EVE AI Core
EVE AI Core
Decision Certification Infrastructure
Governed Decision Certificates record what your AI decided, why enforcement ran, and what it matched — signed with HMAC-SHA256 so any party can verify the receipt without accessing the model or system that issued it.
Designed for regulated-environment teams
CoreGuard is for engineering teams running the pre-execution authority resolution pipeline. Proof is for the teams who need to demonstrate, to a regulator or a board, that authority ran — and have the cryptographic receipt to prove it.
Audit and Risk Functions
Auditors need independently verifiable records — not screenshots or logs that live inside the system under review. Proof issues certificates your audit team can verify with a single API call against a public schema, without accessing the underlying model.
Compliance and Legal
EU AI Act Article 12 mandates record-keeping for high-risk AI systems. Article 15 requires accuracy and robustness documentation. Proof is designed to generate tamper-evident records that support these obligations, with the schema and signature chain available for inspection.
AI Platform Teams
When your AI platform needs to demonstrate governance to internal stakeholders or downstream customers, Proof provides per-decision receipts that travel with the outcome — no need to maintain a separate audit database or custom logging layer.
Three-step model
Certificates are issued at decision time, stored wherever you choose, and verifiable by any party with the certificate payload — no ongoing dependency on the issuing system.
Issue
Your AI makes a decision. Proof wraps it in a Governed Decision Certificate — recording the outcome, enforcement detail, and a SHA-256 hash of the input payload. The full certificate is HMAC-SHA256 signed before it leaves the API.
POST /api/tve/governed-generate
Store
Certificates are self-contained JSON. Store them in your existing audit log, object storage, SIEM, or WORM archive. No proprietary database required. The signature chain remains verifiable regardless of where the certificate lives.
schema_version: "1.1" — stable across minor updates
Verify
Any party — your auditor, your customer, your regulator — can submit a certificate to the verification endpoint and receive a signed confirmation that the signature is intact, the schema matches, and the payload hash is consistent with the recorded decision.
POST /api/tve/verify-attestation
Live infrastructure
The endpoints below are production. Click to issue a sample certificate against a governed decision, then verify the signature chain — all in your browser.
Clicking "Issue Sample Certificate" sends a POST to the public demo endpoint /api/tve/demo-certificate, which runs the same deterministic Confidentiality Guard the production API uses against an exfiltration attempt. The response is a real, signed Governed Decision Certificate (v1.1) — issued by the eve-coreguard-confidentiality-guard signer. You can then verify its HMAC-SHA256 signature against the verification endpoint.
Certificate anatomy
The Governed Decision Certificate schema is stable. Minor revisions increment the minor version; breaking changes increment the major version and are announced with a six-month migration window.
certificate_id
Globally unique identifier for this certificate. Prefix gdc_ followed by 16 hex characters. Use this to retrieve the certificate from the API.
decision
The outcome: ALLOW (request proceeds), BLOCK (request halted), or MODIFY (request altered before execution). This is the attestable fact your auditor cares about.
Required Covered by signatureenforcement_detail.payload_hash
SHA-256 of the input payload at decision time. Proves which content was evaluated without storing the content itself in the certificate — privacy-preserving traceability.
Privacy-preserving Covered by signatureenforcement_detail.matched_vector / matched_pattern
When the decision is BLOCK, records which enforcement pillar and pattern group matched. Null when the decision is ALLOW. Enables forensic audit of why a request was blocked.
Covered by signaturesignature
HMAC-SHA256 over the canonical certificate payload (excluding the signature field itself). Verifiable against the public verification endpoint without any shared secret on the verifier side.
Required Chain-verifiableProduct positioning
CoreGuard and Proof are complementary layers. CoreGuard resolves authority before execution. Proof witnesses and certifies what the authority runtime decided. They are separate products with separate buyers.
| Dimension | EVE CoreGuard | EVE Proof |
|---|---|---|
| Role | Resolve — deterministic pre-execution authority resolution; BLOCK or ALLOW at the gate | Witness — issue a signed, verifiable receipt of what the gate decided |
| Primary buyer | CISO, CTO, AI Platform Engineering — people who run the gate | Chief Audit Officer, General Counsel, Chief Compliance Officer — people who prove the gate ran |
| Pricing model | Infrastructure license — flat or tiered by deployment scale | Per-certificate issuance — you pay only for decisions you need receipts for |
| When it runs | Pre-execution — inside the enforcement pipeline, before any model call | Around execution — wraps the enforcement outcome in a signed, portable artifact |
| What you keep | A verdict and an audit log entry tied to your infrastructure | A self-contained, independently verifiable receipt that outlives the system that issued it |
Regulatory context
Proof is not a certification authority, and we make no claim that using it automatically satisfies any regulatory requirement. These frameworks informed the design of the certificate schema and verification architecture.
Article 12 and Article 15
Article 12 of the EU AI Act requires providers of high-risk AI systems to maintain logs that enable post-market monitoring. Article 15 addresses accuracy, robustness, and security. The Proof certificate schema is designed to support these record-keeping obligations by generating tamper-evident, independently verifiable records at the point of each AI decision.
Scope: High-risk AI systems under Annex III; HMAC chain supports Article 12(1) log integrity requirements
MEASURE function — AI-1.2
The NIST AI Risk Management Framework's MEASURE function calls for ongoing evaluation of AI system behavior, including AI-1.2 which addresses measurable criteria for trustworthiness. Proof supports this by providing machine-readable, verifiable records of enforcement decisions that can feed into risk measurement workflows and governance reporting dashboards.
Relevant subcategory: AI-1.2 — Methods and metrics for trustworthiness evaluation
Tamper-evident audit trail
SOC 2 Type II engagements evaluate whether controls operate effectively over a defined period. The HMAC-SHA256 signed certificate chain is designed to provide a tamper-evident audit trail that an auditor can independently verify, supporting the availability and security trust service criteria relevant to AI decision systems. A SOC 2 audit of the Proof infrastructure is in progress.
Trust service criteria: Availability, Security — CC6, CC7 control families
Transparent pricing
Every tier includes unlimited verification. Verification is included at 10x the issuance volume — issue 1,000 certificates, verify up to 10,000 per month at no additional charge.
Decision certificate and audit evidence pricing.
Starter
$349 /mo
1,000 certificates / month
Growth Popular
$1,499 /mo
25,000 certificates / month
Enterprise
Custom
Unlimited certificates
Verification is included at 10x the issuance volume. Overage verifications billed at $0.0001 each. Prices in USD, billed monthly.
Common questions
A certificate contains: a unique certificate_id, the schema version (1.1), the decision outcome (ALLOW, BLOCK, or MODIFY), an enforcement_detail block recording what matched (or null if nothing matched), a SHA-256 hash of the input payload, the UTC timestamp of issuance, and an HMAC-SHA256 signature over the canonical payload. The input payload itself is never stored inside the certificate — only its hash — so the certificate is safe to transmit and store without exposing the original content.
The verification endpoint (POST /api/tve/verify-attestation) is a live service. During the verification call, the service confirms the HMAC-SHA256 signature is intact, that the schema matches the declared version, and that the payload hash is internally consistent. You do not need access to the original model, the enforcement pipeline, or any internal EVE infrastructure to call this endpoint — only the certificate JSON. For archival verification beyond the platform's retention window, Enterprise plans support private deployment where you hold the signing key.
Certificate signatures do not expire — an HMAC-SHA256 signature over a static payload remains verifiable indefinitely as long as the signing key is available. Retrieval via the GET /api/tve/certificates/{cert_id} endpoint is available for 30 days on Starter, 12 months on Growth, and custom periods on Enterprise. Certificates are self-contained JSON, so you can export and archive them in your own storage system for as long as you require — the signature remains verifiable against the verification endpoint independently of the platform retention window.
The current version of Proof is integrated with the EVE enforcement pipeline — certificates record the outcome of EVE's governance gate. The governed-generate endpoint accepts a decision_input payload and runs it through the full enforcement stack before issuing the certificate. Integration with third-party AI systems — where EVE acts as a governance proxy for decisions made by an external model — is on the Enterprise roadmap. Contact sales if this is a requirement.
CoreGuard is the enforcement engine — it decides whether a request is ALLOWED, BLOCKED, or MODIFIED using 126 deterministic enforcement pillars. Proof is the certification layer — it wraps the CoreGuard decision in a signed, portable certificate. CoreGuard runs whether or not you use Proof. Proof is an optional layer for teams that need to produce independently verifiable records of what CoreGuard decided, for audit, compliance, or contractual purposes. You can use CoreGuard without Proof; you cannot use Proof without CoreGuard in the current architecture.
A SOC 2 Type II audit of the Proof infrastructure is currently in progress. The certificate issuance and verification pipeline is designed to satisfy the availability and security trust service criteria — specifically the CC6 and CC7 control families — but we have not yet received a report opinion. We will communicate the audit status and results to customers directly when available. If SOC 2 attestation is a blocking requirement for your procurement, please contact sales to discuss our current readiness documentation and expected timeline.
EVE Proof is volume-priced Decision Certification. Every AI decision becomes a signed, independently verifiable HMAC-SHA256 Governed Decision Certificate.
Governed Decision Certificates support the record-keeping obligations of EU AI Act Article 12 and Article 15.
Yes. Verification is independent and offline — a certificate can be validated with no dependency on the issuing system.
Proof is priced per certificate on a volume basis and pairs with any CoreGuard enforcement or enterprise license.