EVE Proof
Evidence
EVE Proof
Evidence
The evidence layer for AI decisions. EVE Proof turns every governed AI decision into a signed, independently verifiable certificate. Not a log you have to trust — a cryptographic record an examiner can verify themselves, offline, years later, without ever calling us.
Ed25519 signatures · Offline verification · Merkle-anchored audit chains
When the governance layer allows, blocks, or modifies an action, EVE Proof emits a Governed Decision Certificate — a structured, canonicalized record of the inputs, the policy that fired, the verdict, and a cryptographic signature over the whole payload.
Each certificate is JCS-canonicalized (RFC 8785) so the exact bytes that were signed are reproducible. No ambiguity about what was attested.
The verdict, policy id, request digest, and timestamp are signed the moment the decision is made — bound together so a single altered field breaks verification.
Certificates link to the prior record by hash. Removing or reordering a decision is detectable: the chain no longer validates.
// A signed receipt for one governed decision { "certificate_id": "gdc_8f31a0c4e9b7", "issued_at": "2026-06-20T14:08:21Z", "tenant_id": "org_acme", "policy_set": "lending_v1", "request_digest": "sha256:5c1f…a902", "decision": "BLOCKED", "reason_code": "ECOA.adverse_action.unexplained", "prev_hash": "sha256:0b77…1e4d", "signature": { "alg": "ed25519", "key_id": "eve-prod-2026", "value": "f3a1…b9c0" } }
| Field | What it is | What it proves |
|---|---|---|
| certificate_id | Stable, unique id for this decision record. | A durable handle an examiner can reference and re-request. |
| issued_at | UTC timestamp, signed inline. | When the decision was made — back-dating breaks the signature. |
| tenant_id | The organization the decision belongs to. | Tenant isolation: evidence is scoped and cannot be cross-attributed. |
| policy_set | The named, versioned policy that evaluated the action. | Exactly which rules were in force — the basis for replay. |
| request_digest | SHA-256 digest of the request payload. | Binds the decision to its inputs without storing raw or sensitive data. |
| decision | The verdict: ALLOWED · BLOCKED · MODIFIED. | The governed outcome that actually reached the world. |
| reason_code | Structured, citable reason for the verdict. | "Why," decided before the action — not a post-hoc rationalization. |
| prev_hash | Hash of the prior certificate in the chain. | Tamper-evidence: removing or reordering a decision breaks the chain. |
| signature | Ed25519 signature, algorithm, and key id. | Authenticity and integrity, verifiable with the public key alone. |
A log asks others to trust it. A dashboard shows you a claim. Only independently verifiable evidence answers the examiner's real question — without you in the loop.
| The examiner asks… | Audit log | Governance dashboard | Cryptographic evidence |
|---|---|---|---|
| "Was this record altered?" | Trust the database. | Trust the vendor's UI. | Verify an Ed25519 signature — any change breaks it. |
| "Can you prove it without your help?" | No — needs your systems and cooperation. | No — needs your login. | Yes — public key + stock crypto, offline. |
| "Why was this decision made?" | Maybe a free-text note. | A score or a status. | A signed reason code + policy version, decided before the action. |
| "Will it survive your company?" | Gone if the system is. | Gone if the login is. | Verifiable years later, with no vendor. |
| "Prove this exact decision is in the record." | Hope nothing was deleted. | Take the dashboard's word. | A Merkle inclusion proof anyone can check. |
The difference is who has to be trusted. With cryptographic evidence, the answer is: no one. See what a certificate contains →
Trust is not a feature. EVE Proof is built so the party reading the evidence never has to take our word for anything. Three independent properties make that real.
Certificates, the audit bus, and Merkle roots are signed with Ed25519 in production. Anyone holding the public key can verify a signature — the private key never leaves the signer. Verification needs no secret and no live service.
A certificate, the published public key, and a stock crypto library are all that is required. An auditor can confirm authenticity on a disconnected laptop — today or in seven years — with zero dependency on EVE infrastructure.
The certificate captures the deterministic inputs and the policy version. Feed them back into the same policy pack and the same verdict and reason code reproduce, every time — proof the recorded outcome is exactly what the engine would decide again.
From the API response, an exported evidence pack, or your own retained store. It is self-contained.
Available at a stable endpoint and pinnable. Key ids are embedded in every certificate so rotation never orphans old evidence.
Canonicalize the payload, check the Ed25519 signature against the public key. Valid means the bytes are exactly what was signed at decision time.
Confirm prev_hash linkage and the Merkle inclusion proof to prove the decision sits, unaltered, in the published audit history.
Real Ed25519 verification, fully client-side. Press Tamper and watch one altered byte break the signature.
Full-page verifier at eveproof.com/verify · or run the offline Python verifier / open-source eve-verify CLI.
"No trust required" has a precise meaning. The trusted computing base is small, public, and standard — and we state exactly where it ends.
Scope, stated plainly: a certificate proves a decision was recorded exactly as shown, under a named policy version. It does not, by itself, assert that the policy was correct — that is a separate governance question EVE Governance and your own controls address.
An evidence pack bundles every certificate for a window, the hash-chain linkage, the Merkle roots, and the public keys needed to verify them — into a single portable artifact you can hand to an auditor, regulator, or counterparty.
Real Ed25519 signatures over RFC 8785 payloads — verify them yourself with the included script (python verify_sample.py). Demo key; identical procedure to production.
An evidence pack carries the leaves, the proofs, and the signed roots — everything an examiner needs to reconstruct trust independently.
Examiners, model-risk teams, and auditors don't want a dashboard screenshot. They want records they can independently verify and reproduce. EVE Proof is designed for exactly that conversation.
Automatic, tamper-evident logging of high-risk AI decisions with the integrity properties Article 12 anticipates and the accuracy/robustness traceability of Article 15.
Model-risk review can confirm what the control did, when, and under which policy version — without relying on the first line's attestations.
Hand over an evidence pack and a public key. The examiner verifies on their own machines, on their own timeline. No vendor in the loop.
Confirm what a control did, when, and under which policy version — independently, without relying on the first line's attestations.
Hand a regulator or counterparty a self-verifying evidence pack instead of a screenshot. Answer "prove it" with a signature, not a deck.
Evidence is emitted inline with the decision — one API call, no separate logging path to build, secure, or remember.
Evidence is produced inline with the decision — no separate logging step to forget. Verification is a stock-crypto operation you can run anywhere.
# Every governed decision returns a signed audit record curl -X POST https://eveaicore.com/v1/decisions/evaluate \ -H "Authorization: Bearer eve_…" \ -H "Content-Type: application/json" \ -d '{ "request_id": "req-001", "tenant_id": "org_acme", "proposed_action": {"type": "loan_approval", "amount": 50000}, "policy_set": "lending_v1" }' # → { "decision": { "status": "BLOCKED" }, # "risk": { "level": "HIGH" }, # "audit": { "signature": "ed25519:f3a1…b9c0", # "decision_trace": [ … ] } }
# pip install eve-governance # or use stock cryptography directly from eve_governance import canonicalize from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey # public key + certificate are all you need — no network vk = Ed25519PublicKey.from_public_bytes(bytes.fromhex(PUBLIC_KEY_HEX)) payload = canonicalize({k: v for k, v in cert.items() if k != "signature"}) vk.verify(bytes.fromhex(cert["signature"]["value"]), payload) # raises InvalidSignature if anything was altered print("✓ certificate is authentic and intact")
import hashlib, json, requests # 1. the inputs you retained hash to the digest in the certificate canon = json.dumps(saved_inputs, sort_keys=True, separators=(",", ":")).encode() assert "sha256:" + hashlib.sha256(canon).hexdigest() == cert["request_digest"] # 2. re-evaluate under the SAME policy version r = requests.post("https://eveaicore.com/v1/decisions/evaluate", headers={"Authorization": "Bearer eve_…"}, json={**saved_inputs, "policy_set": cert["policy_set"]}).json() # 3. the verdict reproduces, deterministically assert r["decision"]["status"] == cert["decision"] print("✓ same inputs, same policy → same verdict:", cert["decision"])
# Download the sample pack from this page, then: pip install cryptography python verify_sample.py eve-proof-sample-certificate.json # → ✓ gdc_8f31a0c4e9b7: signature is authentic and the payload is intact. # Tamper test — change one byte and re-run: # → ✗ BadSignatureError — the payload does not match the signed bytes.
EVE Proof is the evidence plane of the EVE control-plane stack. It sits downstream of enforcement — it cannot change a verdict, only witness and attest it.
Straight answers to what model-risk, security, and compliance reviewers raise first.
Issue a live decision certificate and check its signature in your browser — or hand the evidence to your own auditor and watch them verify it without us.