When the regulator asks, who has the receipt?
The operator carries the audit weight. The COA the lab issued, the license that was current at the moment of sale, the batch that was published, the transaction that cleared the gateway — the operator is the one holding the bag when any of those is later disputed. The receipt should belong to the operator, not to whichever software stack happened to be in the seat that quarter.
The operator carries the weight. The receipt lives somewhere else.
State traceability systems — Metrc, BioTrack, and Leaf Data depending on jurisdiction — hold the regulator-facing record. The point-of-sale vendor holds the dispensary record. The ecommerce platform holds the marketplace record. The lab holds the COA. The processor holds the transaction. The state license registry holds the license. None of these records are content-addressed across the stack; none are sequence-linked to each other; none survive the operator switching platforms or a vendor going dark.
When a regulator calls back six months later about a reported harvest, when a buyer disputes a COA on a delivered batch, when a license turns out to have been revoked the morning of a sale, when a batch is recalled and the downstream graph has to be reconstructed across multiple distributors and dispensaries — the operator is the one holding the bag. The operator’s ability to answer depends on the cooperation of every vendor in the stack staying intact, cooperative, and online.
AAM closes the seam without coupling to any single platform. The audit primitive is content-addressed: the SHA-256 of the COA, the license check, the batch artifact, or the transaction; the chain-of-command stamp identifying the operator-side agent that produced the commitment; and the sequence link to the previous event in the operator’s stream. Knox anchors each, aggregates the hourly Merkle root, and publishes the root to the Bitcoin blockchain. The operator owns the chain. The operator decides what to surface. The chain outlives the platform.
Every step that already flows through the stack becomes a Knox event.
Cannabis commerce is structured around a small number of recurring artifacts: a COA, a license check, a batch publication, a transaction observation. Each already flows through the operator’s stack. Each maps to a canonical Knox event type already shipped — no cannabis-specific schema, no jurisdiction-specific lock-in.
The lab’s certificate of analysis for a specific batch is content-addressed at the moment of validation. The SHA-256 of the COA artifact, the batch identifier, and the validating party are committed to the chain. A subsequent reprint, retraction, or substitution does not propagate to the public-chain record.
A license check at the moment of a B2B transaction is committed against the verifying registry source. The chain records that the license was current at that timestamp, regardless of whether the license is later revoked, suspended, or contested. The seller can prove what they checked and when.
The batch artifact at the moment of publication — SKU, potency declaration, COA reference, source license — is committed. The downstream graph (which distributor, which dispensary, which retail unit) hangs off the published batch and is reconstructible from chain alone if a recall arrives months later.
Every transaction that clears the operator’s payment gateway is observed and committed. The chain records the moment, the parties (by content-addressed reference, not raw PII), the bound license check, and the COA reference for the batch transferred. Reconciliation against the state-traceability submission is exact, not approximate.
Settlement commits the final state of the transaction lifecycle. Combined with vendor_transaction_observed (gateway-side) and the offer / acceptance / dispute / reversal events that also exist in the Knox taxonomy, the operator has a content-addressed record of every B2B transaction’s full state machine.
The operator (or the agent acting for the operator) attests to a state declaration — an inventory count, a reconciliation result, a recall scope, a state-traceability submission. The attestation is content-addressed, sequence-linked, and Bitcoin-anchored. The operator’s declaration at the moment of declaration is recoverable independent of any later platform change.
The questions are predictable. The records should be too.
Once a cannabis operator has been in the field long enough, the same five questions arrive on every contested event. AAM primitives produce records architected to answer each one without the operator depending on the cooperation of any single platform, vendor, or counterparty.
Was the COA on the delivered batch the COA the lab actually issued?
The vendor_coa_validated anchor commits the SHA-256 of the COA artifact at the moment of validation against the batch. A subsequent edit, reprint, or substitution by the lab or any intermediary does not propagate to the public-chain record. The anchor either matches the delivered COA or it does not.
Was the buyer’s license actually current at the moment of sale?
The vendor_license_validated anchor commits the registry response at the timestamp of the transaction. If the license is later revoked, the chain still shows the seller checked, what the registry said, and when. The seller’s due-diligence is recoverable independent of the registry’s later state.
When this batch was recalled, where did every unit go?
The vendor_product_batch_published anchor commits the batch artifact; downstream vendor_transaction_observed and agent_transaction_settlement anchors commit the units that left the operator. The recall graph reconstructs from chain alone, even if intermediate platforms have rotated their data.
Did the state-traceability submission match what the operator actually did?
The attestation anchor commits the operator’s declaration at the moment of submission. The vendor_transaction_observed anchors commit what actually flowed through the gateway. Reconciliation between declared and observed is exact, not narrative. Drift is detectable rather than assumed.
If the operator’s platform vendor disappears tomorrow, can the record survive?
Every Knox anchor is content-addressed and Bitcoin-anchored. Reconstruction does not require the original ecommerce platform, the original POS vendor, the original lab portal, or the original processor to remain online or cooperative. The receipt outlives the stack.
What composing AAM above the cannabis stack gives the operator.
Operator-owned
The chain belongs to the operator. The operator decides what to disclose to a regulator, a buyer, an insurer, or a court. Bitcoin-anchored time-ordering is public; the underlying event payloads remain on the operator’s infrastructure unless the operator chooses to surface them.
Platform-neutral
Any cannabis ecommerce platform, any POS, any lab portal, any payment processor, any state-traceability submitter can be paired with Knox by instrumenting an emit path on the operator’s side. The platform does not need to know about Knox, consent to Knox, or be modified for Knox.
Independently verifiable
Anchors are published to the Bitcoin blockchain via OpenTimestamps. Verification does not require Bonis, the operator’s platform vendor, or any third party to be online, in business, or cooperative. The receipt outlives the operator’s choice of stack.
Court-admissible architecture
Anchors and the affidavits derived from them are architected to meet the self-authentication requirements of FRE 902(13) and 902(14). Admissibility in any given matter remains a determination of the presiding court; the structural requirements are met by construction.
Selective disclosure by default
Audit-permanence is total; disclosure is selective. The operator surfaces the events that answer the question actually being asked, with their anchors and the cryptographic linkage to the rest of the chain. The regulator, buyer, or counsel verifies the surfaced events without needing access to anything the operator did not surface.
Multi-state coherent
A multi-state operator runs the same Knox primitives under every jurisdiction’s regulatory schema. The state-traceability submission still lands in whichever of Metrc, BioTrack, or Leaf Data the state mandates; the operator’s own audit chain remains uniform across state lines.
The pieces the operator already has to navigate.
Cannabis operators today already navigate a layered infrastructure of state-mandated traceability systems, federal regulatory frameworks, and jurisdiction-specific licensing regimes. AAM does not replace any of them; it sits above them as the operator’s independent receipt. None of the items below names a Bonis prospect, partner, or customer; they are referenced as public infrastructure that shapes the operator’s daily reporting surface.
Metrc, BioTrack, Leaf Data Systems
State-mandated seed-to-sale traceability systems. Each U.S. legal-cannabis jurisdiction selects one as the regulator-facing system of record. The operator submits; the state receives. The operator’s own copy of what was submitted, when, and against which batch is the gap that AAM fills.
USDA hemp Final Rule (7 CFR Part 990)
Federal regulatory baseline for hemp production under the 2018 Farm Bill. Defines testing protocols, sampling, and disposal procedures for crops exceeding the 0.3% delta-9 THC threshold. State plans build on top. The operator carries the testing and disposal evidence weight.
FDA CBD warning-letter program
The U.S. Food and Drug Administration has issued public warning letters to operators marketing cannabidiol products in violation of the Federal Food, Drug, and Cosmetic Act. The letters are public record on FDA.gov. The operator’s record of what was marketed, when, and against which COA is the operator’s defense.
State Cannabis Regulatory Agencies
Each legal-cannabis state operates its own regulatory agency — Cannabis Regulatory Agencies, Departments of Health, dedicated cannabis bureaus — with its own enforcement docket, its own fines, and its own public-record schedule. Multi-state operators carry the audit weight under every regime simultaneously.
One HTTP call per commerce event.
The operator does not have to wait for a Knox cannabis SDK to ship. The public anchor endpoint is already live, and any commerce event the operator’s stack already produces — a COA validation, a license check, a batch publication, a gateway transaction — can be paired with Knox today.
Evidence layer, not enforcement.
Bonis does not access operator systems, does not intercept traceability data without consent, does not disable, modify, or interfere with operator commerce in any way, and does not undertake any active disruption of any external system. Knox is invitational: an operator, distributor, lab, MSO, or platform that wants a tamper-evident record of every COA, license check, batch publication, and transaction instruments their own emit path. Bonis produces the audit primitive; lawful authority — state Cannabis Regulatory Agencies, state Attorneys General, federal regulators, presiding courts — decides what to do with the resulting evidence when the operator chooses to surface it.