GENYS · Memory

Audit & Provenance

Capsule Chronicle is the immutable audit trail for GENYS. Every write, read, export, and redaction is a signed event—so you can answer who knew what, when, and why without guesswork.

Request Access Read the Docs

GENYS powers DesignAdvertise.ai campaigns today. This page covers the audit & governance layer behind that system.

Simple

There’s a paper trail for memory. You can see who wrote, read, exported, or deleted (redacted) anything—by user or service.
Events are signed and time‑stamped. You can’t quietly change history.
Redactions include a note. Retention changes leave a record. Exports are logged.
Query by subject, time, or actor to answer auditors quickly.

Technical

Append‑only Capsule Chronicle with monotonic IDs; references capsuleId + version.
Per‑event hash and signature over normalized payload; optional Merkle root for range proofs.
Event kinds: write, read, export, redaction, retention_change, policy_check.
Queryable by subject, actor, scope, time range; streaming to SIEM supported.

Audit event schema

Signed, append‑only events that reference capsules and versions. Suitable for export to internal compliance systems.

Field	Type	Description
id	string	ULID/snowflake event id
kind	enum	write \| read \| export \| redaction \| retention_change \| policy_check
subject	string	Entity the event concerns (user/account/asset)
capsuleId	string	Target capsule id (if applicable)
version	int	Capsule version at time of event
actor	object	{ type: 'user'\|'service', id, name }
scope	object	tenantId, app, user
source	string	Where the action originated (api\|ui\|ingest\|system)
meta	object	ip, userAgent, reason, redactionNotes
hash	string	Hash of normalized payload
signature	string	Signature over hash (server key)
createdAt	datetime	Event timestamp (UTC)

// Example: redaction event
{
  "id": "evt_01HZ...",
  "kind": "redaction",
  "subject": "user_8321",
  "capsuleId": "cap_01HY...",
  "version": 7,
  "actor": { "type": "user", "id": "admin_12", "name": "Michael" },
  "scope": { "tenantId": "t_42", "app": "designadvertise" },
  "source": "ui",
  "meta": { "reason": "Right-to-be-forgotten request", "redactionNotes": "Removed PII: phone" },
  "hash": "hash_90ab...",
  "signature": "sig_4f3d...",
  "createdAt": "2025-08-12T10:22:00Z"
}

Quickstart

Write capsules as usual—audit events are emitted automatically. You can also log policy checks and export the Chronicle.

// 1) A write emits a 'write' event
await genys.capsules.create({
  subject: userId,
  data: { tone: 'bold-power' },
  scope: { tenantId, app: 'designadvertise' }
});

// 2) A guarded generation logs a 'policy_check'
await genys.generate({
  subject: userId,
  input: 'Draft follow-up',
  retrieve: { k: 6, from: ['capsules'] },
  guards: ['toneguard:brand_voice_prime']
});

// 3) Redact with reason (creates 'redaction' event)
await genys.capsules.redact({
  capsuleId: 'cap_01HY...',
  fields: ['data.phone'],
  reason: 'RTBF request'
});

// 4) Query audit (for a subject & time range)
const events = await genys.audit.query({
  subject: userId,
  kinds: ['write','read','redaction','export'],
  since: '2025-08-01T00:00:00Z',
  until: '2025-08-31T23:59:59Z'
});

// 5) Export the Capsule Chronicle for an auditor
await genys.audit.export({ tenantId, format: 'ndjson' });

Compliance features

Legal holds and retention policy changes are logged as events

Right‑to‑be‑forgotten actions retain a redaction note (no data; just intent)

Per‑tenant export of the Chronicle (CSV/NDJSON) for auditors

SIEM forwarding via webhook for real‑time monitoring

RBAC on audit queries; least‑privilege by default

Clock‑skew‑resistant timestamps (server‑side) with optional NTP attest

Capsule Chronicle timeline

A simple, accessible view of recent audit events.

Writev7
8/15/2025, 12:31:49 AM
Stored tone = bold-power; last_campaign = Q3 Launch.
Subject: user_8321Capsule: cap_01HYActor: service:ingest
Policy checkv7
8/15/2025, 12:31:49 AM
ToneGuard ok; facts consistent with capsules.
Subject: user_8321Capsule: cap_01HYActor: service:gen
Redactionv7
8/15/2025, 12:31:49 AM
Removed PII: phone (RTBF request).
Subject: user_8321Capsule: cap_01HYActor: user:admin_12
Export
8/15/2025, 12:31:49 AM
Exported Chronicle (NDJSON) for Aug 2025.
Subject: tenant:t_42Actor: service:auditor_bot

FAQ

Is Capsule Chronicle a SIEM?

No. It’s an immutable audit for GENYS memory operations. You can stream events to your SIEM for correlation.

Can audit entries be edited or deleted?

No edits. Redactions create new events that reference the prior state. The Chronicle is append‑only.

What about privacy requests?

Use targeted redaction with a reason. The data is removed, but an audit note remains to show compliance.

Get started Explore the docs