## TenetSafe v099 (Local-First Evidence + Local AI Insight Engine)
TenetSafe v099 marks our transition from "evidence capture" to an operational intelligence layer for local automation.
In v097, we introduced independent, tamper-evident workflow evidence.
In v098, we moved rich evidence fully into customer infrastructure and kept the Hub as a signed digest anchor.
In v099, we add a local AI Insight Engine on top of that trusted evidence layer to make workflow operations understandable, actionable, and audit-ready for non-technical teams.
This release positions TenetSafe as a new category: **local AI governance and operations intelligence for low-code automation platforms**.
---
## What Changed in v099
- **From forensic storage to local AI insight**
- TenetSafe now converts complex execution logs into plain-language business narratives in the local dashboard.
- Teams no longer need to parse raw JSON to understand what happened.
- **From single-execution visibility to daily operational pulse**
- Daily summaries surface execution patterns, unusual outcomes, and operational highlights across workflows.
- Leaders get a business view of automation activity without sacrificing technical traceability.
- **From passive evidence to proactive risk signaling**
- Compliance and privacy scans identify likely PII exposure and potentially high-risk data handling patterns.
- Signals are generated locally and attached to execution context, not disconnected checklists.
- **From "log collector" perception to governance platform trajectory**
- TenetSafe is now both a cryptographic witness and a local AI analysis layer.
- Evidence integrity and operational intelligence are treated as equal pillars.
---
## Why This Matters
AI workflows in tools like n8n and Activepieces are becoming mission-critical for SMEs and regulated teams.
The problem is no longer just "Can we log what happened?" but:
- Can non-technical owners quickly understand what happened?
- Can teams detect risky data patterns before incidents?
- Can organizations prove integrity while keeping sensitive data local?
TenetSafe v099 answers all three with one architecture:
- **Local-first evidence and analytics**
- **Independent remote digest anchoring**
- **Business-readable AI narratives and risk signals**
---
## v099 Product Capabilities
### 1) Local AI Insight at Execution Level
With its **NEW** local AI Insight Engine, TenetSafe generates a concise business narrative and structured key facts directly from local execution evidence.
Example outcome:
- "Customer support case was classified as general support, reviewed by a human approver, and the approved response email was sent to the requester."
Each insight is explicitly labeled as AI-generated and linked to evidence context for verification.
### 2) Smart Fix for Failures
For failed executions, TenetSafe provides contextual diagnostics to reduce time-to-resolution:
- probable failure reason in plain language
- where in the workflow the issue occurred
- recommended next checks/fixes for operators
### 3) Compliance Guardrails (Local PII and Risk Signals)
TenetSafe flags likely sensitive-data and governance hotspots in workflow payloads and decisions, including:
- likely PII leakage patterns
- potentially risky attribute usage in decision paths
- data-flow moments requiring policy attention
These are operational governance signals, not legal claims. They help teams catch issues early and triage faster.
### 4) Daily Pulse and Executive Visibility
The dashboard now provides daily operational summaries that combine:
- execution outcomes
- AI-generated narratives
- structured workflow facts
- risk signal counts/trends
This turns automation monitoring from raw event review into management-ready reporting.
---
## Architectural Direction (Built for the Long Term)
v099 extends the v098 local-first architecture without weakening trust boundaries.
- **Customer infrastructure remains source of truth**
- Raw execution artifacts remain local.
- AI analysis runs locally.
- **Hub remains independent witness**
- Hub stores only digest payloads (hashes) and signatures, no raw evidence, no PII.
- Integrity checks remain reproducible and verifiable end-to-end.
- **Resilient by design**
- AI insight generation is asynchronous and non-blocking.
- Core workflow execution and evidence capture continue even if AI services are temporarily unavailable.
- **Future-proof model strategy**
- Local model orchestration supports controlled evolution across model families while preserving audit metadata and prompt versioning.
- The local evidence layer is designed to work with any model — open-source or proprietary, local or cloud (e.g. AWS, Azure, or native providers) — and can switch or scale across environments on demand with minimal effort, while preserving consistent auditability.
---
## Positioning: Where TenetSafe Fits
TenetSafe is not trying to replace broad enterprise GRC suites.
Instead, we are building the specialized layer those suites do not offer:
- workflow-native governance for low-code/agentic automation
- local-first evidence and local AI analysis
- fast operational clarity for teams running real automations daily
**Ideal users:**
- SMEs scaling automations with n8n/Activepieces
- compliance-contsrained product and ops teams
- AI-forward organizations with local data retention requirements
- service providers who need to prove controlled, explainable automation to clients
- operations teams that want insight into executed workflows and deeper analysis without exposing raw data externally
---
## Mission Progression in v099
Our mission remains unchanged in principle, but expanded in scope:
- **Then:** Prove what happened.
- **Now:** Prove what happened and understand what it means, locally and in time to act.
TenetSafe v099 moves governance from retrospective audit prep toward day-to-day operational confidence.
---
## Important Clarifications
TenetSafe v099 improves decision visibility and governance readiness, but:
- it does not guarantee legal compliance by itself
- it does not replace internal policy ownership
- it does not claim to "certify" workflow correctness
What it does provide is the technical foundation organizations need to run trustworthy automation with stronger evidence, faster understanding, and better risk awareness.
---
## Looking Ahead
v099 establishes the core loop:
1. Capture trusted evidence locally
2. Generate local operational insight
3. Surface risk early
4. Anchor integrity independently
This is the foundation for TenetSafe's next stage: policy-aware automation governance that remains practical for modern low-code teams. ## TenetSafe v098 (Local‑First Evidence + Remote Digest Anchors)
TenetSafe v098 introduces a new core philosophy: **rich evidence collection happens inside the customer’s infrastructure**, while the remote Hub stores only an **independent, KMS‑signed cryptographic anchor** (hashes + signatures) for each execution.
This strengthens privacy, improves reproducibility, and keeps the Hub as a credible third‑party witness.
---
## What changed (the v098 philosophy)
- **Local backend is the evidence source of truth**
- Collects workflow JSON snapshots, full execution logs, and raw node event payloads inside customer infra.
- Computes deterministic SHA‑256 hashes using a single canonicalization strategy.
- **Remote Hub becomes a thin digest ledger**
- Stores only **digest payloads** and **Hub KMS signatures**.
- Never receives raw workflow JSON, execution logs, or PII.
- **Evidence is provable end‑to‑end**
- Any execution can be reconstructed locally from stored artifacts.
- Its digest can be verified against the Hub‑signed anchor.
---
## Privacy and compliance improvements
- **No raw evidence leaves the customer**
- Workflow JSON snapshots, execution logs, and node payloads stay local.
- The Hub receives only digest payloads (hashes + minimal metadata).
- **Credible third‑party witness**
- Hub signatures provide independent integrity anchoring for each execution digest.
- **Reproducibility**
- Hashes are computed deterministically from stored raw artifacts using canonicalization.
- Any hash can be re‑computed later for verification.
---
## Operational changes you should know
### Two databases (clean separation)
- **Hub database (remote)**
- Runs on Supabase in stage/prod.
- Stores digest ledger and dashboard data.
- **Local backend database (customer/local)**
- Runs alongside the customer’s n8n deployment.
- Stores raw evidence + hashes for executions.
### Trust boundaries
- n8n nodes communicate with the **local backend**.
- local backend communicates with the **remote Hub** using Hub API credentials (with narrow digest write permissions).
---
## What you get with TenetSafe v098
- A stronger audit story:
- “We can reconstruct what happened locally” plus “the remote Hub independently anchored the digest.”
- Better privacy posture:
- remote Hub never sees raw logs or PII.
- A simpler “verification workflow” for incidents:
- load local artifacts → recompute hashes → rebuild digest → verify Hub signature.
---
## Notes for developers / operators
- This release is part of the v098 rearchitecture and reflects a breaking architectural shift from the previous Hub‑centric model.
- Continue to follow the milestone docs and the v098 evidence digest contract when extending evidence capture or adding new node event types. # TenetSafe v0.9.6: Independent Evidence for AI Workflows
# v0.9.7 addes missing evidence pack enhancements, chaining, and other UI improvements
## What is TenetSafe?
TenetSafe is a **third-party, append-only evidence store** that links declared workflow intent to execution outcome hashes, without storing raw payloads, without blocking execution, and without enforcing policy.
It provides independent, tamper-evident records of what workflows were authorized to do and what actually occurred—enabling post-incident reconstruction and defensibility in high-consequence environments.
**What TenetSafe does:**
- Captures explicit authorization context (purpose, scope, ownership)
- Seals execution outcomes with cryptographic proof
- Prevents logs from being rewritten quietly after the fact
- Forces developers to declare intent explicitly
- Enables faster incident reconstruction
**What TenetSafe does NOT do:**
- Prove the workflow was correct or ethically sound
- Enforce scope at runtime
- Guarantee compliance by itself
- Monitor or block unauthorized actions
- Store raw payloads or sensitive data
---
## What’s New in v097
- **EU‑hosted, cloud‑ready platform**: TenetSafe Hub and Dashboard are delivered via managed infrastructure to reduce operational burden while keeping evidence in the EU.
- **Scoped access + auditability**: API access is controlled via scoped credentials and an append-only audit trail for calls and key lifecycle events.
- **Human oversight evidence**: The new n8n Human Oversight node extends the chain from **Intent → Execution → Seal** to **Intent → Execution → Oversight → Seal**, recording who reviewed what, what they decided, and when.
## Core Promise: Independent Evidence, Not Proof of Correctness
TenetSafe operates on a foundational principle: **preserve evidence, not prove innocence**.
By itself, TenetSafe proves **integrity** of the record, not correctness of the decision or action. Forensics, interpretation, and contextual judgment still required. This is intentional. TenetSafe provides:
- **Separation of concern**: Execution system ≠ Evidence system
- **Tamper resistance**: Logs can't be rewritten quietly after an incident
- **Accountability forcing function**: Developers must declare purpose explicitly
- **Incident compression**: Faster reconstruction narrative when issues arise
- **Confidence unlock**: "We can experiment with AI because we have an independent black box."
But it does not magically solve disputes about whether the AI "should have" done something different.
**Why this matters:** In litigation or audit, an internal logging system is always suspect. A third-party witness—even a simple one—changes the entire psychology of accountability.
---
## Core Value: Credibility Arbitrage, Not Dev Time Savings
Yes, a company *could* build this themselves:
- Hash payloads
- Store in S3
- Implement append-only logic
- Add cryptographic signatures
- Build a dashboard
**But the hard part is not the hashing.** The hard part is:
- **Independence**: Is it really third-party, or just a company reviewing its own logs?
- **Audit narrative credibility**: Can you prove nobody edited history quietly?
- **Chain integrity credibility**: Can regulators trust your evidence chain?
- **Consistency**: Are all your workflows logging the same way?
An internal logging system is always suspect in litigation. **A third-party witness changes everything.** This is credibility arbitrage, not dev time savings.
---
## Key Features & Design
Multiple seals can be created for branching workflows—one for each execution path.
### 1. **Intent Declaration**
Workflows explicitly declare their purpose, scope, and authorization at startup:
- **Workflow name & owning team**: Who is running this and who authorized it?
- **Purpose**: What is this workflow authorized to do?
- **Systems touched**: Which external systems will be affected?
- **Risk tier**: Classification (low, medium, high) for audit prioritization
- **Reference ID**: Link to approval tickets or compliance records
All technical context (workflow ID, execution ID, trigger type, user) is captured automatically from the n8n execution environment.
### 2. Human Oversight Events
In addition to machine execution, TenetSafe now records **human‑in‑the‑loop oversight**:
- n8n Human Oversight nodes capture reviewer identity, decision, timestamp, and optional context
- Each oversight event is linked to the same `intent_id` as seals and becomes part of the evidence chain and Evidence Pack
- Oversight is **observed, not enforced** – TenetSafe records that humans reviewed or escalated decisions without blocking production workflows
### 3. **Execution Sealing**
Outcomes are cryptographically sealed at workflow terminal points:
- **Status proof**: Success, failure, or aborted
- **Output hash**: SHA-256 hash of the final action (email body, API payload, database update, etc.)
- **Outcome summary**: Optional human-readable description of what occurred
- **Decision metadata**: Capture decision factors (confidence scores, policy triggers, model version, etc.) without storing full reasoning traces
Multiple seals can be created for branching workflows—one for each execution path.
### 4. **Tamper-Evident Storage**
All evidence records are stored with cryptographic guarantees:
- **AWS KMS signatures**: Every intent and seal is digitally signed, preventing later tampering
- **Append-only database**: Records can never be modified or deleted, only created
- **Cryptographic chaining**: Each record includes a hash of the previous record, creating tamper-evident chains per workflow
- **Daily integrity snapshots**: Immutable backups stored in S3 for long-term audit verification
### 5. **Compliance Dashboard**
A web interface for non-technical compliance officers and auditors:
- **Timeline view**: All evidence sessions in reverse chronological order with status indicators
- **Advanced filtering**: By team, workflow name, risk tier, status, and date range
- **Session details**: Full intent → execution → outcome lifecycle with platform metadata and signatures
- **Evidence Pack export**: One-click PDF generation for auditors with intent summary, outcome hashes, timestamps, and cryptographic proof references
- **Unverifiable session detection**: Automatic flagging of evidence where proof gaps exist
### 6. **Privacy & Compliance by Design**
- **No raw payloads stored**: Only hashes and metadata, never sensitive data
- **GDPR compliant**: EU data residency (Frankfurt), configurable retention, right-to-be-forgotten support
- **EU AI Act alignment**: Enables traceability and reconstruction (Art 12), not correctness guarantees
- **Metadata-only transmission**: Workflows send intent and outcome hashes only, no PII or business data
---
## System Architecture
TenetSafe consists of three integrated components:
### 1. **n8n Custom Nodes** (Workflow Integration)
Three explicit nodes that developers place in workflows:
- **Declare Intent Node**: Captures authorization and scope at workflow start
- **Human Oversight Node**: Records human‑in‑the‑loop review events (who reviewed, what decision, when, and optional context)
- **Seal Execution Node**: Records execution outcomes at terminal points
All nodes support n8n expressions for dynamic configuration and integrate seamlessly with existing workflows.
### 2. **TenetSafe Hub API** (Accountability Engine)
The Hub API receives and validates evidence records, stores them with cryptographic integrity, and provides session views and signed proof for auditors via the Dashboard and exported evidence packs.
### 3. **TenetSafe Dashboard** (Evidence Visibility)
Web application for audit and compliance workflows:
- Session timeline with status indicators
- Rich filtering (team, workflow, risk tier, status, date)
- Session detail view with platform metadata
- PDF export for auditors and regulators
- WCAG 2.1 AA accessible, works on desktop and tablet
---
## Technical Highlights
- **Fail‑open reliability**: workflows never block due to TenetSafe unavailability.
- **Tamper‑evident audit trail**: cryptographic signatures and append‑only storage preserve integrity.
- **Human oversight evidence**: who reviewed what, what they decided, and when.
- **Privacy by design**: the Hub stores hashes and metadata—no raw payloads or PII.
- **Dashboard usability**: accessible, audit‑friendly views and evidence export.
---
## Use Cases: Who Actually Needs This?
**Teams who:**
- Trigger financial consequences (trades, settlements, transactions)
- Affect employment decisions (hiring, firing, reviews)
- Touch customer rights (data access, price changes, eligibility)
- Operate under audit culture
- Fear reputational damage
- Deploy AI where failure visibility matters
### Specific Industries
| Industry | Problem | Solution |
|---|---|---|
| **Financial Services** | Prove authorization chain for every trade, settlement, transaction | TenetSafe preserves third-party evidence of what was approved |
| **Healthcare** | Audit trail for patient data access, prescription changes, medical records | Independent evidence outside hospital system |
| **HR Automation** | Defensibility for hiring, firing, review decisions | Preserved context and evidence of authorization |
| **Compliance-Heavy B2B SaaS** | Risk management and incident reconstruction | Quick reconstruction narrative when auditors ask questions |
| **Enterprise Fintech/Automation** | Regulatory evidence for automation decisions | Third-party witness to automation governance |
---
## Why TenetSafe? The Real Problem It Solves
Organizations deploying AI agents and autonomous workflows in high-consequence environments face a common problem: **how do we show we have control?**
- **Regulators ask:** "Can you prove what your AI was authorized to do and what it actually did?"
- **Internal leadership asks:** "Can we experiment with AI without fear of hidden failures?"
- **Auditors ask:** "Can you prove nobody edited those logs after the incident?"
Existing tools don't solve this because:
- **Traditional logs**: Mutable, editable by admins, stored inside the same system running the automation
- **Manual approval processes**: Don't scale, create bottlenecks
- **Email trails**: Easy to delete or hide
- **Internal evidence systems**: Always suspect in litigation—they're too easy to "correct"
TenetSafe solves this by making evidence **independent, tamper-evident, and automatic**—baked into every workflow, never blocking operations, always available when you need it.
**The psychological payoff:** You can experiment more confidently because you have proof of the experiment.
---
## Security & Privacy Guarantees
✓ **No PII Storage**: Only metadata and hashes, never raw payloads or sensitive data
✓ **Independent from execution system**: Evidence system ≠ automation system
✓ **Tamper-resistant**: Append-only storage prevents quiet history editing
✓ **Cryptographic signing**: KMS-backed signatures prove integrity
✓ **EU Data Residency**: Frankfurt region only
✓ **GDPR Compliance**: Retention policies, right-to-be-forgotten
✓ **Fail-Open Design**: Never blocks workflows
✓ **Integrity backups**: Independent backups for verification