AFFIXIO
Proof not log
Proof not log audit evidence
Audit packs built only from logs struggle under dispute. AffixIO signed allow or deny outcomes with Merkle references give auditors something they can re-check, beside whatever SIEM still collects.
Definition
Proof not log means treating signed verification outcomes as primary audit evidence, with logs as complementary operational context.
Field note. Log archaeology does not prove a verify decision at the boundary. Issue proofs and attach Merkle refs to the record.
What goes in the pack
Business identifier, AffixIO allow or deny, Merkle reference, timestamp, circuit or policy version. Optional SIEM context for narrative. No document images at the verifier by default.
Use proof-not-log audit pages and the SIEM compare page in stakeholder briefings.
Roles
Security still owns monitoring. Compliance owns evidence standards. Engineering owns instrumentation so refs are always stored. AffixIO supplies the verification primitives.
Practice retrieval quarterly. An unread proof is theatre.
Verifier placement for proof-not-log evidence
Map proof-not-log evidence to a single verify endpoint even if multiple protocols feed the same checkout or tool surface. One permission layer reduces drift between AP2, UCP, and direct REST integrations.
Review deny rates weekly during pilot. Spikes often trace to policy drift or clock skew on expiry, not fraud.
Regulatory pressure
Screenshots and SIEM exports
When the only evidence is a log export, counterparties argue about completeness and authenticity. Signed decisions reduce that argument.
Authenticity doubts
Logs can be edited or selectively exported.
Missing decisions
You see traffic, not policy outcomes.
PII-heavy exports
Teams dump attributes into logs to reconstruct why access was granted.
Slow packs
Analysts spend days assembling weak evidence.
Merkle handoff
Proof-based audit evidence instead of log archaeology
Auditors asking for proof a gate fired should not receive gigabytes of application logs. Verify outcomes with Merkle-linked proofs give replayable evidence without raw log exports.
Define pack schema
Required AffixIO fields.
Instrument verify paths
Persist refs.
Train analysts
Retrieve and re-verify.
Keep SIEM complementary
Do not drop logging.
Before you commit
Readiness checks for proof-not-log evidence
- Publish an evidence pack template.
- Require Merkle refs on gated decisions.
- Schedule quarterly retrieval drills.
- Align with /compare/proof-not-log-vs-siem.
- Remove PII dumps used only for reconstruction.
Quick clarifications
Questions on proof-not-log evidence
Does proof replace SIEM?
No. It complements logging.
Who re-verifies?
Auditors or tooling using Merkle and signature checks.
What if verify was never called?
There is no AffixIO proof. Fix the gate.
Where to read more?
/proof-not-log-audit/
Protocol notes
Pages that support proof-not-log evidence
Compliance and audit
More compliance briefs
Replace log exports with proof audit
Run verify with Merkle handoff in sandbox, then give your audit team a replay path without raw logs.