XASE

Core Concepts

Understand how XASE captures decisions, links human oversight, and produces offline-verifiable evidence.

Architecture

Your App/API    XASE SDK          XASE Core                 Auditor
    │             │                 │                        │
    ├─ decision ─► capture()  ─────► immutable ledger        │
    │             │                 │  (WORM + hash chain)   │
    │             │                 │                        │
    ├─ review  ──► intervene() ─────► signed HITL records    │
    │             │                 │  (identity + ts)       │
    │             │                 │                        │
    │             │                 ├─ export()  ───────────►│
    │             │                 │  evidence bundle       │
    │             │                 │                        │
    │             │                 ◄──────── verify.sh ◄────┘
  • Immutable Ledger: append-only (WORM) with hash chaining across records.
  • HITL Records: interventions are signed and identity-linked with precise timestamps.
  • Evidence Bundles: portable proof (ZIP) with verify.sh for offline validation.

Records

A decision record contains input, output, model metadata, optional explanation data, and a chain/hash pointer.

record.jsonjson
{
  "id": "rec_8a7f3b2c",
  "model_id": "credit-model-v2",
  "input": {"customer_id": "cust_123", "income": 85000},
  "output": {"decision": "APPROVED", "limit": 25000},
  "confidence": 0.94,
  "hash": "sha256:...",
  "previous_hash": "sha256:...",
  "created_at": "2025-01-15T14:32:00Z"
}

Interventions (HITL)

When a human approves, rejects, or overrides, the action is signed and bound to the actor identity.

intervention.jsonjson
{
  "id": "int_7f6e5d4c",
  "record_id": "rec_8a7f3b2c",
  "actor_email": "analyst@company.com",
  "action": "OVERRIDE",
  "reason": "Documentation verified",
  "signature": "RSA-SHA256:...",
  "signed_at": "2025-01-15T14:35:00Z"
}

Evidence Bundles

Each bundle includes the decision, explanation, interventions, model card, policy snapshot, chain proof, signature, and verification script.

evidence_txn_8a7f3b2c.zip
├── decision.json
├── explanation.json
├── intervention.json
├── model_card.json
├── policy.json
├── chain_proof.json
├── signature.sig
└── verify.sh
Auditors run verify.sh in air‑gapped environments. No API calls. No vendor dependency.

Security & Compliance

  • Crypto: SHA-256 hashing, RSA-SHA256 signatures via KMS.
  • Controls: WORM storage, SQL triggers to prevent edits.
  • Mapping: EU AI Act (Art. 11/14), LGPD, SOC 2, ISO 27001.