WHY_DEJA · CRYPTOGRAPHIC EVIDENCE CUSTODY · NEW CATEGORY

No magic.Just math.

The system of record for engineering truth — cryptographically signed, deterministic audit evidence, generated automatically.

Built for Heads of Risk, CROs, CISOs, and Directors of Risk Engineering at firms operating under SOC 2 Type II, ISO 27001, NYDFS Part 500, DORA, or SR 11-7. Observability detects the fire. Déjà documents the cryptographic chain of custody — and proves exactly how it was extinguished. Deterministic Abstract Syntax Tree (AST) analysis, eight weighted scoring factors (W1–W8) summing to 1.00, Ed25519-signed receipts written to an immutable, append-only, tamper-evident ledger. Verified gates, audit-ready evidence. No LLM. No probabilistic hand-waving. No "AI that might be right." No hallucination at audit time. No postmortem narrative your audit firm has to take on faith — verifiable offline by any audit firm, using the open CLI.

> DEJA_LOGIC: deterministic_lookup_loop // EVIDENCE_LOG: immutable

DSR/1.0 · lookup_loop

deterministic

01 // Fingerprint

computed

trace_hash = sha256("errorType::serviceZone::normalisedMessage")
output = fp://a1c3_9e44_b772

02 // Lookup

matched

query = vault.match(fp)
prior = incident_04hxr8 · 142d ago

Match · Verified

CCS: 0.94

causal_prPR-4521

author@payments-team

gates_passed5 / 5

receiptR1 · signed

lookup time: 9.87sconfidence: HIGH

EVIDENCE_RECONSTRUCTION // VS // EVIDENCE_CUSTODY

Most firms reconstruct evidence at audit time.

contrast_mode: reconstruction_vs_custody

EVIDENCE_RECONSTRUCTION // current state

manual · weeks per audit

Audit firm asks for incident-response evidence for Q2. Compliance team starts pulling JIRA tickets, Slack threads, Microsoft Teams chats, monitoring snapshots, PagerDuty exports, and PDF postmortems.
Evidence is reassembled two-to-four weeks per audit cycle, four cycles per year, by senior compliance and engineering staff.
Context lives in engineers' heads. People leave. Context goes with them. Reconstructed evidence reflects best recollection, not signed primary record.
Auditor receives prose narrative + supporting documents. No way to verify offline. No way to verify the firm didn't curate the evidence.

EVIDENCE_CUSTODY // Déjà

signed · at incident time

Every production incident produces a cryptographically signed receipt at the moment of attribution — fingerprint, causal change, gate scores, framework scope.
Audit firm receives a scoped engagement bundle and runs the open dsr-verifier-cli on their own machine — any audit firm (firms such as KPMG, Deloitte, EY, PwC, BDO, or Grant Thornton), or independent. No Déjà account required.
Audit-ready chain of custody. Cryptographically verifiable, immutable, tamper-evident. Even the failures are recorded — low-confidence attributions, no-attributions, failed resolutions, reopened.
Engineering teams at regulated firms report audit prep consuming multiple FTE-weeks per cycle. Evidence stays valid for decades, durable across regulatory cycles. Verifiable even if Déjà disappears.

ANATOMY OF A MATCH

Chain of custody pipeline.

ingest→analyze→fingerprint→match

01 //

INGEST

Pull raw incident evidence from Sentry, Jira, and signal sources — without rewriting your workflow. Zero instrumentation. Zero code changes.

> ATTR_EXTRACT: stack_trace,
  release, env
> SOURCE: sentry_uplink //
  status: ok

02 //

ANALYZE

Normalize noise so identical failures map to identical fingerprints. Strip paths, line numbers, and environment variance. Preserve the signal.

> NORMALIZE:
  paths_and_line_numbers
> CANON: frames[] →
  stable_signature

03 //

FINGERPRINT

Compute deterministic IDs that survive refactors and team turnover. Same failure → same fingerprint, forever.

> HASH: sha256(
  "errorType::serviceZone::
   normalisedMessage")
> OUTPUT: fp://a1c3…9e

04 //

MATCH

Attribute the causal PR — whether this is the first occurrence or the fifth repeat — and issue the signed receipt immediately.

> LOOKUP: fp → proven_fix_pr
> RESULT: match://verified

VALIDATION GATES

Trust engine.

automated_checks: prevents_bad_links

File Gate

Matches only if the fix actually touched relevant files. Rules out superficial code colocation.

> GATE: file_gate //
score: 0.91

Rate Gate

Regression rate drops after the fix window. Proves the fix actually reduced failure volume.

> GATE: rate_gate //
score: 0.87

Infra Gate

Rules out infrastructure noise and deploy artifacts. Separates code fixes from environment drift.

> GATE: infra_gate //
score: 0.95

Feature Flag Gate

Correlates fixes to rollout conditions. Flag toggles don't masquerade as code fixes. Defaults to full score when no feature-flag integration is configured.

> GATE: flag_gate //
score: 1.00

Duration Gate

Verifies fix stability over time. A signed receipt is always issued; the duration result is recorded as a gate field within it.

> GATE: duration_gate //
score: 0.83

PRIVACY BY DESIGN

Hardened perimeter.

boundaries: non_negotiable

Evidence in. Secrets out.

Déjà reads transient webhook diffs and error payloads. It never clones your repository, reads historical files, or accesses runtime data. Stable IDs for incidents and fixes — no sensitive payloads. Immutable evidence trail suitable for regulated environments.

> NO_REPOSITORY_CLONING> TOKENIZED_IDENTIFIERS> AUDIT_READY_LOGS

Full security posture

WHAT MAKES THIS A NEW CATEGORY

The architecture that didn't exist before.

Cryptographic incident-evidence custody is a new category because nothing in the existing stack produces signed, deterministic, offline-verifiable receipts at the moment of incident attribution. GRC platforms map controls. Observability detects symptoms. Manual reconstruction reassembles narratives at audit time. Déjà writes the receipt at the moment of attribution, signs it cryptographically, appends it to a tamper-evident ledger, and lets your audit firm verify it offline — without us in the loop.

layer: evidence_infrastructure

PROOF OF MECHANISM

Déjà is not an LLM wrapper. It is a deterministic engine performing raw Abstract Syntax Tree (AST) analysis on every code change merged to your repository. The engine produces a Causal Confidence Score (CCS) from eight weighted scoring factors (W1–W8) summing to 1.00, then issues a Ed25519-signed receipt written to an immutable, append-only, tamper-evident ledger. No probabilistic guessing. No hallucination at audit time. Mathematical certainty by construction. Triggered via background webhook interception on every pull_request.merged event.

FOR THE ENGINEER · ZERO-FRICTION

Zero-click compliance — receipts auto-generate at attribution
Background webhook interception — silent on the merge event
No manual screenshotting of Jira tickets or Slack threads
No audit-prep sprints — evidence ready before auditors call

FOR THE AUDITOR · INSTANT VERIFICATION

Live Verifier via dsr-verifier-cli — Apache-2.0, open source (pre-release · public release Q3 2026)
Independent Ed25519 signature verification, offline
No Déjà account required to verify a receipt
No source code access — auditors verify attribution, not the codebase

WHY THIS CATEGORY EXISTS · VS. MANUAL EVIDENCE

The category exists because manual evidence reconstruction is the default — and it is structurally broken. Based on Déjà's conversations with regulated-firm engineering teams, audit prep can consume multiple FTE-weeks per cycle reconstructing what nobody captured at the time — searching Slack for incident context, screenshotting Jira tickets, copying deployment logs into spreadsheets, manually annotating bundles before the auditor arrives. The cost compounds across SOC 2 Type II, ISO 27001, NYDFS Part 500, DORA, and SR 11-7. The output is unsigned, unverifiable, and reconstructed under deadline pressure. Déjà eliminates the category by writing signed evidence at the moment of attribution — not at the moment of audit.

METRIC 1 · ENGINEERING HOURS SAVED

Engineering time previously spent reconstructing evidence at audit cycles is reclaimed for product work — every cycle, automatically.

METRIC 2 · AUDIT RISK REDUCED

Cryptographically verifiable, tamper-evident receipts eliminate the audit-finding category of "evidence reconstruction was manual."

ZERO-TRUST PRINCIPLE · CATEGORY DEFINITION

Receipts are independently verifiable. No implicit trust required between Déjà, the customer, or the audit firm. The signature is the contract; the verifier is the proof; the append-only ledger is the chain. This is the property that defines the category — and the property no other category preserves.

Stop reconstructing evidence at audit time.

Cryptographic incident-evidence custody. Signed at attribution. Verifiable offline by your audit firm. Durable across regulatory cycles. Engineering teams at regulated firms report audit prep consuming multiple FTE-weeks per cycle.

Create your vault See the engine

> free_trial: active // no_card_required // unlimited_auditor_seats