Skip to main content
EchoAtlas

EchoAtlas Trust Center

Continuous evidence that the EchoAtlas Empire's controls are working. Every badge below is derived from a checked-in deterministic predicate; the evaluation cron runs hourly. Auditor letters are uploaded under each framework when available. Programmatic access lives at /api/public/v1/compliance/trust-report.

Passkey-protected operator layer

0 operators with at least one non-revoked WebAuthn passkey.

rolling out

Phase 26 ships verifier-resistant auth for every operator high-risk action (incident resolve, token mint, drift wont-fix). The badge above reflects coverage; SOC 2 CC6.1 + GDPR Art.32 evidence regenerates each compliance pass.

Hash-chained audit forensics

no checkpoint yet

bootstrapping

Phase 31 mirrors every audit-relevant row across the empire (OperatorAudit, TrustDriftEvent, RestoreVerification, RegionFailoverDrill, ComplianceEvaluation, CostAlert) into a hash-chained AuditFact log; tampering with any row invalidates every row after it. The daily roll cron anchors the head against this checkpoint and publishes it at /api/public/v1/audit/head; the GitHub Action mirrors it into git history under docs/empire-audit-head/. SOC 2 CC7.2.5 + GDPR Art.30.1 + HIPAA §164.312(b) + ISO 27001 A.8.34 evidence regenerates each compliance pass.

Chaos engineering

no chaos runs in the trailing 30d

unknown

Phase 32 actively breaks the empire on a 15-minute schedule from a whitelist of five reversible fault categories (synthetic-latency, bridge-token-rotate- rehearsal, cron-skip-one, feature-flag-flip, prisma-readonly-window). Every fault is reversible inside its declared blast radius and the schedule freezes automatically when a critical TrustDriftEvent is open. The badge above tracks the rolling 30-day SLO hit rate; SOC 2 CC7.4 + CC7.5 + ISO 27001 A.5.29 evidence regenerates each compliance pass.

Data provenance

0 active toolset signing keys - no attestations yet - compat-mode on

compat-mode

Phase 33 pairs every audit-relevant event with a verified Ed25519 attestation from the toolset that produced it. Per-toolset signing keys live in ToolsetSigningKey; the audit mirror runs every event through decideAdmission() before extending the Phase 31 chain. The public key manifest is published at /api/public/v1/provenance/keys and the GitHub Action mirrors it daily into docs/empire-provenance-keys/ so an external auditor can verify any single attestation off-line. SOC 2 CC7.1 + ISO 27001 A.8.32 evidence regenerates each compliance pass.

Operator knowledge base

0 published articles - 0 revisions in the trailing 30d - 0 decision articles in the trailing 90d

red

Phase 34 unifies runbook, decision, postmortem-link, and how-to artifacts into versioned, addressable, audit-chained KnowledgeArticle rows. Every edit appends a new revision; rollback flips the active pointer one click and lands an OperatorAudit row. Promotion to published is gated by Phase 26 step-up. Partner-visible articles surface at /developers/knowledge with a stable per-slug URL pinable into partner CI artifacts. The compliance gate knowledge-postmortems-have-runbooks requires every critical postmortem to carry at least one published runbook backlink (SOC 2 CC7.5 + ISO 27001 A.5.27 evidence).

Threat intelligence exchange

0 total signals - last 24h 0/0 signed - k=5 cap=1000

unknown

Phase 35 publishes cross-tenant threat intel as signed, privacy-budgeted, STIX 2.1 exchangeable indicators. Every signal carries an Ed25519 attestation; partners verify the chain end to end via the unauthenticated /api/public/v1/provenance/keys anchor. The privacy budget defaults to k=5 + dailyShareCap=1000; loosening past the SOC 2 ceiling (k<5 or cap>5000) trips the threat-intel-privacy-budget-honored gate. Partner STIX bundle: /api/public/v1/intel-exchange/stix/bundle.json. SOC 2 CC7.1 + ISO 27001 A.5.7 evidence regenerates each compliance pass.

Edge native ingest

0 migrated endpoints - backplane pending 0

unknown

Phase 36 wraps every partner-touched read with the edge latency probe and decouples partner writes from the shared Postgres pool via the EdgeBackplaneEvent queue. The SLA mandate: trailing-24h p95 < 50ms or the endpoint auto-reverts to the Node origin via the EDGE_FALLBACK env flag. The backplane drains every minute via /api/cron/edge-backplane-drain; a drain that lags past 120s trips the edge-backplane-drain-lag-under-2m gate. SOC 2 CC7.1 + ISO 27001 A.8.6 evidence regenerates each compliance pass.

Lineage vault

0 sealed bundles - 30d replicated 0/0 - active legal holds 0

unknown

Phase 37 seals every prior UTC day's (audit, provenance, threat intel) surface into an Ed25519-signed LineageBundle at 04:00 UTC; bundles replicate to Vercel Blob (primary) + Cloudflare R2 (secondary). Partners read the sealed bundles via /api/public/v1/lineage-vault/bundles. Workspaces under legal hold cannot have their hot rows deleted; the lineage-vault-daily-seal-current + lineage-vault-blob-replicated gates fail the moment the seal stales or replication drops. SOC 2 CC7.1 + ISO 27001 A.5.7 evidence regenerates each compliance pass.

Framework posture unavailable (unreachable).

The compliance posture database is unreachable (suspended or network-partitioned), so per-framework badges cannot be read right now. The trust primitives above still render; framework posture resumes as soon as the database is restored.

Need a per-tenant evidence bundle? See /api/public/v1/compliance/tenant-bundle (workspace-scoped, requires a developer API token).

Data residency commitments per region: /legal/data-residency.