Article V.8 · Ratified 2026-04-22

Knox-Watches-Knox

Bonis Systems is the first customer of its own product. Every live Knox agent wraps every production run with a pre-action anchor committed to the Bitcoin blockchain before the agent does any work, and a post-action anchor committed after the agent returns (or a failure anchor if it raises). Agent #8 Surveillance applies to the resulting internal anchor stream the same way it applies to any customer's stream. The firm cannot claim clean operations that contradict the chain — every run, success or failure, leaves a timestamped record.

Pre-action anchor

Committed before any work begins

When any agent entry point is called, the V.8 wrapper first writes an agent_run_start anchor containing the run ID, the agent ID, the SHA-256 commitment of sanitized inputs, and an optional human-readable summary. The raw inputs themselves never enter the anchor payload — only the commitment. This means the existence and timestamp of the run are Bitcoin-preserved independent of what the agent then chooses to return.

runId linkageSHA-256 input commitmentNo raw PII in payload

Post-action anchor

Committed whether success or failure

On successful return, the wrapper writes an agent_run_complete anchor with the outputs hash, a sanitized output summary, and duration. On exception, it writes an agent_run_failed anchor with the error summary. Failures are first-class and Bitcoin-durable. The firm cannot retroactively claim a clean operation that the chain records as failed.

Success OR failure anchoredrunId links pre and postduration_ms recorded

What the chain now records

Every live agent, every run

knox-agent-7

Collusion Detection — pre/post anchor on every analyze call.

knox-agent-8

Surveillance / Observation — pre/post anchor on every analyze call. Agent #8 then analyzes those same anchors; no self-exemption.

knox-agent-9

Supply Chain Continuous Monitoring — pre/post anchor on every register, check, and analyze call.

knox-sbom-illuminate

SBOM Illumination route — pre/post anchor on every CVE-surface illumination.

knox-supply-chain-trace

Supply Chain Trace route — pre/post anchor on every multi-tier graph traversal.

knox-exclusions-check

OFAC / FAR 889 / SAM exclusion screen — pre/post anchor on every batch screening run.

Privacy invariant

What the anchor never contains

V.8 is compatible with the Stealth Posture. Anchor payloads carry a SHA-256 commitment and a short sanitized summary — never the raw inputs, never customer PII, never the full output body. The commitment is enough to prove to a third party that the agent processed a specific input at a specific time; the raw data stays in the database where existing access controls apply.

No raw inputs in anchorNo customer PII in anchorOnly SHA-256 + duration + summary

Positioning

What this is and is not

This is

The firm's own operations held to the bar Bonis Systems sells to customers
A first-class, Bitcoin-anchored record of every agent run — success or failure
An accountability surface that a federal evaluator or enterprise auditor can independently verify without contacting Bonis

This is not

A replacement for application logs, SIEM, observability pipelines, or human review
An exposure of raw inputs, outputs, PII, or customer data — only commitments
A substitute for SOC 2, FedRAMP, or any external audit — it is the evidence those audits will verify

The nine agents Verify an anchor How Knox works