Forensic engine online

Ghost Trace

Upload a repository and get a concise AI forensic report: risk, agents, timeline, and verdict.

Live AI system status

Initiate forensic investigation

Upload repository evidence, paste a GitHub target, and activate the Ghost Trace intelligence mesh to reconstruct software collapse.

Mission state

AI forensic scan ready

TRACE_SESSION_ARMED

Drop repository intelligence package

Upload software evidence

Drag a zip archive into the scanner, or manually select a project package for AI forensic ingestion.

Zip evidence only

GitHub repository URL

critical

Risk Score

87%

high

Stability Index

42%

high

Architecture Integrity

61%

high

Failure Probability

73%

AI agents

Key findings

mock-investigation-ghost-trace-001

ARCHITECT

System topology arbitrator

94%

active

Authentication drift propagated across duplicated validation layers after payment integration. I classify this as architecture drift first, operational overload second.

Task: Mapping ownership boundaries against runtime call graph

Challenge: Disagrees with the Failure Predictor: queue saturation is a downstream amplifier, not the initiating defect.

TOPO-61 architecture driftAUTH-17 duplicated authority

FORENSIC ANALYST

Root-cause evidence engine

92%

active

Commit chronology confirms the instability began when billing webhook normalization bypassed the canonical validator and introduced a parallel request shape.

Task: Correlating commits, traces, and dependency resolution changes

Challenge: Challenges the Security Investigator's breach-first framing; evidence shows exposure was created by engineering drift, not adversarial traffic.

VAL-42 boundary fragmentationDEP-09 dependency drift

SECURITY INVESTIGATOR

Threat boundary examiner

88%

warning

I dispute the idea that this is contained architecture drift. Internal ingress can bypass validation and produce inconsistent authorization verdicts under replay.

Task: Testing privilege assumptions across API ingress and queue replay

Challenge: Disputes the Architect's containment rating because replayed billing events can cross trust boundaries.

AUTH-17 duplicated authorityVAL-42 boundary fragmentation

FAILURE PREDICTOR

Collapse simulation model

90%

warning

A three-node latency spike can trigger enough billing retries to exhaust workers in eleven minutes. The initiating defect matters less once retry pressure crosses threshold.

Task: Projecting release-window failure modes under peak traffic

Challenge: Disagrees with the Architect on priority: scaling guardrails must ship before the deeper topology repair finishes.

SIM-28 scaling pressureDEP-09 dependency drift

TIMELINE RECONSTRUCTOR

Incident chronology synthesizer

97%

active

The collapse path is chronological, not random: validation split, auth duplication, dependency drift, retry amplification, and finally observability collapse.

Task: Locking final incident sequence for verdict synthesis

Challenge: Synthesizes the dispute: security exposure and scaling degradation are both consequences of the same architectural fracture.

VAL-42 boundary fragmentationAUTH-17 duplicated authority

Timeline

Collapse sequence

4 events

T+00:03:12

Validation boundary fragmented

Payment webhook normalization introduced a second request shape, allowing API handlers and queue consumers to interpret the same event with different trust assumptions.

T+00:08:44

Authentication duplication introduced

A fallback replay adapter began validating sessions independently from the edge middleware, splitting revocation logic between live traffic and asynchronous recovery paths.

T+00:12:06

Dependency instability escalated

Worker packages resolved a different transitive parser and retry library than the web/API runtime, creating inconsistent error handling during replay.

T+00:17:29

Architecture drift crossed service ownership

Recovery logic moved from service-owned adapters into the event bus, letting billing, notifications, and auth mutate shared state from competing control planes.

Final verdict

Critical instability detected

SEV-1 systemic instability likely without intervention.

Root cause: A payment integration expanded faster than the architecture contract. Validation fragmented first, duplicated authentication authority followed, dependency drift changed worker behavior, and retry amplification converted localized defects into system-wide collapse pressure.

critical

Top risks

Duplicated authentication authority between edge middleware and replay workers.

Fragmented validation across API ingress, webhook normalization, and queue consumers.

Dependency drift between API and worker runtimes.

Predicted failures

Scaling instability under release-window traffic (84%)

Authentication inconsistency during replay (79%)

Cascading worker failure propagation (76%)