EchoAtlas Trust Center
Continuous evidence that the EchoAtlas Empire's controls are working. Every badge below is derived from a checked-in deterministic predicate; the evaluation cron runs hourly. Auditor letters are uploaded under each framework when available. Programmatic access lives at /api/public/v1/compliance/trust-report.
Passkey-protected operator layer
0 operators with at least one non-revoked WebAuthn passkey.
Phase 26 ships verifier-resistant auth for every operator high-risk action (incident resolve, token mint, drift wont-fix). The badge above reflects coverage; SOC 2 CC6.1 + GDPR Art.32 evidence regenerates each compliance pass.
Hash-chained audit forensics
no checkpoint yet
Phase 31 mirrors every audit-relevant row across the empire (OperatorAudit, TrustDriftEvent, RestoreVerification, RegionFailoverDrill, ComplianceEvaluation, CostAlert) into a hash-chained AuditFact log; tampering with any row invalidates every row after it. The daily roll cron anchors the head against this checkpoint and publishes it at /api/public/v1/audit/head; the GitHub Action mirrors it into git history under docs/empire-audit-head/. SOC 2 CC7.2.5 + GDPR Art.30.1 + HIPAA §164.312(b) + ISO 27001 A.8.34 evidence regenerates each compliance pass.
Chaos engineering
no chaos runs in the trailing 30d
Phase 32 actively breaks the empire on a 15-minute schedule from a whitelist of five reversible fault categories (synthetic-latency, bridge-token-rotate- rehearsal, cron-skip-one, feature-flag-flip, prisma-readonly-window). Every fault is reversible inside its declared blast radius and the schedule freezes automatically when a critical TrustDriftEvent is open. The badge above tracks the rolling 30-day SLO hit rate; SOC 2 CC7.4 + CC7.5 + ISO 27001 A.5.29 evidence regenerates each compliance pass.
Data provenance
0 active toolset signing keys - no attestations yet - compat-mode on
Phase 33 pairs every audit-relevant event with a verified Ed25519 attestation from the toolset that produced it. Per-toolset signing keys live in ToolsetSigningKey; the audit mirror runs every event through decideAdmission() before extending the Phase 31 chain. The public key manifest is published at /api/public/v1/provenance/keys and the GitHub Action mirrors it daily into docs/empire-provenance-keys/ so an external auditor can verify any single attestation off-line. SOC 2 CC7.1 + ISO 27001 A.8.32 evidence regenerates each compliance pass.
Operator knowledge base
0 published articles - 0 revisions in the trailing 30d - 0 decision articles in the trailing 90d
Phase 34 unifies runbook, decision, postmortem-link, and how-to artifacts into versioned, addressable, audit-chained KnowledgeArticle rows. Every edit appends a new revision; rollback flips the active pointer one click and lands an OperatorAudit row. Promotion to published is gated by Phase 26 step-up. Partner-visible articles surface at /developers/knowledge with a stable per-slug URL pinable into partner CI artifacts. The compliance gate knowledge-postmortems-have-runbooks requires every critical postmortem to carry at least one published runbook backlink (SOC 2 CC7.5 + ISO 27001 A.5.27 evidence).
Threat intelligence exchange
0 total signals - last 24h 0/0 signed - k=5 cap=1000
Phase 35 publishes cross-tenant threat intel as signed, privacy-budgeted, STIX 2.1 exchangeable indicators. Every signal carries an Ed25519 attestation; partners verify the chain end to end via the unauthenticated /api/public/v1/provenance/keys anchor. The privacy budget defaults to k=5 + dailyShareCap=1000; loosening past the SOC 2 ceiling (k<5 or cap>5000) trips the threat-intel-privacy-budget-honored gate. Partner STIX bundle: /api/public/v1/intel-exchange/stix/bundle.json. SOC 2 CC7.1 + ISO 27001 A.5.7 evidence regenerates each compliance pass.
Edge native ingest
0 migrated endpoints - backplane pending 0
Phase 36 wraps every partner-touched read with the edge latency probe and decouples partner writes from the shared Postgres pool via the EdgeBackplaneEvent queue. The SLA mandate: trailing-24h p95 < 50ms or the endpoint auto-reverts to the Node origin via the EDGE_FALLBACK env flag. The backplane drains every minute via /api/cron/edge-backplane-drain; a drain that lags past 120s trips the edge-backplane-drain-lag-under-2m gate. SOC 2 CC7.1 + ISO 27001 A.8.6 evidence regenerates each compliance pass.
Lineage vault
0 sealed bundles - 30d replicated 0/0 - active legal holds 0
Phase 37 seals every prior UTC day's (audit, provenance, threat intel) surface into an Ed25519-signed LineageBundle at 04:00 UTC; bundles replicate to Vercel Blob (primary) + Cloudflare R2 (secondary). Partners read the sealed bundles via /api/public/v1/lineage-vault/bundles. Workspaces under legal hold cannot have their hot rows deleted; the lineage-vault-daily-seal-current + lineage-vault-blob-replicated gates fail the moment the seal stales or replication drops. SOC 2 CC7.1 + ISO 27001 A.5.7 evidence regenerates each compliance pass.
Framework posture unavailable (unreachable).
The compliance posture database is unreachable (suspended or network-partitioned), so per-framework badges cannot be read right now. The trust primitives above still render; framework posture resumes as soon as the database is restored.
Need a per-tenant evidence bundle? See /api/public/v1/compliance/tenant-bundle (workspace-scoped, requires a developer API token).
Data residency commitments per region: /legal/data-residency.