App 03 — Brand

Every decision. Tamper-proof.

Hash-chained audit ledger, compliance policies, evidence packs, and replay lab. Built for teams that need to prove what their AI did and why.

Start free See the API
Audit Ledger Chain intact
#1a3f8c1...
#27b2e04...
#3d91f6a...
#41c4a8f...
#5e07b32...
#6f5d291...
SeqEventModelHashPrevVerified
#6chat.completiongpt-4of5d291...e07b32...
#5chat.completionclaude-sonnete07b32...1c4a8f...
#4policy.blockgpt-4o1c4a8f...d91f6a...
#3chat.completiongpt-4o-minid91f6a...7b2e04...
Active Policies
  • no-pii-outputBlock responses containing PII patternsBlock
  • max-token-limitReject prompts over 32K tokensReject
  • content-safetyFlag harmful content for reviewFlag
Evidence Packs 3 complete
SOC2-Q1-2025
1,247 ledger entries · chain verified · exported Jan 31
GDPR-audit-feb
892 entries · PII policy log · exported Feb 28
incident-031
23 entries · replay included · exported Mar 5

What Brand does

Hash-Chained Ledger

Every LLM event is appended to an immutable, hash-linked chain. Each entry references the previous hash, making tampering detectable. Verify integrity with one API call.

Compliance Policies

Define rules that run on every request. Block PII in outputs, enforce token limits, flag unsafe content. Policies are versioned and auditable.

Evidence Packs

Bundle ledger entries, policy logs, and chain verification proofs into exportable packages. Ready for SOC2, GDPR, HIPAA, or internal audit reviews.

Replay Lab

Re-run any historical request through the current middleware chain. See how today's policies would have handled yesterday's traffic. Essential for incident review.

Human Feedback

Collect thumbs-up/down and text feedback on any LLM response. Link feedback to specific ledger entries for full traceability.

Zero Config

Brand hooks into every proxy request automatically. The ledger starts recording the moment you boot the binary. No code changes, no agents.

Encryption at Rest

Provider API keys are encrypted with AES-256-GCM before touching disk. Keys are decrypted only in-memory for outbound calls. Bring your own encryption key or let Stockyard auto-generate one.

The API

Ledger, policies, evidence packs, replays, and feedback — all REST. Build compliance workflows or integrate with your existing audit infrastructure.

# Verify the ledger chain is intact curl /api/trust/ledger/verify # Get recent audit entries curl /api/trust/ledger?limit=50 # Create a compliance policy curl -X POST /api/trust/policies \ -d '{"name":"no-pii-output", "type":"output", "pattern":"\\b\\d{3}-\\d{2}-\\d{4}\\b", "action":"block"}' # Bundle evidence for audit curl -X POST /api/trust/evidence \ -d '{"name":"SOC2-Q1-2025", "from":"2025-01-01", "to":"2025-03-31", "include_verification":true}' # Replay a historical request curl -X POST /api/trust/replays \ -d '{"ledger_seq":4, "note":"Incident review: was PII leaked?"}' # Submit human feedback curl -X POST /api/trust/feedback \ -d '{"ledger_seq":6, "rating":"positive", "comment":"Accurate summary"}'

Prove it. Every time.

Brand ships with every Stockyard instance. Self-hosted or Cloud.

Start free Back to platform
Other apps in the platform
Observe
Traces, costs, alerts
Studio
Prompt versioning, A/B tests
Team
RBAC, invites, spend
Forge
DAG workflows, tools

Compare Stockyard

vs LiteLLM · vs Helicone · vs Portkey · Pricing · Blog

Explore: OpenAI-compatible · Model aliasing · Why SQLite