Skip to main content
Back to Trust Center

SECURITY ARCHITECTURE

How RANKIGI protects your data.

An audit platform must be held to the same standards it enforces. Here is exactly how RANKIGI is built.

The Default Storage Model

By default, RANKIGI hashes event payloads on receipt and does not persist a separate raw payload field. A keyed payload fingerprint (HMAC-SHA-256, derived per tenant) is stored, alongside the canonical form of the event used for tamper-evident chain verification. A hash is a fixed-length fingerprint of data, and given the hash it is computationally infeasible to reconstruct the original content.

This means RANKIGI retains the cryptographic proof that an action happened and the canonical record needed to verify the chain, while the raw payload content is not separately stored in the default tier.

Customers requiring reconstructable payload evidence may enable encrypted evidence retention on the applicable subscription tier. Under this mode the canonical event record is encrypted with AES-256-GCM using a per-organisation key derived via HKDF from a master key held in RANKIGI’s key management system. RANKIGI holds your signing keys in encrypted form. Customer-managed keys (BYOK), under which RANKIGI holds no decryption capability, are available on Enterprise plans Q3 2026.

input_hash = SHA-256(canonical_json(input_payload))
output_hash = SHA-256(canonical_json(output_payload))
event_hash = SHA-256(canonical_json(all_event_fields))

Canonical JSON: alphabetically sorted keys, no whitespace, UTF-8.
Deterministic. Reproducible. Independently verifiable.

The Hash Chain

Every event RANKIGI records includes the hash of the previous event. This forms a chain where each link depends on every link before it. To modify any record you must recompute every hash in the chain from the modified point forward.

This is detectable. RANKIGI’s verification endpoint recomputes every hash on demand and reports the first broken link. The chain is append-only. No UPDATE or DELETE operations on event records.

event_hash_n = SHA-256(canonical_json({
  event_id, agent_id, timestamp, action_type,
  tool_invoked, input_hash, output_hash,
  decision_metadata, execution_result,
  previous_event_hash: event_hash_(n-1),
  chain_index: n
}))

External Anchoring

External anchoring: Every daily snapshot is anchored to Sigstore Rekor, a public cryptographic transparency log, providing independent tamper-evident proof of existence.

RFC 3161 timestamps from FreeTSA provide legally recognized proof of time independent of RANKIGI infrastructure.

Agent Identity: Ed25519 Passports

RANKIGI issues Ed25519 passports to every verified agent. Ed25519 is an elliptic curve signature scheme that provides 128-bit security with fast signing and verification. Passport signatures are verified on every federation handshake and every certificate issuance. The public key is published at rankigi.com/.well-known/jwks.json for independent verification. Note: Ed25519 is vulnerable to Shor’s algorithm on quantum computers. RANKIGI’s hash chain uses SHA-256 which retains 128-bit effective security under Grover’s algorithm. Post-quantum signature migration is planned.

RANKIGI rotates the root signing key annually or immediately upon suspected compromise. Current key fingerprint published at rankigi.com/.well-known/rankigi-root-key.json.

Intent Chain Encryption

Intent Chain records are encrypted with AES-256-GCM. The encryption key is held in RANKIGI infrastructure. RANKIGI staff with infrastructure access could theoretically decrypt Intent Chain data under legal compulsion. All access is logged and audited. Customer-managed keys (BYOK) are planned for Q3 2026.

Infrastructure Security

  • TLS 1.3 for all data in transit
  • All data encrypted at rest (AES-256)
  • API key authentication with SHA-256 hashing. Raw keys never stored
  • Role-based access control with append-only audit logging
  • Rate limiting on all public endpoints
  • Security review completed. Responsible disclosure contact: security@rankigi.com
  • Security headers: CSP, HSTS, X-Frame-Options, nosniff, Referrer-Policy
  • Dependency vulnerability scanning on every deploy

Responsible Disclosure

Found a vulnerability? Email security@rankigi.com. We respond within 24 hours and will publicly acknowledge responsible disclosures.