§0 Deterministic Attestation Contract
RFC 8785 canonical JSON + SHA-256. Same inputs always produce the same manifest hash, byte-for-byte. Cross-language test vectors verified by parallel Go and Python implementations.
Roadmap
Most vendors hide their roadmaps. Verdifax publishes because every claim should be auditable , today by running the open verifier, and tomorrow by the same standard once specialists land.
▣ Tier 1
Provable in production. Every item below is running on api.verdifax.com right now and independently verifiable.
RFC 8785 canonical JSON + SHA-256. Same inputs always produce the same manifest hash, byte-for-byte. Cross-language test vectors verified by parallel Go and Python implementations.
Stages 1-4: Deterministic Oracle Gateway, Transport Layer, Kernel Execution Controller, Attestation Execution Record. Every external input is canonically encoded, sequenced, dispatched, and aggregated into a tamper-evident record.
AI Verification Protocol governance running against the live Anthropic Claude API. Every governed run binds the AI output text into a sealed PIA hash. Adapter ID surfaced honestly in every audit PDF.
Signed PSL policies evaluated before any kernel runs. Issues either a sealed AllowToken (admit) or a sealed DenyReceipt (reject). Threshold-signed policy support; malicious-content detector consulted on every evaluation.
Per-run + cumulative tenant budget monitoring. Halts mid-flight when token / cost / time limits breach. Sealed CCVHaltReceipt or MACCHaltReceipt preserves the original AllowToken hash + partial-execution hash.
Every execution is bound to a specific actor identity via Ed25519 signature over the AER. Public-key registered against the API key at first use; signatures verifiable offline.
AES-256-GCM envelope encryption with per-record DEKs. Erasure destroys the DEK, plaintext mathematically unrecoverable, manifest seal preserved. 17 unit tests; designed for GDPR Art. 17 / HIPAA §164.530(j).
Control & Enforcement System applies classification + retention to every run. Legal Translation Compiler maps manifest fields to a jurisdiction-correct LegalEvidenceArtifact with US (FRE 901, FRCP 26), EU (eIDAS, GDPR Art. 22), and UK (PACE 1984) claim sets.
Admission-time gap check: policies require specific AttestedContext fields before a run is admitted. Missing-field denials produce sealed AttestationGapReceipt artifacts. Four starter profiles ship today: healthcare, financial governance, internal audit, GDPR-aligned.
Every successful run is committed as a hashedrekord entry on rekor.sigstore.dev, the same public transparency log used by the Linux kernel and major open-source releases. Production mode is live; the audit PDF discloses ledger mode honestly on every run, and the orchestrator halts hard on Rekor unreachability (no silent fallback to mock).
Receipt-style legal evidence document for every run. MIT-licensed verdifax-verify CLI recomputes every canonical hash offline. Four SDK clients (Python, Go, Node, R) with full parity, retry transports, and typed errors.
The CRES master encryption key lives inside AWS KMS so the KEK is held in a FIPS 140-2 Level 2 HSM. Backs formal compliance claims under HIPAA §164.312(a)(2)(iv), PCI-DSS §3.5–3.6, FedRAMP, and NIST 800-53 SC-12/SC-13. Migration from Fly secret store completed.
Every base image SHA-pinned. Cargo with --locked, Go with -trimpath. SOURCE_DATE_EPOCH plumbed through Rust + Go stages. Standing CI 'double-build verification' gate. Customer-facing reproducer recipe published.
POST /execute/batch attests N rows in a single round-trip with per-row error handling. Single-transaction SQLite inserts (one fsync vs N) and aggregated per-tenant counter updates keep throughput high; PEPG, CCV, MACC, and AIVP-T4 halt receipts are preserved per-row. Demonstrated ~1,500 attestations/sec end-to-end against production. Real-time / microsecond HFT remains a Tier 3 specialist build.
Category 6 ReproducibilityContext is bound into every audit bundle: runtime version, pinned dependencies, git SHA, declared random seeds, platform descriptor, optional container image hash. POST /execute/verify-determinism runs a payload twice and grounds the determinism flag on manifest-hash equality. Ships with Python (`pip install verdifax`) and R (`remotes::install_github("Verdifax/verdifax-sdk-r")`) wrapper SDKs, a Jupyter notebook, an R Markdown template, and the /research/ guide on docs.verdifax.com.
◇ Tier 2
Scoped, not started. Each item is designed and ready to build but paused pending acquirer resourcing or first-pilot commitment. Listed publicly so buyers can see the next layer of scope they would inherit.
Authenticated portal where customers see their API key, browse run history, download audit PDFs, and rotate keys self-service. Design and API surfaces are scoped (sits on existing endpoints, no new orchestrator work). Build paused pending acquirer resourcing or first-pilot commitment.
API keys would provision in trial mode on first issue and promote to production on first paid invoice via Stripe webhook. Trial keys would carry lower per-run quotas so customers can validate integration before commercial commitment. Build paused; commercial gating shape will be set by the acquirer's billing posture.
Full translation of the marketing site (chrome, page bodies, legal documents) into Spanish and German. The footer language switcher already exposes both locales as 'Coming soon' to signal intent. Shipping is gated on native-speaker translation services and jurisdiction-specific legal review: Spanish-language privacy policy and terms must comply with Mexican LFPDPPP / Argentine PDPA / Spanish data-protection law; German equivalents with DSGVO nuance. Deliberately deferred until copy stabilizes post-pilot so legal review happens once against settled text.
◌ Tier 3
Real engineering, not marketing. Each item requires a specific specialist Verdifax doesn't yet have on the team. Listed publicly because honest sequencing matters.
Cryptography
Replaces the deterministic R1CS hash facade with a real winterfell STARK/FRI prover. R1CS → AIR adapter, multi-prover equivalence, cross-toolchain reproducibility CI.
Transcript proof, hardware attestation proof, leakage upper bound. Each step requires defining a proof property mathematically and proving it preserves chain security.
Lean 4 development tree (Pipeline.lean, Canonical.lean, R1CS.lean, Determinism.lean), the pipeline_determinism theorem, axiom-audit CI to catch sorry / non-constructive axioms.
3-of-5 threshold MPC quorum producing quorum-attested authorization. Threshold cryptography (BLS or Schnorr-based) and TEE-attested coordinator nodes.
Hardware
Provisioning a confidential VM (AWS m6a SEV-SNP, Azure DC2as_v5, or GCP n2d) and implementing tpm2_quote + TPMS_ATTEST parsing. Single-platform first.
Production HRIA + HAER + HIP across TPM 2.0, AMD SEV-SNP, and Intel TDX. Each platform has its own attestation primitives, certificate chains, PCR semantics.
Distributed Systems
Deterministic networking layer with zoned routing and Byzantine Fault Containment. Network-level determinism (no retries, no reordering across nodes) is research-grade work.
Bespoke 21-node Byzantine consensus implementing native Proof of Temporal Execution. Long-term replacement for the Sigstore dependency. Until it ships, runs anchor on Sigstore Rekor.
AI Safety
Defines new AI verification properties on emerging model architectures (multi-agent systems, tool-using agents, recursive reasoning). Continues the AIVP family beyond what current AIVP covers.
Capital Markets
Real-time / microsecond trading attestation. Replaces the per-decision REST round-trip with an in-process attestation library (Go / Rust / C bindings) that seals each decision locally, batches sealed records into a periodic uplink to the Verdifax orchestrator, and produces the same audit bundle shape as the live REST path. Unblocks the high-frequency trading TAM where current REST throughput (~thousands/sec) is insufficient.
Sustainability
Multi-tier supply-chain carbon attestation across Scope 1, 2, and 3.1-3.15 with LCA database integrations (ecoinvent, GaBi, GHG Protocol product factor sets). TCFD and SEC Climate Rule reporting templates, supplier attribution graphs, automated emission-factor version pinning. Promotes ESG carbon attestation from POC scope to enterprise-deployable.
Industrial Provenance
VIN-anchored or battery-anchored event chains: manufacturing genesis, ownership transfer, recall remediation, repair lineage, odometer attestations, and EV battery health under EU Battery Regulation 2023/1542 (digital passport mandate, Feb 2027 deadline for ≥2 kWh industrial / EV batteries). Verdifax's existing DOG truth admission, PEPG policy gates, NREP actor signing, and AER lineage primitives apply directly. What requires specialist work: OEM / insurer / DMV ecosystem integration, real-time telemetry ingestion at vehicle-fleet scale, and production-grade hardware attestation that an ECU actually emitted the signed telemetry.
System Maturity Disclosure
Every Verdifax audit bundle carries three open scaffold categories today, each named in the orchestrator code, surfaced in every audit PDF, and printed by the independent verifier under verdifax-verify --show-evidence-summary:
hardware_attestation.scaffold), activates on confidential-compute silicon with vendor-rooted certificate-chain verification.transcript.scaffold), activates when the winterfell AIR adapter ships and validates determinism across three Rust toolchains.zksp_binding.scaffold), activates when the Lean 4 development tree carries the pipeline-determinism theorem.Full per-declaration detail, with the precise activation condition for each, is published at docs.verdifax.com/concepts/scaffold-gaps.
There is no silent fallback anywhere in the stack. The verifier's --strict mode exits non-zero whenever any scaffold flag is set, so a strict pass means every value in the bundle is rooted in real cryptography.
If a specific item is what your organization needs, whether it's shipping today or scheduled for the specialist roadmap, reach out. Pilot deployments help us prioritize what ships next.
Last updated: