNCF-graduated, run by the Sigstore community. Public, append-only transparency log. Independent of Adjudon and independent of D-Trust. If either party were compromised, the other anchor still proves the timestamp.