[RFC] TealTiger v1.3 — Evidence, Proof & Audit (SOC/IR, TealProof, Tamper Resistance)

[nagasatish007]

[RFC] TealTiger v1.3 — Evidence, Proof & Audit (SOC/IR, TealProof, Tamper Resistance)

Status: OPEN FOR FEEDBACK
Covers: Requirements 5, 7, 15
Target audience: SOC analysts, compliance teams, auditors, security operations

---

Summary

Autonomous agents make decisions at machine speed. Security teams need those decisions visible in existing monitoring workflows, cryptographically verifiable, and tamper-resistant. This group covers how TealTiger produces evidence that satisfies both real-time SOC operations and post-hoc audit requirements.

---

Proposed Capabilities

SOC/IR Evidence Pipeline (Req 5)

• Governance decisions exported as SIEM-compatible structured logs (timestamp, outcome, reason codes, policy version, agent identity, risk score)
• OpenTelemetry spans for each governance evaluation with documented span conventions
• Response hooks invoked within 100ms of policy violations
• Deduplication and rate-limiting of alerts to prevent storms during sustained attacks
• Correlation IDs linking every decision to the originating agent request trace

TealProof — Cryptographic Governance Receipts (Req 7)

• Each governance decision produces a hash combining: outcome, context, timestamp, policy version, and previous hash
• Decision hashes organized into a Merkle tree
• Periodic anchoring of Merkle root to RFC 3161 timestamping service
• Compact verification proofs for third-party verification without full tree access
• Governance Passport per agent: cryptographic summary of policy-compliant execution history
• Standalone Verification SDK (works without TealTiger installation)
• Verification levels: LEVEL_1_INTEGRITY (receipt valid), LEVEL_2_SUFFICIENCY (receipt + trace + policy confirmed), LEVEL_3_APPROPRIATENESS (receipt + trace + policy + business context)
• Explicit failure codes for negative cases (policy mismatch, attribute tampering, coverage gaps, staleness, unresolvable context)

Tamper Resistance & Separation of Duties (Req 15)

• No configuration flag, env var, or API parameter can disable governance enforcement
• Policies only sourced from approved registry (not local files in production)
• Bundle integrity validated on every load (hash or signature)
• Application code cannot override, modify, or skip individual policy decisions
• Workload identity bound from platform-level identity (K8s ServiceAccount, IAM role), not developer-set
• Fail behavior (fail-open vs fail-closed) defined in governance artifacts, not application config

---

Questions for the Community

1. SIEM integration — What SIEM are you using? What log format would make governance decisions immediately queryable without custom parsing? (CEF, JSON, OCSF?)

2. OTel spans — Are you already using OpenTelemetry for your AI agent observability? Would governance spans integrate naturally into your existing trace views?

3. TealProof verification levels — The distinction between "integrity verified" and "decision appropriate" matters for regulators. Is this three-level model (integrity → sufficiency → appropriateness) the right abstraction? Too many levels? Too few?

4. Tamper resistance — Is "no local policy files in production" too strict for your environment? Are there legitimate cases where you need local policy override?

5. Response hooks — What would you do with a real-time governance violation signal? Page someone? Auto-revoke agent access? Trigger a runbook?

---

How to Give Feedback

• Comment below with thoughts, concerns, or use cases
• React with 👍 on capabilities you'd use
• React with 🤔 on capabilities that seem unclear
• React with 👎 on capabilities you think are wrong

---

Full Spec Reference

See Requirements 5, 7, and 15 in the complete specification