Every AI Decision.
Cryptographically Sealed.
Regulator-Ready.
Codex is the immutable audit ledger for AI governance. Every governed agent decision is written once to AWS S3 Object Lock WORM storage, linked into a SHA-256 hash chain, and sealed with a verifiable receipt. Not a log. Proof.
Logs Are Not Proof
When a regulator asks what your AI agent did, a log file is not enough. Logs can be deleted. They can be modified. They can be silently dropped under load. Your compliance team needs something stronger.
Logs can be deleted by any administrator with file system access. There is no cryptographic proof they haven't been.
Log files have no chain of custody. There is no way to prove a log from three years ago hasn't been retroactively edited.
Sampling and buffering mean not every event makes it to the log. Regulators expect completeness, not best-effort.
A printed log is not auditable evidence. You cannot prove to a court that the log reflects what actually happened.
Codex replaces the log with a cryptographic proof. Every record is written once, linked into a tamper-evident hash chain, and backed by S3 Object Lock storage that not even AWS root can delete in COMPLIANCE mode.
This is the difference between a record and evidence.
Three Operations. One Verifiable Record.
Codex exposes three MCP tools. Every governed AI decision flows through Record. Compliance audits use Prove and Verify.
Record
Write a governed event to the immutable ledger. Codex validates the HMAC signature, appends the record to the hash chain, writes it to S3 Object Lock with WORM protection, and returns a VerifiableReceipt with a tx_hash, audit_id, sequence number, and prev_hash linking this record to the chain.
Prove
Retrieve any previously recorded event by audit_id or tx_hash. Codex enforces strict tenant isolation: an organization can only retrieve its own records. Returns the full record with its governor_signature, timestamp, block_height, and sanitized payload.
Verify
Prove that a range of records has not been tampered with. Codex re-reads each record from S3, recomputes the SHA-256 hash, and verifies the prev_hash linkage from start_seq to end_seq. Returns valid: true or the exact sequence number where the chain breaks.
Hash Chain Structure
seq: 001
0x9f3a...c7d1
prev_hash
GENESIS
First Record
seq: 002
0x4b2e...a8f3
prev_hash
0x9f3a...c7d1
Second Record
seq: 003
0x7d1c...e5b9
prev_hash
0x4b2e...a8f3
Third Record
Each record's hash is derived from its content and the previous record's hash. Alter any record and every subsequent hash breaks. Tampering is mathematically detectable.
S3 Object Lock: Not Even AWS Can Delete It
S3 Object Lock is AWS's native WORM storage. Once a record is written in COMPLIANCE mode, it cannot be deleted or overwritten by anyone, including the AWS account root user, until the retention period expires.
Codex writes every audit record with a 7-year retention period, matching the SEC Rule 17a-4 requirement for broker-dealer record retention and the standard for insurance and healthcare compliance.
This is the same underlying guarantee used by financial institutions for regulatory record retention, without the complexity or cost of a blockchain.
"AWS S3 Object Lock in COMPLIANCE mode provides the same tamper-evident guarantees as traditional WORM storage at a fraction of the cost."
Retention period: 2,555 days (7 years) per record. Matches SEC Rule 17a-4, HIPAA, and standard insurance retention requirements.
Returned on Every Write
Every call to record_audit_event returns a VerifiableReceipt immediately. This receipt is the cryptographic proof that the record was written, where it lives in the chain, and how to retrieve it later.
{
"status": "recorded",
"receipt": {
"audit_id": "a1b2c3d4-e5f6-...",
"tx_hash": "9f3ac7d1b2e4...",
"sequence": 142,
"prev_hash": "4b2ea8f3c1d9...",
"timestamp": "2026-03-20T14:22:01.481Z",
"s3_key": "acme-corp/2026/03/20/a1b2c3d4.json",
"s3_lock_mode": "COMPLIANCE",
"retention_until": "2033-03-20T00:00:00Z"
}
} Standalone or Integrated
Codex was extracted from Axis so it can be deployed independently. Any AI agent platform can call it. Axis calls it automatically.
Integrated with Axis
When deployed alongside Axis, Codex is called automatically at the end of every governed orchestration. No configuration required. Every pipeline result is sealed with a verifiable receipt and the codex_audit_id is stored on the transaction for cross-reference.
Standalone via MCP
Codex is a standard MCP server. Any AI agent platform, framework, or workflow engine can call it directly via JSON-RPC 2.0 at POST /mcp. No Novus Forge dependency required.
Built for Regulated Retention Requirements
The 7-year retention period and WORM storage model satisfy the record-keeping requirements of major regulatory frameworks.
Financial Services
6-year minimum retention for broker-dealer records. WORM storage mandated.
AI Governance
Deployers of high-risk AI systems must maintain logs of automated decisions.
Healthcare
6-year retention for PHI-related records and access audit trails.
Public Companies
7-year retention for financial records and the systems that produce them.
Codex's 7-year default retention period covers all four frameworks. Retention periods are configurable per deployment.
MCP Native, JSON-RPC 2.0
Codex follows the same MCP server pattern as Koda and Syllabus. If you can call a JSON-RPC endpoint, you can write to the immutable ledger.
{
"jsonrpc": "2.0",
"method": "tools/call",
"params": {
"name": "record_audit_event",
"arguments": {
"org_id": "acme-corp",
"signature": "hmac-sha256-hex...",
"event_type": "AGENT_DECISION",
"payload": {
"agent": "document-classifier",
"input_hash": "sha256:...",
"output_hash": "sha256:...",
"decision": "APPROVED",
"tokens": 12500
},
"aow_context": {
"intent_id": "document.classify",
"agent_urn": "urn:axis:agent:classifier",
"policy_urn": "urn:axis:policy:pii-required",
"outcome": "SUCCESS"
}
}
},
"id": 1
} {
"jsonrpc": "2.0",
"method": "tools/call",
"params": {
"name": "verify_chain",
"arguments": {
"org_id": "acme-corp",
"signature": "hmac-sha256-hex...",
"start_seq": 1,
"end_seq": 500
}
},
"id": 2
}
// Response
{
"valid": true,
"entries_checked": 500,
"first_broken_at": null,
"verification_time_ms": 312
} {
"status": "healthy",
"server": "novus-codex",
"version": "1.0.0",
"tools_available": 3,
"s3_connected": true
} Environment Configuration
# Required CODEX_S3_BUCKET=novus-audit-ledger CODEX_S3_REGION=us-east-1 CODEX_HMAC_SECRET=<shared-with-axis> # Optional (defaults shown) CODEX_S3_LOCK_MODE=COMPLIANCE # GOVERNANCE for dev CODEX_S3_LOCK_DAYS=2555 # 7 years CODEX_PORT=8004 # Axis integration CODEX_ENABLED=true CODEX_MCP_ENDPOINT=http://localhost:8004/mcp
Make Your AI Decisions Provable
Request a demo to see how Codex seals every AI agent decision into a tamper-evident, regulator-ready immutable ledger. Works standalone or as part of the Novus Forge platform.