A forensic engine that does not ask what happened.
It asks why — and who benefits.
A timeline tells you a file was deleted at 03:14. It cannot tell you whether that was routine hygiene, panic, or a planted alibi. VIGÍA treats every artifact as a sign — and reads the intent it points to.
VIGÍA is built on four centuries of work on how signs carry intention — and on the disciplines that keep interpretation honest. Every scoring rule traces back to a published epistemics, not a hunch.
A sign is never just a thing — it is a relation between a representamen, its object, and the interpretant it produces. Inference to the best explanation (abduction) is how we leap from trace to cause.
A text constrains its readings. The “paranoid reader” finds conspiracy in everything; Eco insists the object pushes back. Reading malice into mere noise is itself an error.
Communication assumes Quantity, Quality, Relation, Manner. A covert violation of Quality is the precise structure of a lie; an overt flout is irony. The pattern of violation is signal.
Evidence must be testable, have a known error rate, and report strength as a likelihood ratio — not a verdict dressed as certainty. Courts reject black boxes.
Hover a vertex. Peirce's insight: meaning is irreducibly three-part. A deleted log (sign) points to an act of concealment (object) only through a disciplined interpretation (interpretant). VIGÍA makes that third term explicit, auditable, and falsifiable — so the reading itself can be cross-examined.
Every formula below is the real decision rule from Protocol P2, running in your browser. Move the controls and watch the engine reason. This is what “auditable” feels like.
Toggle independent sources. Noisy-OR never lets weak evidence cancel strong evidence — it accumulates. But fewer than three independent sources triggers a 20% confidence penalty: corroboration is not optional.
ABSTAIN is a first-class outcome. Where drift, instability, or inconsistency dominates, the engine declines to convict — and names why (ABSTAIN_DRIFT, ABSTAIN_INSTABILITY, ABSTAIN_INTENTION, ABSTAIN_ZONE). Thresholds ε are read from a sealed PolicySpec — never hardcoded into the decision path.
A forensic instrument that gives different answers on x86 and ARM is not evidence — it's an opinion. VIGÍA refuses the floating-point unit entirely. Reproducibility is not a feature; it's the whole point.
All arithmetic runs in decimal.Decimal at precision 28 with banker's rounding. Native round() delegates to libc and can disagree across platforms — so it is banned from the decision path.
State, raw verdict, confidence, stability, integrity, adversarial flags and dissent are folded into one canonical hash with sorted keys. Change any input and the fingerprint changes. Tamper-evident by design.
The full canonical suite is pinned to a single SHA-256. The agent runs all 22 end-to-end against both a pure-Python and a NumPy backend — and they must agree, bit for bit.
The planner ingests raw artifacts and emits a signed, STIX 2.1-conformant verdict with MITRE ATT&CK mappings — without a human in the loop, and without a single hardcoded threshold.
z-scores over robust MAD baselines; pre-normalized signals pass through untouched.
Noisy-OR within and across sources; corroboration penalty applied.
Correlation-discounted likelihood ratio on the ENFSI scale.
Causal Closure Score in exact fractions; CCS ≤ ½ vetoes to ABSTAIN.
Risk functional resolves ACCEPT / ABSTAIN / REJECT against sealed ε.
8-state verdict, effective-confidence adjusted, SHA-256 sealed → STIX 2.1.
Self-calibrating across runs — λ, γ, ε adapt to observed false-positive/negative rates, clamped to Daubert-defensible ranges. No opaque ML anywhere in the chain.
Black-box detectors give you a score and ask for trust. VIGÍA gives you a verdict, the theory behind it, the arithmetic that produced it, and a hash that proves no one touched it on the way out.