Skip to main content
Preview Documentation — This is a preview of the documentation and may differ from the production version. Content is subject to change during review.
Last verified: 2025-12-26

What is Veratrace?

Veratrace is a system for recording, replaying, and verifying how work is executed across humans, software, and automated agents, producing tamper-evident evidence of execution rather than relying on logs or attestations. The system operates as a multi-tenant application for managing Trusted Work Units (TWUs), agents, integrations, users, and work ledger entries. It tracks work operations through TWU models that define entities, actions, events, and outcomes, and records actual work executions in a work ledger with policy compliance status, actor types ("AI", "HUMAN"), cost, and time tracking. Source: Feature Inventory - Product Overview

Architecture

Veratrace operates as a multi-tenant system. Each instance has:
  • Isolated configuration (AWS Cognito user pool, OIDC client)
  • Separate data (users, TWU models, agents, integrations)
  • Independent authentication and authorization

Frontend

React-based application with routing defined in src/app/routes/routerConfig.jsx. The frontend communicates with a backend API. Frontend Structure:
  • Routes: src/app/routes/routerConfig.jsx
  • API Client: src/shared/api/config.js
  • Authentication: src/app/auth/auth.js
Source: Feature Inventory - UI Flows (Route Map), Product Overview

Backend API

Backend API base URL: http://localhost:8080 (development). API endpoints are instance-scoped: /instances/:instanceId/{resource}. Source: Feature Inventory - API Surface, Product Overview

Authentication

Authentication uses AWS Cognito via OpenID Connect (OIDC). Instance configuration includes:
  • userPoolId (string) - AWS Cognito User Pool ID (format: region_xxxxxxxx)
  • clientId (string) - Cognito OIDC client ID
  • region (string) - AWS region (extracted from userPoolId)
Instance configuration is fetched from the instance API endpoint. Authentication implementation uses OIDC protocol. Configuration Sources:
  • Instance config: src/shared/api/instance.js
  • Auth implementation: src/app/auth/auth.js
Source: Feature Inventory - Core Objects (Instance), Authentication

Core Components

TWU Models

TWU models define the structure for Trusted Work Units. Each model has a numeric version and includes entity, action, event, and outcome definitions. Status Values: DRAFT, PUBLISHED, ARCHIVED Fields:
  • entities (array) - Entity definitions
  • actions (array) - Action definitions
  • events (array) - Event definitions
  • outcomes (array) - Outcome definitions with expressions
  • version (number) - Version number
Source: Feature Inventory - Core Objects (TWU Model)

Agents

Agents perform work operations. Each agent has a type, active status, optional capabilities, and priority level. Type Values: "AI", "HUMAN" Fields:
  • type (string) - Agent type: "AI" or "HUMAN"
  • active (boolean) - Whether agent is active
  • capabilities (array, optional) - Agent capabilities
  • model (string, AI only, optional) - AI model identifier (e.g., "gpt-4", "gpt-3.5-turbo", "claude-3")
  • priority (string) - Priority level: "high", "medium", "low"
Source: Feature Inventory - Core Objects (Agent)

Integrations

Integrations connect to external systems for evidence ingestion and data synchronization. Status Values: "active", "inactive", "connecting", "error" Supported Integration Types:
  • Contact Center/CX: AMAZON_CONNECT, GENESYS_CLOUD, FIVE9, NICE_CXONE, ZENDESK, SERVICENOW_CSM, SALESFORCE_SERVICE_CLOUD
  • CRM/Sales: SALESFORCE, HUBSPOT, MICROSOFT_DYNAMICS, OUTREACH, SALESLOFT, APOLLO
  • AI Agents: INTERCOM_FIN, ZENDESK_AI, SALESFORCE_EINSTEIN, MICROSOFT_COPILOT, LANGCHAIN, LLAMAINDEX, POLYAI, KORE_AI, COGNIGY
  • BPO: TELEPERFORMANCE, CONCENTRIX, FOUNDEVER, TTEC, GENPACT, ACCENTURE_OPS
  • IDP/HR: OKTA, AZURE_AD, PING_IDENTITY, WORKDAY, NICE_WFM, VERINT
  • Policy: OPEN_POLICY_AGENT, CEDAR, ZANZIBAR
  • Data/Documents: AWS_S3, GOOGLE_CLOUD_STORAGE, AZURE_BLOB, SHAREPOINT, GOOGLE_DRIVE, SNOWFLAKE, BIGQUERY, COLLIBRA, ALATION
  • Finance: COUPA, SAP_ARIBA, NETSUITE, STRIPE, AWS_BILLING, OPENAI_USAGE
  • Observability: SPLUNK, DATADOG, ELASTIC, NEW_RELIC, MICROSOFT_SENTINEL
  • Legacy: MONDAY_COM
Fields:
  • status (string) - Integration status
  • health (object) - Health check information with isHealthy, lastHealthCheck, metrics
Source: Feature Inventory - Core Objects (Integration)

Work Ledger

Work ledger entries record TWU executions and work operations. Each entry tracks execution status, policy compliance, actors, cost, time, and model usage. Policy Status Values: "compliant", "non_compliant", "review_required" Actor Values: Array containing "AI", "HUMAN", or both (e.g., ["AI"], ["HUMAN"], ["AI", "HUMAN"]) Fields:
  • policyStatus (string) - Policy compliance status
  • actors (array) - Actor types array
  • activeTime (number) - Active time in seconds
  • cost (number) - Cost in dollars
  • modelName (string) - TWU model name used
  • status (string) - Execution status (examples: "completed", "in_progress")
Source: Feature Inventory - Core Objects (Work Ledger Entry)