ProductUse CasesDevelopersCompanyBlogRequest Access
For Developers

Submit your first decision trace in minutes.

A single REST API endpoint for submitting decision traces. Language-agnostic. OpenAPI 3.0 specification provided on access. Built for engineering teams integrating AI traceability into production systems.

Quick Start

One integration. Complete decision provenance.

curlPythonNode.js
# Submit a decision trace to the ingestion API
curl -X POST https://api.aegistrace.ai/v1/audit \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  --cert client.crt --key client.key --cacert ca.crt \
  -d '{
    "tenant_id": "your-tenant-id",
    "agent_id": "suitability-engine-v3",
    "decision_type": "portfolio_recommendation",
    "input_hash": "sha256:a3f8c1d...",
    "output": {
      "action": "REDUCE_EXPOSURE",
      "rationale": "Risk profile mismatch",
      "confidence": 0.94,
      "metadata": {}
    },
    "regulatory_context": ["FCA_PS22_3", "CONSUMER_DUTY"]
  }'

# Response: HTTP 202
# {
#   "certificate_id": "AT-2026-07-14-c3a9f1e",
#   "status": "QUEUED"
# }
Architecture

How the pipeline works.

01
Decision trace submitted via POST /v1/audit. Authenticated with mTLS and JWT. HTTP 202 returned immediately with certificate_id. The client system is never blocked.
02
PII redaction via Presidio sidecar. Runs inside the client's network. The client deploys and manages it. MSDK Labs has no access to raw personal data. Only redacted traces are transmitted to the ingestion API.
03
Regulatory assessment against FCA Consumer Duty and EU AI Act Article 12. Verdict produced: PASS, FAIL, or FLAG, with regulatory citations.
04
RFC 3161 trusted timestamp obtained from an independent timestamping authority. Then the certificate is signed with Google Cloud KMS. The timestamp is independent of MSDK Labs infrastructure, providing auditor-verifiable proof of issuance time.
05
Signed certificate stored in two locations: GCS (the immutable, tamper-evident object) and AlloyDB (the queryable record). Retrievable via API. Sub-200ms p99 latency.
Infrastructure
Compute
Google Kubernetes Engine (GKE), autoscaling, multi-zone availability
Database
AlloyDB (PostgreSQL-compatible), managed backups, point-in-time recovery
Key Management
Google Cloud KMS, managed key infrastructure, automatic key rotation
Data Residency
europe-west2 (London), EU data processing, GDPR compliant
Security
mTLS for service authentication. RFC 3161 trusted timestamping via independent timestamping authority, providing auditor-verifiable proof of certificate issuance time independent of MSDK Labs infrastructure.
Latency
Sub-200ms p99 certificate retrieval, sub-2s end-to-end sealing
API Reference

Key endpoints.

POST/v1/auditSubmit a decision trace (returns HTTP 202 + certificate_id)
GET/v1/certificates/{certificate_id}Retrieve a certificate
GET/v1/certificatesList certificates (paginated, filterable by verdict, agent, framework, date)
GET/v1/certificates/{certificate_id}/verifyVerify certificate integrity
GET/v1/statsAggregate verdict statistics (by period, agent, framework)
GET/v1/export/fcaExport FCA Consumer Duty format
GET/v1/export/euaiExport EU AI Act Article 12 format
GET/v1/reconciliationCompleteness check (surfaces gaps between submitted traces and completed certificates)

The ingestion endpoint (POST /v1/audit) authenticates via mTLS and JWT. All retrieval and export endpoints authenticate via API key. Credentials are provisioned during onboarding.

Deployment

Deployment options.

Cloud API
Managed Service
REST endpoint with OpenAPI 3.0 specification. Auto-scaling. No infrastructure to manage.
Private Cloud
Containerised
Docker/Kubernetes deployment. Helm charts provided. Environment variables for configuration. Managed updates via container registry. AWS, GCP, or Azure.
On-Premises
Air-Gapped
Full deployment package. Offline installation supported. Deployment specifications provided during planning.
Integration

Connect your AI systems to Aegis Trace.

REST API
A single REST endpoint for submitting decision traces. OpenAPI 3.0 specification provided on access. Language-agnostic. Any system that can make an HTTPS POST request can integrate. Typical integration takes less than a day.
Authentication
The ingestion endpoint authenticates via mTLS and JWT. Your engineering team receives a CA certificate, client certificate, and client key during onboarding. All retrieval and export endpoints authenticate via API key (X-API-Key header). Credentials are provisioned and managed through the compliance dashboard.
Webhook Support
Configure webhooks for FLAG and FAIL verdicts. Receive real-time notifications in your compliance or incident management systems when a decision fails assessment.
Reconciliation
The reconciliation endpoint confirms that every submitted decision trace has a corresponding completed certificate. Use it to detect pipeline gaps and demonstrate to auditors that no decisions were missed.
Documentation
Comprehensive API reference, authentication guides, quickstart tutorials, and FCA compliance mapping guides provided to onboarded organisations. Request access for full technical documentation.
Get Access

Request API access and technical documentation.

Request Access →