Evidence · Policy · Verification
Blog
Essays and interactive proof demos on decision assurance, compliance automation, and verifiable systems.
Proof Demos & Essays
Curated entrypoints: static essays plus interactive, inspectable demos.
Cryptographic Audit Chains
How to commit decisions to an append-only chain you can verify independently.
Unverifiable Policy Logs
Why “we logged it” is not the same as “we can prove it.”
Decision Lifecycle
Follow a single authorization decision from request to evidence.
Verification
Verify a disclosed bundle without trusting the UI or server state.
Denial Case
See what a fail-closed denial looks like when you can inspect the proof.
Audit Stream
Explore linked evidence entries as a stream of verifiable events.
Policy Change
Inspect what changed, who changed it, and how the record stays tamper-evident.
Audit Stream Demo
A compact end-to-end example: generate → disclose → verify.
Posts
⬢ The $5,000 Prompt: A Production Horror Story
How hexarch-guardrails 0.4.6b1 turns blocking into auditing—proving exactly what you saved.
⬢ The Intern’s Best Friend: A Guide to Fearless Development
How hexarch-guardrails 0.4.6b1 keeps new engineers safe while they move fast.
⬢ Tutorial: Implementing Persistent Audit Logging with Postgres
A production-grade setup guide for hexarch-guardrails 0.4.6b1 using PostgresAuditStore.
Testing “Safe Delete” Protections with Hexarch Guardrails
A practical guide to validating safe-delete enforcement and auditing outcomes with hexarch-guardrails.
Validate “Safe Delete” Protections with Hexarch Guardrails
A hands-on walkthrough showing how pre-execution policy enforcement blocks destructive actions before they run.
Show Your Work: Proof for Authorization Decisions
A field note on building auditable, verifiable decision systems.
Version-Locked Entitlements: Why Breaking Changes Don't Break Your Consumers
How the AccessPlan and ApiVersion data model creates immutable subscription contracts that shield consumers from upstream changes.
Six Streams, One Truth: Real-time Observability with Server-Sent Events
How the guardrailsSseStream() async generator delivers live audit logs, policy decisions, provider calls, and security events to the UI.
The AI Policy Architect: From Natural Language to Validated Configuration
Inside geminiService.ts: how generatePolicy() translates prompts into schema-validated policy configs with safe fallbacks.
Authority vs. Execution: Proving What's Actually Running
How the GatewayNode interface and ClusterManager component separate desired state from applied state—with cryptographic verification.
The Policy Execution Pipeline: Phases, Failure Modes, and Short-Circuits
How PolicyPhase, FailureMode, and the ExecutionFlowView component model request processing through ordered filter chains.