An audit-chain-native AI HFT platform, end to end.

Every AI decision in the platform — strategy selection, parameter choice, signal generation, lot disposition, dividend timing, and any future AI-driven decision surface — is audit-chain traced at the moment of decision. The invariant is enforced through a dedicated producer-ID and a hundred-event audit type range. Every inference emits a "started" event carrying the prompt context, model identifier, sampling temperature, and a SHA-256 of the canonical inputs. Every completion emits the output, reasoning, and the seed (or a sentinel for providers that don't expose seeds) along with a reproducibility-class discriminator.

Strategy logic is glass-box for the same reason: open code, named parameters, reproducible backtests bound to the audit chain. Black-box decisioning — for AI inferences and for strategy logic alike — is forbidden by the platform's invariant set, not by policy.

Prompts and outputs above a threshold are sidecar-stored, with the in-band event carrying a SHA-256 hash to bind the sidecar payload. The Replay API reconstructs the full forensic walk-back from the chain alone. A regulator, a tax adviser, or a forensic auditor can see what the model knew, what it decided, and why — years after the original event.

The audit service is a Go consumer of a C++ lock-free shared-memory ring. Every event is decoded, canonicalized, hash-chained per row, and written atomically to a per-tenant partitioned event store. Each tenant has its own regulatory chain; cross-tenant queries are forbidden at the database boundary, not by application filter.

The chain root is signed once per day in a hardware security module using ECDSA-P256 with RFC 6979 deterministic-k. Signed roots and chain segments are archived to an immutable WORM blob store with a seven-year retention window. The Replay API returns byte-identical event streams from cold storage. Chain integrity is verified at insert time and on a scheduled cadence; quarantined events are anchored to a dual-event self-emission for forensic reconstruction.

Architectural alignment to SEC Rule 17a-4 recordkeeping standards is the design target. Architectural alignment is not regulatory approval; the platform is not currently registered as a broker-dealer or investment adviser.

The audit-chain integrity invariants, daily-root HSM-signing discipline, per-tenant database isolation, encryption-at-rest in Azure Key Vault, encryption-in-transit via TLS, RBAC on every privileged surface, and the chain-of-custody token on every order are mapped to the SOC 2 Trust Services Criteria at the architectural level. The mapping is operator-runbook-documented and reviewable by a third-party auditor as soon as the production deploy window opens.

The platform is pre-launch; the production deploy is local-first today and trigger-deferred until the first concrete operational event — a paying customer commitment, a SOC 2 audit window, a penetration-test engagement, multi-developer collaboration, or a live-capital cutover. Once the deploy window opens, the SOC 2 evidence-collection cadence opens with it. The architectural evidence is in place now; the third-party attestation is on the timeline of the deploy.

The institutional procurement conversation is the right surface for the detailed evidence map. The platform's contact form is the entry point.

Institutional clients receive a signed, code-signed desktop binary for Windows, macOS, and Linux. The thick client runs strategy logic and data-intensive computation locally — the C++ engine ships in-process — and talks to the Atlas-Trade™ backbone for execution, audit-chain emission, and shared state.

The client never touches a broker directly. Order routing, audit emission, promote-to-paper verdicts, and cross-tenant analytics all terminate at the server-authoritative backbone. The client's value is local compute, multi-monitor keyboard discipline, and offline-degraded resilience — the workflow vocabulary professional traders expect from a desktop application.

Every install and every update emits an audit event carrying the binary hash, the installer signature subject, and the originating IP and geolocation. The forensic story — "show me everything this user did in this session" — runs end to end, byte-identical, replayable.

The architecture is specified. The binary is on the roadmap. The contact form is the entry point to discuss timing.

Every order in the platform passes through a per-tenant risk gateway in the C++ hot path before it can reach a broker. The gateway enforces position-size limits, daily-drawdown stops, order-rate caps, ticker whitelists, and the global kill switch. The gateway is the sole order path; bypassing it is architecturally impossible.

The kill switch propagates over a signed control channel — ECDSA-P256 signatures with epoch + scope + heartbeat — so a hostile signal that attempts to spoof a kill-switch engage or to suppress a real one is rejected at the subscriber. An operator-issued global halt reaches every fast-loop component in under 100 milliseconds with audit-chain attribution that records the issuing operator, the geolocation of the engagement, and the chain-of-custody of every order that was in flight.

The kill switch is not a single button; it is an architectural invariant with control-channel signing, staleness watchdog, and a state-file fallback so a kill-switch engagement survives a process restart. Every engagement and disengagement emits an audit event. Every dropped or stale control message emits an audit event. The forensic record of who stopped the platform when — and why — is complete.

Every authentication event, every trade execution, every administrative action, every tax-lot disposition, and every funds-movement event captures the originating IP address and a derived geolocation (country, region, city, lat/lon at city-centroid precision) as part of the audit payload. The capture is non-optional; events that fail to attach the IP and geo are quarantined, not dropped.

Anomaly flags are set at capture time — VPN detection, Tor exit node, datacenter IP, impossible travel, country change since last session. Downstream alerting and response policy is owner-decidable per tenant.

The capture shape is binding at the audit-event-shape level. Storage details, retention specifics, and the geo provider selection are deferred to the security-telemetry specification slice. The shape exists now so every future privileged action emits the same forensic payload.

Every strategy clears a validity-invariant gate set before paper trading, let alone live capital. The gates are walk-forward cross-validation (out-of-sample window slides forward in time), nested k-fold inner cross-validation (hyperparameter selection without peeking), deflated Sharpe ratio (correcting for the multiple-testing inflation that makes naive Sharpe meaningless), and probability-of-backtest-overfitting (a combinatorially symmetric cross-validation).

Execution-model fidelity bands quantify the cost the backtest charges. Research-grade is per-share commission plus linear-in-participation slippage; full-fidelity (on the roadmap) consumes Level-2 book depth. The substrate-to-live parameter-set provenance discipline binds the parameters that cleared the gate to the parameters running in production via the audit-chain head hash.

The platform publishes both gross-of-fee Sharpe and net-of-all-fees Sharpe. Tax-aware strategies — tax-loss harvesting, direct indexing — additionally publish pre-tax Sharpe and after-tax Sharpe at the user's marginal-rate assumption. The fiduciary number is the net-of-fees, after-tax Sharpe; the gross number is published only for marketing-comparison transparency, never as the headline. Live monitoring tracks the rolling Sharpe against the validated DSR and triggers retirement review on sustained breach.

The framework is built. The first AI-tuned strategy on it is on the roadmap.

The substrate that validates a strategy and the engine that runs it in production are the same code paths. The audit-chain replay framework reconstructs a backtest run byte-identical to the original — same fills, same chain hashes, same outcomes — from the audit chain alone. The promote-to-paper gate requires this byte-equality as an architectural precondition.

Once a strategy is live, the platform tracks the divergence between the backtest-projected fills and the live-observed fills as a continuous metric. The divergence threshold is class-specific; a sustained breach triggers automated retirement review. Crowding, regime shift, and execution drift surface as quantified deltas, not as gut feeling.