Forensic Data Collection. Flight Recorder Infrastructure for AI Inference.

The AgDR protocol specifies the ProvenancePacket message format using Protocol Buffers, BLAKE3 hashing for chain integrity, and ML-DSA quantum-resistant signatures for non-repudiation. All implementations must satisfy the Canada Evidence Act s.31.1 admissibility requirements.

Reference implementation: AgDR-Phoenix on GitHub

AKI defines a kernel-level interception mechanism that captures the PPP triplet (Provenance, Place, Purpose) at the exact moment of model inference. The formal definition specifies:

• Latency bound: 950ns maximum (AKI 0.95 Spec)
• Memory footprint: < 4KB per packet
• Thread safety: lock-free ring buffer with seqlock
• Atomicity: all-or-nothing capture with rollback

AKI 0.95 achieves 620ns mean latency on x86_64 with TSX instructions enabled. The specification covers:

• CPU affinity and cache-line optimization
• RDPMC cycle counting for nanosecond precision
• BLAKE3 hardware acceleration via AVX-512
• Ring buffer sizing for zero-allocation capture

The AKI capture pipeline operates in three phases: (1) Interception via eBPF or kernel module, (2) PPP triplet extraction from model context, and (3) Cryptographic sealing with BLAKE3 + Ed25519. Each phase is instrumented with rdtsc timestamps for forensic reconstruction.

For transformer-based systems, AgDR captures attention weights and layer activations as a compressed fingerprint. For rule-based systems, the entire decision tree is serialized. The methodology ensures that any decision can be reconstructed forensically without storing the full model state.

AgDR deploys as a sidecar, library, or kernel module depending on threat model and latency requirements. The architecture separates capture (hot path) from storage (cold path) via lock-free queues. Horizontal scaling uses consistent hashing to maintain chain integrity across shards.

AgDR uses vector clocks and Merkle forests to maintain causal ordering across distributed capture agents. The coherence protocol guarantees that any two packets in the same Merkle root share a consistent view of provenance history.

AgDR shards by agent_id using consistent hashing. Each shard maintains an independent Merkle tree; cross-shard consistency is verified via periodic root hash exchange. Benchmarks demonstrate 1.1M packets/second per node with linear scaling to 100+ nodes.

When a decision exceeds risk thresholds or triggers bias detectors, the Human Delta Chain initiates. The original packet is sealed, a delta packet captures the human override, and both are linked via parent_hash. This creates an immutable audit trail of human intervention.

Conducted on Intel Xeon Sapphire Rapids with TSX enabled. 100M sequential inferences with full provenance capture. Mean latency: 620ns. P99: 840ns. Zero packet loss. Memory overhead: 3.2MB resident. Full report available on request.

AgDR satisfies CEA s.31.1 by providing: (a) system integrity via BLAKE3 chains, (b) user identification via Ed25519 signatures, (c) data entry procedures via PPP triplet validation, and (d) output accuracy via Merkle root verification.

AgDR enables directors to discharge their fiduciary duty of care by providing contemporaneous evidence of AI oversight. The PPP triplet's Purpose field captures the director's explicit authorization, while the Place field records the governance boundary.

AgDR directly satisfies Article 14 (Human Oversight) by recording the human operator identity in the provenance_hash. Article 52 (Transparency) is satisfied by the decision_hash which enables post-hoc explanation. The emit_timestamp provides the Article 12 (Record-Keeping) temporal anchor.

The Fiduciary Office Intervener is an independent third party with read-only access to the Merkle forest. In disputes, the FOI can verify chain integrity without accessing plaintext decision content. This role is analogous to a court-appointed expert under the Canada Evidence Act.

AgDR packets satisfy the Bills of Exchange Act requirements for signed writing by encoding the decision as a cryptographically signed record. The provenance_hash identifies the drawer, the place_hash identifies the drawee, and the decision_hash constitutes the unconditional order.

Like aviation FDRs under ICAO Annex 6, AgDR provides tamper-evident recording of operational parameters. The key difference: AgDR captures intent (Purpose) and authority (Provenance) in addition to state (Place), creating a three-dimensional accountability record.

Medical records require attribution, timestamp, and tamper-evidence. AgDR exceeds these requirements by adding cryptographic binding and distributed verification. The provenance_hash serves as the attending physician; the decision_hash as the diagnosis; the place_hash as the facility.

Early cases in the EU, UK, and Canada establish that AI systems must produce explainable records for tort liability. AgDR's decision_hash and reasoning capture satisfy the emerging "algorithmic accountability" standard articulated in Loomis v. Wisconsin and subsequent rulings.

The Genesis Glass Foundation Fondation Genèse Cristal maintains AgDR records in perpetual trust. By 2076, we anticipate courts will routinely examine 50-year provenance chains. The Merkle forest and PQC AgDR-Mantle architecture ensures that records created today remain verifiable for centuries, assuming SHA-3/BLAKE3 preimage resistance.