Cryptographic evidence
for enterprise AI.
Every AI invocation produces a signed, hash-chained, tamper-evident receipt. Auditors, regulators, and insurers verify it independently with only the public key — no platform dependency.
npm install @askledger/receipts-sdk
View on npm →
The frameworks tell you what to do. The infrastructure to do it cryptographically did not exist — until now.
EU AI Act, UAE CBUAE Federal Decree-Law No. 6, SAMA, NIST AI RMF, ISO 42001, SR 26-2, PRA SS1/23, RBI FREE-AI — all demand evidence of what AI did, by whom, under what policy. Most enterprises fall back to spreadsheets and self-attestation. Then the regulator asks for proof.
Sep 16, 2026 · AED 1 B fines
Federal Decree-Law No. 6 of 2025 transitional deadline. Every UAE bank needs cryptographic AI evidence within weeks.
Aug 2, 2026 · High-risk obligations
Annex IV technical documentation becomes mandatory for high-risk AI systems. Audit-grade evidence required.
$9.1 B AI investment · $20 B+ committed
Saudi 2026 Year of AI. The largest concentrated buying wave in MENA history; every Tier-1 bank in scope.
Three primitives. Mathematical guarantees.
Wire-format compatible across five languages. Independent verifier ships with every SDK. No magic.
Canonical hashing
RFC 8785 (JCS) gives every receipt a single deterministic byte representation. SHA-256 of those bytes is the receipt_hash. Any TypeScript, Python, Go, Rust, or Java client produces the same hash for the same input — proven by shared conformance vectors.
Per-tenant hash chain
Every receipt's previous_receipt_hash binds it to the one before. Modify any historical receipt and every subsequent receipt's verification breaks. Periodic Merkle root commits to a transparency log make truncation detectable too.
HSM-backed signatures
Ed25519 over the canonical bytes. Private key never leaves the HSM (AWS KMS, Azure Key Vault Managed HSM, GCP KMS, or PKCS#11 — Thales, Entrust, CloudHSM). Optional RFC 3161 timestamps tie each signature to absolute time.
+ Cost discipline + ESG + insurance — v0.7
Every receipt now carries cost (USD), carbon (g CO₂e), and a cascade-savings ledger. Built-in modules: model-fit score, dedup cache, budget guard, recommendations engine, insurance underwriting bundle, MRM workpaper exporter, public benchmark scoring. 8 of 13 pillars shipping in code.
Built like the platforms it sits next to.
Open-core. Five language SDKs. Vendor-neutral HSM. Real workflows. Zero Trust ready.
5 SDKs · wire-format conformant · CL1/CL2/CL3 conformance suite
9 native integrations · IDE · agents · gateways · one install per surface
11 AI vendors · receipts emitted natively
4 HSM drivers · FIPS-validated providers
Every receipt is content-checked before it's signed.
Inline detection runs in < 1 ms — pure heuristics, no LLM call, no third-party AI dependency. Findings flow into the receipt's payload.metadata.safety block so the audit trail proves the bank caught the event.
PII detection
Regex + checksum validation across 14 categories — emails, US SSN, credit cards (Luhn), IBAN (MOD-97), UAE Emirates ID, Saudi national ID, Indian Aadhaar, API keys, wire references, customer IDs. Inline. Deterministic. Auditable.
Prompt injection
Twelve categories caught — instruction override, role injection, system-prompt leak, DAN jailbreaks, delimiter injection, encoded payloads, tool override, policy bypass. Deterministic. No second LLM in the loop.
Shadow AI
Identifies AI calls bypassing the corporate gateway: consumer endpoints (chatgpt.com, claude.ai), unapproved vendors, unapproved model versions, unapproved source systems. Pillar 6 of the platform architecture.
See it in the demo →
Click any receipt in the demo. You'll see PII matches highlighted, prompt-injection patterns called out, and a clear allow / flag / block verdict — each one signed into the receipt.
Even we can't rewrite history.
A public RFC 9162 append-only Merkle tree. Every receipt batch lands in the log. Every five minutes a Signed Tree Head is published. Inclusion proofs and consistency proofs are queryable by anyone.
Append-only
RFC 9162 leaf/internal prefix scheme (second-preimage safe). Once a receipt's leaf hash is committed, removing it requires breaking SHA-256 — which has no known practical break.
Signed Tree Heads
Every 5 minutes the log signs {tree_size, root_hash, timestamp, log_id} with the operator key. Anyone holding any historical STH can detect log rewrites.
Independent verification
Auditors paste a receipt + inclusion proof + the public STH chain. The verifier confirms inclusion mathematically. No call to the log operator required.
The SSL Labs A+ for AI trust.
A public 0-100 score + letter grade per tenant, computed from five weighted sub-scores: coverage, verification, safety hygiene, regulatory alignment, transparency log participation. Embeddable as an SVG badge in annual reports, RFP responses, AI disclosures.
25%
What share of AI traffic produces a receipt
25%
What share of receipts pass independent verify
20%
PII / injection / shadow-AI findings handled
15%
How many of the 5 regulator templates the receipts cite
15%
What share of receipts reach the public log
Sample embedded badge
Banks embed this SVG in their AI disclosure pages. Auditors click it to verify the underlying receipts. Boards reference it like an ESG rating.
For developers. By default private.
Captures every prompt you send to ChatGPT, Claude, Gemini, Copilot, Perplexity, Hugging Face. Signs a cryptographic receipt locally. Your private key never leaves the browser. Optional opt-in ship-to-corporate-IT for shadow-AI visibility — but the default is stays on your machine.
Private by default
Keypair generated locally. Receipts encrypted at rest. The raw prompt text never leaves your browser — only the SHA-256 hash is recorded. Same Ed25519 + RFC 8785 cryptography as the production SDK.
You see your AI footprint
Click the extension icon — see every consumer-AI request you've made, which vendor, when, hash-chained. Export as JSON. Useful for self-attribution when reviewing pull requests or RFP responses.
CISO opt-in
Configure a corporate ingest URL with your consent. Receipts are shipped (metadata only — never prompt text). Your CISO finally sees the shadow-AI inventory their network DLP cannot.
Composes with the frameworks your board reads.
Project Ledger ships open adapters for published industry frameworks. Receipts automatically cite which pillars, towers, or principles they contribute evidence toward — alongside the regulator articles.
QAG · Quantitative AI Governance
Five-pillar framework for scaling AI with measurable trust. Receipts populate every pillar with cryptographic measurement.
QAIS · Quantitative AI Security
Three towers for breach-proof AI. The safety and Zero Trust modules implement each tower as live enforcement.
AI Agency · Exponential Experience
Seven-pillar framework for deploying AI agents at scale. The agent capture adapter writes receipts for every pillar's measurable output.
Day-one compliance — five regulators, pre-mapped.
Every receipt automatically cites the regulator articles it satisfies. No policy consulting. No template build-out. The receipt fields ARE the evidence the inspector reads.
Responsible AI · 5 principles + Article 184
Maps to the Feb 2026 guidance. Sealed evidence pack ready for the September 16, 2026 transitional inspection. Receipt fields auto-satisfy each principle.
Reg. 2024/1689 · 8 articles
Article 9 risk management, Article 11 + Annex IV technical docs, Article 12 logs, Article 14 oversight, Article 15 robustness, Article 50 GenAI transparency. Aug 2, 2026 high-risk deadline.
AI Adoption Framework · 5 tier controls
Inventory · KSA data residency · decision logging · ECC-1 cybersecurity · customer recourse. Aligned with Saudi PDPL and Vision 2030.
AI Management Systems · 6 Annex A controls
The international AI management standard. Already appearing in ~40% of EU enterprise AI RFPs. Receipts populate the AIMS documentation.
Voluntary · 5 mapped controls
GOVERN · MAP · MEASURE · MANAGE. Used by US federal contractors and the CO / CA / NY state AI bills.
SR 26-2 · PRA SS1/23 · RBI FREE-AI
Shipped in v0.6 — HIPAA, FedRAMP, ISO 27001, GDPR · plus PR-ready scaffolds for SR 11-7, OSFI E-23, PRA SS1/23, RBI FREE-AI. Same template format — community contributions welcome.
Open standards. Open code. Open verification.
No vendor lock-in. No black box cryptography. Every claim verifiable against published RFCs and the public spec.