Traditional CI/CD logs are mutable text files that can be deleted, edited, or lost. The Cabin Crew Black Box generates self-contained cryptographic proofs that provide irrefutable evidence of what happened, when, and why.

Every workflow generates an audit.json file containing:

• Inputs: The exact issue, configuration, and environment variables
• Artifacts: Code diffs, Terraform plans, test results (hashed)
• Policy Verdict: Pass/Fail decisions from OPA
• Signatures: Short-lived OIDC certificates proving authenticity

This structure creates a forensic audit trail that proves the four W's: Who, What, When, and Why.

Each workflow step is cryptographically linked:

Issue → Plan → Code → Merge

The hash of each artifact becomes the input to the next step, creating an unbreakable chain. If any step is tampered with, the chain breaks and verification fails.

The Orchestrator uses OIDC short-lived certificates to sign audit logs. These certificates:

• Expire after minutes, preventing long-term key compromise
• Are issued by trusted Certificate Authorities (GitHub, AWS, GitLab)
• Include the exact commit SHA and workflow run ID

Combined with hash chaining, this creates tamper-evident logs that can be verified years later.

Audit logs are pluggable. Choose your storage backend:

• Git (Default): Pushes to cabincrew-black-box orphan branch
• S3: Fan-out to AWS S3 with versioning enabled
• Splunk: Real-time streaming to enterprise SIEM
• Custom: Implement the driver interface for any backend

We don't host your data—you control where the evidence lives.