Overview trends, outcome and module distributions
Advanexus Assurance
Investigate a supported outcome through the available evidence behind it.
Assurance is a permission-aware, read-optimized layer for exploring supported operational evidence. It does not replace the canonical source or manufacture history that was never recorded.
A projection for investigation, not a second system of record.
Sources, SQL Console, Datasets, Analytics, Sandbox, Pipelines, IAM and other modules retain canonical ownership. Assurance normalizes supported events, relations and snapshots into a bounded read model that can be rebuilt without erasing Assurance-owned workflow objects.
Tenant Assurance keeps the organizational view and project boundary together.
Each tenant has one tenant-wide Assurance read model. Supported overviews, searches and drill-downs derive allowed projects from current membership and permission scope, apply a bounded time range and label signals whose project, environment or module filters differ.
Actor contribution with direct evidence drill
Projection health, completeness and freshness signals
Explicit loading, empty, restricted, stale, truncated and safe-error states
Evidence Explorer moves from a question to an exact record.
Bounded free text and structured actor, project, module, entity, action, outcome, correlation, run, integrity, completeness and time filters return stable cursor-paginated results. Exact detail lookup never depends on the currently visible top-N page.
Table, timeline, grouped and bounded graph views
Private Saved Views that never widen the opener's scope
Permission-approved deep links back to canonical modules
Entity 360 and User 360 preserve the evidence behind the summary.
Entity 360 combines lifecycle, owner, version, timeline, relations, runs, findings, cases and reproducibility criteria for an authorized asset or run. User 360 adds a drillable evidence footprint by module, action, outcome, project, asset and day.
User 360 is not an employee productivity, quality or HR score.
Counts remain explainable through the exact events that support them.
Hidden projects do not leak names, nodes or unauthorized totals.
Version comparison distinguishes missing from unchanged.
Two exact evidence versions can expose recorded metadata, state, schema, configuration and hash differences with left/right values and bounded truncation. Missing historical snapshots remain unavailable; they are not reconstructed from a hash or current state.
Execution Story preserves attempts, retries and partial outcomes.
Authorized events are connected through run, correlation, entity or source-event identity and ordered chronologically. Retry, parallel attempt, cancellation, partial success and failure remain separate facts rather than one simplified terminal label.
Evidence Graph expands only known, authorized relationships.
Upstream, downstream or bidirectional exploration uses bounded depth and node/edge limits. Each supported expansion repeats scope checks; the graph is a visual projection of recorded relations, not a claim of universal lineage or global shortest-path discovery.
QueryExecution → DatasetVersion → AnalyticsRun → Artifact
Turn a signal into controlled work.
Deterministic Findings retain the evidence state that produced them and support assignment, acknowledgment, remediation, resolution, accepted exception and explained false-positive disposition. Cases add owner, priority, status, due/closure context and validated links without changing the canonical event.
Case links are resolved server-side in the same tenant/project scope.
Current browser workflow does not expose a complete comment, task and link editor on every surface.
Controls remain read-only coverage signals, not automatic certification.
Reproducibility is an explicit criterion set, not a confidence score.
Exact input/version, query or code/config hash, runtime environment, permission/RLS context, output artifact and integrity state are assessed separately. The result is reproducible, partially reproducible, not reproducible or not assessed, with missing criteria visible.
Integrity strength follows the source.
Verified, unverified, broken, legacy-without-integrity-data and pending are materially different states. A valid projection hash does not transform a legacy source into verified business history, and a successful Integrity Run may still contain unverified, pending or legacy records.
Package only the authorized scope.
Evidence Packages assemble only the authorized scope into bounded HTML, PDF, CSV, JSON, NDJSON or ZIP outputs with manifest and checksum metadata.
Technical export only — not automatically digitally signed, WORM protected, PDF/A or legally conclusive.
-
Generation follows a bounded asynchronous reporting path with durable status.
-
Download rechecks current permission, scope, status, expiry, token, size and ZIP SHA-256.
-
Stored-package verification checks manifest, member names, sizes and checksums.
-
Preview is the authority for actual package scope; report type is metadata, not a hidden renderer.
Sensitive data follows one versioned policy.
Credentials, tokens, cookies, DSN userinfo and related material are redacted before persistence, DTO rendering and package generation. Technical-context permission does not automatically grant sensitive reveal, and SQL or code is cleaned before safe hashing.
System Assurance uses a separate, narrow privileged path.
The admin application uses sanitized control-side projections for cross-tenant overview and search. Exact tenant detail requires a persisted reason-bound, time-bounded privileged-access session and an exact event capability; the gateway opens one tenant database and reads one matching normalized event under a statement timeout.
Default detail is redacted; one-response sensitive reveal requires an additional permission and high-value evidence event.
Concurrent revoke, expiry, suspended tenant or identity mismatch fails closed before or after the tenant read.
The gateway is not raw SQL, bulk export, arbitrary canonical-table access or a general artifact channel.
Projection freshness and history remain observable.
Live DomainEvents and transactional outbox records feed separate tenant, control and sanitized-mirror checkpoints. Projection is durable at-least-once with idempotent source identity—not a marketing exactly-once claim. Bounded backfill, rebuild and reconciliation expose candidates, duplicates, unknown types, failures, legacy records and orphan relations.
Next step
Start with the flow that cannot afford ambiguity.
Bring the systems, owners, rules, delivery obligations and evidence requirements that matter.
Discuss a critical flow