Signed audit trail for knowledge graph ingestion and queries

[jagmarques]

Built a wrapper that signs every cognee ingestion and query operation, creating a hash-chained audit trail you can use for compliance.

The problem: when you ingest documents and build a knowledge graph, how do you prove later that specific data was ingested at a specific time and not modified afterward?

import cognee
import asqav

asqav.init(api_key="sk_...")
auditor = asqav.Agent.create("cognee-auditor")
session = auditor.start_session(name="kg-audit")

await cognee.add("data/financial_reports/", dataset_name="q1_reports")
await cognee.cognify()

session.log("cognee:ingest", metadata={
    "dataset": "q1_reports",
    "content_hash": asqav.hash_content("data/financial_reports/")
})

results = await cognee.search("What was Q1 revenue?")
session.log("cognee:search", metadata={
    "query_hash": asqav.hash_content("What was Q1 revenue?"),
    "result_count": str(len(results))
})

Every entry gets an ML-DSA-65 signature chained to the previous one. Export as JSON for auditors.

Useful if your knowledge graph processes sensitive or regulated data and you need to prove what went in and what came out.

Repo: https://github.com/Upsonic/Upsonic

[Vasilije1990]

@jagmarques looks awesome! Can you add it to the core repo?

[jagmarques]

Minimal hook in cognee core that fires on ingest/query events so any audit sink can subscribe, rather than pinning asqav as a core dep. Keeps core light; the asqav-cognee integration lives at pip install cognee[asqav] as an optional extra. Will open a PR with the hook plus an examples/audit.py wire-up if that path works.