Skip to main content
The Artifact

OSCAL bundle viewer + Cedar playground.

Pick a control. See the predicate. Trace it to the upstream receipts that satisfy it. Edit the predicate, re-derive.

OS
Dimension
OSCAL bundle
1.18 J
per call

Assessment Results as one signed document

An OSCAL 1.1.2 Assessment Results (SAR) bundle. 11 findings, each linking by BLAKE3 hash to a Cedar predicate and to every upstream receipt that satisfied it. The bundle is the only artifact the assessor consumes — no spreadsheets, no PDF appendices, no screenshot folders.

Sample receipt
JWP ReceiptPayload
kind "compliance.bundle.assembled"
format OSCAL JSON 1.1.2
size_kb 184
joules 1.18
cite "OSCAL SAR 1.1.2 · NIST SP 800-53 Rev 5"
sig "ed25519:0x4f...c1a"
Anatomy — operational specs
schema
OSCAL 1.1.2 SAR
signing
Ed25519 over canonical JSON
addressing
BLAKE3
Cd
Dimension
Cedar predicate
0.87 J
per call

Controls as compiled code

Cedar 4.2 policy expressions replace control narratives. AU-12 reads: permit(principal, action == Action::"emit", resource) when { resource.sig != null }. The control is the predicate; the predicate is what the auditor evaluates; the evaluator is open.

Sample receipt
JWP ReceiptPayload
kind "compliance.predicate.compiled"
lines_of_cedar 342
predicates 11
joules 0.87
cite "Cedar 4.2 · 800-53 Rev 5 implementation layer"
sig "ed25519:0x4f...c1a"
Anatomy — operational specs
engine
Cedar 4.2
evaluation
pure function
Ev
Dimension
Receipt evidence chain
1.42 J
per call

Receipts as audit primary sources

Every finding links to the upstream receipts that satisfied it, by content hash. The chain for AC-2 (Account Management) traces 8 trust.id.token.issued receipts, each pinning a vp_hash that resolves to a verifiable credential. Breaking the chain requires breaking a signature.

Sample receipt
JWP ReceiptPayload
kind "compliance.evidence.selected"
receipts 31
kinds 6
joules 1.42
cite "OSCAL 1.1.2 §SAR links · BLAKE3 content addressing"
sig "ed25519:0x4f...c1a"
Anatomy — operational specs
selector
Cedar input typed against kind
addressing
BLAKE3-256
Cm
Dimension
Control mapping
0.31 J
per call

NIST 800-53 → Cedar → receipts

A three-column map: NIST 800-53 Rev 5 control id, the Cedar predicate that implements it, the receipt kinds that feed it. AC-1, AC-2, AC-3 fed by trust.id.token.issued. AU-2, AU-12 fed by every state-mutating receipt. SC-12 fed by trust.key.rotation events. The map is the OSCAL profile.

Sample receipt
JWP ReceiptPayload
kind "compliance.profile.loaded"
controls 11
receipt_kinds_referenced 9
joules 0.31
cite "OSCAL 1.1.2 profile · NIST SP 800-53 Rev 5"
sig "ed25519:0x4f...c1a"
Anatomy — operational specs
profile_id
fincen-rre-2026
imported_baseline
800-53 Rev 5 low
Es
Dimension
CSRD projection
0.55 J
per call

ESRS E1 as a sum over joules

CSRD Article 29b energy disclosure (ESRS E1-5) is a SUM(joules) projection over the receipt log, partitioned by entity and reporting window. The Q2-2026 row reads 2,418,902 J = 0.672 kWh for entity tx_science:row_4408. Re-running the projection on the same window returns the same number, byte-for-byte.

Sample receipt
JWP ReceiptPayload
kind "compliance.csrd.projection"
esrs_metric E1-5
kwh_q2 0.672
joules 0.55
cite "EU 2023/2772 ESRS E1 §29b · Article 29b CSRD"
sig "ed25519:0x4f...c1a"
Anatomy — operational specs
regulation
Directive (EU) 2022/2464
standard
ESRS E1 (Climate change)
evaluator
pure SQL over receipt store

ComplianceOS, in one line

predicate, made inspectable.

Click anything. The same primitives that compose the rest of the Transaction Science family — receipts, joules, signed transport — show up here too. The family is one system.