Documentation

Quoderat is a chain-of-custody engine for engineering work: it records intent, captures toolchain reports, and produces tamper-evident evidence for every code change.

Who this is for

•CTOs & Engineering Leads who require audit-friendly proof of execution rather than high-level dashboard metrics.
•Security & Compliance Officers who need mechanical receipts: hashes, traceability, and verifiable redaction logs.
•DevOps & Platform Engineers who need a predictable execution model that treats every CI run as a verifiable record.

Recommended path

Start here

Quickstart

Deploy the stack and understand the Intent → Verified Outcomes model in 5 minutes

First Job

Walk through an end-to-end run: from issuing an intent to receiving a sealed envelope

Concepts

Understand the contract: identity, traceability, and the mechanics of the tamper-evident seal

Evidence Contract

Quoderat records (mechanical)	Quoderat does not claim (absolute)
Typed execution steps + exit codes	"The code change is logically correct."
Artifacts as content identities (sha256, content_uri)	"No secrets ever leaked."
Observations cited against basis artifacts	"Summaries are inherently accurate."
Redactions applied + the specific rule used	"Perfect or infallible masking."
A tamper-evident integrity seal (integrity.hash_chain)	"Legally non-repudiable proof."
Runner-reported context (os, toolchain)	"Guaranteed sandbox isolation."

Operations

GitLab

Map Git metadata to subjects and correlate runs

CI/CD

Transform standard pipeline outputs into verification receipts

Worker

How environments run steps and report runner_context

Server Configuration

Managing producer metadata and environment reporting

Events (SSE)

Distinguishing ephemeral runtime signals from the authoritative record

Webhooks

Mapping external triggers to evidence identities

Reference

Policies

Defining masking rules and public/internal visibility gates

Auth & Secrets

Risk mapping and best-effort redaction receipts

API

Programmatic consumption and validation of the Evidence Envelope

The Golden Path

The goal of a Quoderat run is to produce a portable, verifiable "receipt" that exists independently of the platform.

Issue Intent

Trigger a run via CLI, API, or Voice.

Execute Steps

The worker runs typed steps (e.g., lint, test, build).

Capture Artifacts

Raw tool outputs are captured as hashed artifacts.

Finalize Envelope

Quoderat seals the run into an Evidence Envelope:

• integrity.hash_chain — a tamper-evident seal for the recorded payloads
• observations[].basis_artifact_ids[] — traceability links for derived facts
• redactions[] — recorded interventions when masking rules trigger

Result: a single JSON envelope that can be validated offline using rfc8785-jcs + sha256.

Need help?

Can't find what you're looking for?

Contact Support Open an Issue