The incident happened. Here's the deterministic proof.
When your auditor, your regulator, or your board asks what caused it and whether the fix held — Déjà hands them a cryptographically signed receipt: the incident, the pull request that caused it, the resolution, sealed at the moment each happened.
Deterministic — not an LLM. No probabilistic guessing, no trace IDs, no screenshots.
How it works
Three steps. Then every incident signs itself.
01 · CONNECT
Connect your stack
GitHub for merge events, Datadog or PagerDuty for incident signals. Read-only scopes; we never touch code contents.
Setup: ~15 minutes
02 · ATTRIBUTE
Deterministic attribution
When an incident fires, the engine traces it to the causal pull request through the upstream producer graph — scored, not guessed.
Median: 1.6 seconds, at incident time
03 · SIGN
A receipt, sealed
Every stage gets an Ed25519-signed receipt in an append-only ledger — verifiable offline by your auditor, no Déjà account needed.
Standard: DSR/1.0 · open
The part nobody else signs
Custody holds — signed. Custody breaks — also signed.
Verification passed
A signed clean report
Incident → cause → resolution, every link attributed, every hash continuous. The story your auditor hopes to see — provable.
ed25519 · signed at the moment it happened
Verification failed
A signed failure report
No cause found? Fix didn't hold? Confidence too low? The exception is signed too — a cryptographic record that you looked, and what you found.
ed25519 · the absence is evidence
Tools that only record successes are marketing. Evidence is whatever happened — which is why Déjà's exception receipts exist, and why auditors trust the ledger.
Built for the people in the room
Three readers. One ledger.
Heads of Risk & CISOs
Audit-ready evidence accumulating continuously — SOC 2 Type II, NYDFS 500, DORA, SR 11-7 — exportable in one click.
Why Déjà →Engineers
Fifteen-minute setup, read-only scopes, zero workflow change. The receipt writes itself while you fix the incident.
How it works →Auditors & regulators
Independent offline verification — dsr-verifier-cli on your own machine. No Déjà account, no source access, no implicit trust.
Verify a receipt →Pricing
Priced by scope. Not per-receipt.
Evidence shouldn't be metered — you never pay more because you had a bad month. Tiers scale by vault scope, and every receipt in scope is included.
Charter
$30K / year
For design partners shaping the roadmap. Limited seats, direct line to the team, locked pricing.
Standard
$10K / month · billed annually
One vault, full receipt lifecycle, framework mapping, offline verification. 14-day trial — fully featured, no card. Trial clock starts at your first signed receipt, not at signup. Trial receipts are watermarked and not audit-valid; production receipts are.
Enterprise
$300K+ / year
Multi-vault, custom retention, 99.99% SLA, custom data residency, procurement-grade security review. Sovereign deployments from $1M+/yr.
No per-receipt fees · no usage anxiety — an incident-heavy quarter costs the same as a quiet one.
Still reading? Good. The rest of this page is your diligence file.
Everything below is for the evaluation: the receipt standard, the trust model, the objections, the process you'd replace.
↓
Ten receipt types. One lifecycle.
They're not ten document kinds — they're stages of one incident's lifecycle, plus signed records of every place that lifecycle can break.
The exception types are the moat. Attesting a resolution and the fix actually holding are different claims — R2-F and R2-R exist precisely for that gap, and competitors that only record successes can't represent it at all. Full spec: DSR/1.0 — open, in the docs.
You don't have to trust Déjà to trust Déjà.
Independent verification, offline, forever
Every receipt verifies with open tooling on your auditor's machine — no Déjà account, no API call, no source-code access. If Déjà disappeared tomorrow, your evidence still verifies.
$ dsr-verifier-cli verify receipt.json → signature valid · chain intactThe substrate, not the platform
Your audit firm and GRC platform run on top of the ledger — receipts project onto whichever framework your engagement requires. One substrate, every framework; no configuration wizard that outlives the trial.
Objections worth answering.
"We already have Datadog and PagerDuty."
Keep them — they're Déjà's inputs. They observe incidents; neither produces signed, offline-verifiable evidence of cause and resolution. Different layer, not a replacement.
"Why should we trust your attribution?"
You shouldn't have to — that's the design. Attribution is deterministic and scored (CCS, six weighted signals, thresholds published), and when confidence is low or no cause exists, the receipt says so. The system signs its own uncertainty.
"What happens to our evidence if you shut down?"
Receipts verify offline with open tooling against the published DSR/1.0 standard. Your ledger exports in full. Vendor death does not invalidate cryptographic signatures.
"Our auditors won't accept this."
They verify it themselves — independent Ed25519 verification on their machine is a stronger evidentiary posture than the screenshots and spreadsheets they accept today. Bring your audit firm to the trial; that's what it's for.
The process you'd replace.
Today · reconstruction
- ·Screenshots of dashboards, pasted into evidence spreadsheets weeks later
- ·Root cause reconstructed from memory and Slack archaeology
- ·"The fix held" asserted, never verified
- ·Evidence trusted because someone says so
With Déjà · custody
- ✓Signed at the moment it fires — no reconstruction, no recall
- ✓Cause attributed deterministically to the PR, scored and thresholded
- ✓Fix failures and recurrences signed too — the gap is on the record
- ✓Evidence trusted because anyone can verify it
The incident happened.
Here's the proof.
Fifteen minutes to your first signed receipt. Fourteen days to decide.
Start the trial →No card · trial receipts watermarked · production receipts audit-valid