What Concordex is for, and what it deliberately is not.

The problem this product addresses.

AI agents now take actions that have financial, clinical, legal, and reputational consequences. The teams who run these agents are asked to answer questions they did not have to answer when their software only suggested, retrieved, or summarized.

The questions are not new. The setting is.

The questions are:

1. Why did the agent do that?Reproduce the decision with the evidence that produced it.
2. Where is the record?Produce a signed, time-stamped record that satisfies an audit.
3. Did the behavior change?Show that the agent is still making the same kinds of decisions it was making yesterday.
4. Who decides if the agent may keep running?Make the policy that governs the agent visible and revisable.

Application logs are not built to answer these. Prompt-trace dashboards do not produce evidence packets. Most teams answer the questions by hand, once per audit cycle, and start again the next quarter. Concordex exists so they do not have to.

The unit of record.

Concordex records events. An event is a single action taken by, on, or about an agent. Each event carries:

1. The agent.Which agent took, requested, or was the subject of the action. Identified by a workspace-scoped subject identifier.
2. The action.What was done — speech, a tool call, a tool result, an observation, a policy check.
3. The evidence.What was retrieved, considered, or relied on to produce the action.
4. The risk tags.The risk dimensions the action touches — financial action, personal information, clinical decision, and so on. Tag schemas are defined per workspace.
5. The policy result.Whether the action was allowed, warned on, or blocked, and which policy fired.
6. The signature.A cryptographic signature so the record cannot be silently edited.

Events are written to an isolated workspace owned by the customer. The record persists for as long as the customer's retention policy requires.

What the registry produces from the record.

A live profile of every agent — Anima — that summarizes what the agent does, how it does it, and where it is currently failing. Forecasts about the agent's near-term behavior — Augur. Versioned coordination policy across many agents — Concordia. All three read the same record.

The intended users.

Concordex is for the people who own AI agents in production and carry the consequences when those agents misbehave. In most organizations these are four distinct roles, all of whom read the same record:

1. AI platform engineers.Responsible for the agent fleet across teams and runtimes. They need one registry to see every agent in production and to set what production-ready means.
2. AI risk and compliance officers.Responsible for satisfying internal and external audit. They need a defensible record that maps to the controls the auditor will ask about.
3. Site reliability and on-call engineers.Paged when an agent breaks or a customer escalates. They need to replay the agent's actions, not reconstruct them.
4. Security and procurement reviewers.Responsible for what the agent may do and where its data may live. They need the policy layer to be readable without translation.

Concordex is not aimed at end users. End users see the agent and the outcome. Concordex is the system the operators consult when the outcome is questioned.

What Concordex commits to.

Five commitments are built into the product. They are stated here because they are how the product will be judged.

1. Record before opinion.The registry catalogs what happened before it asserts what should be done. Every claim in the registry points to the events that produced it.
2. Cross-reference across domains.A risk-tag schema that works for clinical handoffs may also work for financial integrity. The registry's value compounds when entries cite each other.
3. Open to inspection.Every record shows its provenance. Customers can challenge an entry by producing counter-evidence. The registry revises, it does not entrench.
4. Reference, not decree.The registry consults; operators retain authorship of decisions. The registry's authority is the quality and depth of what it records.
5. Compounding by design.A registry with ten thousand events recorded is more useful than one with ten — by a margin larger than the count suggests, because the cross-references multiply.

What Concordex deliberately is not.

A record system is partly defined by what it refuses to claim. Concordex states the limits explicitly so that buyers, auditors, and end users can rely on them.

The frameworks Concordex maps to.

Concordex ships pre-mapped to common control frameworks. The same event record supports additional frameworks on request.

1. SOC 2 Type II.Common Criteria 7 (system operations), 8 (change management), and 9 (risk mitigation). Type II in progress; evidence available under NDA.
2. HIPAA.45 CFR 164.308 administrative safeguards and 164.312 audit controls. Available under a Business Associate Agreement on request.
3. EU AI Act.Articles 12 (record-keeping) and 14 (human oversight). Pre-mapped crosswalk provided to auditors on request.
4. NIST AI RMF.Measure 2.1, Measure 2.3, Manage 4.1. Pre-mapped with self-attestation.
5. Section 508 / WCAG 2.1 AA.Adopted as a standing standard for all product surfaces and the customer-facing site.

What Concordex says, and what it does not.

Concordex does not state that the right answer is X. It states what the record contains on the question, and what is still missing. Operators retain the decision. The record retains the evidence.

Begin a workspace at /trial, or contact [email protected] with questions.