Trust Boundaries
What to trust, and what to verify
Trust boundaries make Attesto usable in serious reviews. They explain which parts are proven by evidence, which parts depend on customer process, and which claims require external review before stronger language is used.
What Attesto proves
- Accepted event payload commitments and receipt signatures.
- Stream ordering through sequence and previous-hash links.
- Window inclusion and checkpoint consistency for included ranges.
- Witness/quorum evidence according to the configured policy.
- Fork evidence when conflicting histories are observed.
- Anchor references for externally committed epochs.
- Bundle manifest integrity and offline verifier results.
What Attesto does not prove
- That the original business decision was correct.
- That a source system supplied true input.
- That a tenant has satisfied every legal obligation.
- That a connector has permission to see data outside its configured scope.
- That review-gated cryptographic claims have been externally reviewed.
Responsibilities
| Party | Responsibility |
|---|---|
| Attesto | Maintain evidence integrity, verifier contracts, public docs, and production readiness evidence. |
| Customer | Choose what to log, secure system keys, configure policies, preserve source context, and review legal obligations. |
| Verifier | Verify bundles, inspect limitations, record results, and decide whether evidence satisfies the review purpose. |
Review-gated claims
Nova/IVC lifecycle proofing is designed for Proof of Evolution, but stronger cryptographic claims remain review-gated until an external applied-cryptography review is completed and documented.