Production Ready - Hardening Complete

The Standard for
Verifiable AI Trust

The Open Standard for Cryptographically-Verifiable AI Governance

SONATE Trust Receipt Specification v1.0 — Ed25519-signed receipts, hash-chained audit trails, independently verifiable. No vendor lock-in. No backend required.

Trust Receipt
VERIFIED
ID (SHA-256):f860961876968f2c...
Signature:Ed25519:f33ee6d928...
Agent DID:did:web:yseeku.com:agents:...
Chain Hash:715799d2fb16c4b6...
Trust Score:94/100 PASS

Why SONATE Exists

The Problem

  • No audit trail: AI systems make consequential decisions with zero verifiable record of what they did or why.
  • No safety verification: Enterprises have no way to independently verify that AI outputs meet governance requirements.
  • Vendor lock-in: Trust verification depends on proprietary dashboards with no interoperability.
  • Compliance gaps: Regulators have no standard way to audit AI behavior across organizations.

The SONATE Solution

  • Cryptographic proof: Ed25519-signed receipts for every AI interaction. Tamper-evident via hash chains.
  • Independent verification: Verify receipts in-browser with zero backend dependency. Full audit trail available.
  • Open standard: RFC 8785 canonicalization, W3C DIDs, cross-language SDKs. No vendor lock-in.
  • Compliance-ready: GDPR, HIPAA, SOC2, NIST-aligned. Privacy-by-default.
February 21, 2026

SONATE Hardening Sprint Complete

From research prototype to production-ready enterprise platform in one intensive sprint.

3,200+

Lines of Code

90+

Regression Tests

380

Line Specification

0

Security Issues

RFC-Style Specification
Python SDK (PyPI-Ready)
Policy Engine (3 Policies)
Verification Playground
Multi-Model Examples
Cross-Language Tests

Cryptographic Trust Infrastructure

Real cryptography, not just hashing. Ed25519 signatures, W3C Decentralized Identifiers, and hash-chained receipts you can verify independently.

Live

Ed25519 Signed Receipts

Every interaction signed with Ed25519 digital signatures. Hash-chained for tamper-evident audit trails. Independently verifiable.

Live

Behavioral Drift Detection

Detects significant shifts in reasoning patterns, output volatility, or policy alignment across sessions.

Live

Embeddable Trust Status Badge

Real-time AI trust state, embeddable like an SSL status indicator.

Live

Tactical Replay

Time-travel debugger for AI conversations. Scrub through interactions, see trust scores evolve, replay identity shifts.

Live

Real-time Policy Scoring

Each response scored against six enforceable governance constraints. Adds <50ms overhead per interaction. Scores from 0–100 with detailed breakdowns.

Live

W3C DID Integration

Decentralized Identifiers for platform and agents. Standard did:web method with public key resolution.

The SONATE Trust Protocol

Each response scored against six enforceable governance constraints. Adds <50ms overhead per interaction. The weighted scores combine into a single trust score (0–100) that determines policy compliance.

25%
Consent Architecture
Explicit user consent for AI interactions
20%
Inspection Mandate
All AI decisions must be auditable
20%
Continuous Validation
Ongoing behavior monitoring
15%
Ethical Override
Humans can always override AI
10%
Right to Disconnect
Users can opt out anytime
10%
Moral Recognition
Respect for human agency
94
Trust Score
Consent Architecture96%
Inspection Mandate92%
Ethical Override95%

The SONATE Architecture

Cryptographic proof-of-behavior for every AI interaction. Four-step pipeline from request to independent verification.

Step 1

AI Call Instrumented

wrap() hooks OpenAI, Anthropic, Gemini, or local LLM

Step 2

Receipt Generated

Canonical JSON → SHA-256 hash → Ed25519 signature

Step 3

Hash-Chained

Tamper-evident temporal ordering. Prevents insertion/deletion.

Step 4

Independently Verified

Browser verification. Zero backend. No vendor lock-in.

Performance Guarantees

<50ms

Verification latency per receipt

<5KB

Memory per receipt

0

Backend dependencies

Verify Any Receipt — In Your Browser

This is your strongest proof point. Paste a receipt and verify the signature, hash chain, DID identity, and privacy mode — all without touching a backend.

Test the Playground Now

Load a sample receipt, inspect every field, and verify the cryptography. No signup. No data collection. Pure verification.

Verification is available as a TypeScript SDK, Python library, or standalone web component.

For Developers

One-line wrap(). Full support for OpenAI, Anthropic, Gemini, and local LLMs. TypeScript or Python.

TypeScript

import { wrap } from '@sonate/sdk';

const receipt = await wrap(
  client.chat.completions.create,
  { model: 'gpt-4', messages }
);

// receipt is signed Ed25519

Python

from sonate.sdk import wrap

receipt = await wrap(
  client.messages.create,
  model='claude-3-opus',
  messages=[...]
)

# receipt is signed Ed25519

Supported AI Platforms

OpenAIAnthropicGoogle GeminiLocal LLMsCustom Functions

For Enterprises

Governance infrastructure that scales. Policy engine, privacy-by-default, DID-based identity.

Policy Engine v1

Built-in Safety, Hallucination, and Compliance policies. Extensible JSON Schema rules.

Privacy-by-Default

Hash-only mode for GDPR/HIPAA. Never transmit raw content without consent.

W3C DID Identity

Decentralized identifiers for platforms and agents. Standard did:web with public key resolution.

Zero-Backend Verification

Enterprise customers can verify receipts without calling home. Full audit autonomy.

NIST/ISO Alignment

Mapped to NIST SP 800-32, ISO 27001, SOC2 Type II, and GDPR Article 22.

Custom Policy Support

Build domain-specific policies. Patent scores, medical accuracy, regulatory compliance.

For Auditors & Regulators

Standard audit evidence. Deterministic. Independently verifiable. Compliance-mapped.

What You Get

  • Hash-Chained Audit Trail — Proof of temporal ordering. Prevents insertion/deletion/reordering.
  • RFC 8785 Determinism — Canonical JSON. Same input → identical hash across implementations.
  • Ed25519 Signature Verification — Public key resolution via W3C DID. Standard cryptography.
  • Test Vectors — Interoperability examples. Verify against SONATE or third-party implementations.

Compliance Mappings

  • GDPR Article 22 — Right to explanation. Audit trail proves human oversight.
  • HIPAA § 164.312 — Audit controls. Hash-only mode for patient privacy.
  • SOC2 Type II — Trustworthiness. Cryptographic proof of behavior.
  • ISO 27001 — Information security. Tamper-evident receipts satisfy A.12 controls.

SONATE vs Alternatives

How SONATE compares on the features that matter most.

FeatureSONATEObservability ToolsSafety FiltersLogging Systems
Cryptographic Receipts
Zero-Backend Verification
Privacy-by-Default (Hash-Only)
Multi-Model Support
Policy Engine
Open Specification
Cross-Language SDKs

Open Verification, Protected Core

We believe in transparency for trust verification while protecting the innovation that makes it possible.

Verification SDK

MIT License

Independently verify trust receipts in your own applications. Full Ed25519 signature verification, chain hash validation, and TypeScript support.

  • Node.js & browser support
  • Zero dependencies
  • Full TypeScript definitions
View on GitHub

Core Platform

Proprietary

The policy engine, trust scoring algorithms, and receipt generation are proprietary. Source available for transparency, commercial licensing available.

  • Policy engine & scoring
  • Receipt generation & signing
  • Enterprise dashboard
Enterprise Licensing

Why this model? Anyone can verify receipts independently (trust), but the core technology remains protected (business sustainability).

Your SONATE Conversion Path

From curiosity to production deployment in five steps.

1

Understand the Standard

Read the 380-line RFC-style specification. Understand the cryptography.

Read Spec
2

Instrument Your First Call

One-line wrap(). Works with OpenAI, Anthropic, Gemini, local LLMs.

Get Started
3

Verify a Receipt

Paste JSON in the playground. Verify signature, chain, DID, privacy mode.

Try Verification
4

Explore the Dashboard

See all receipts, trust scores, policy violations, audit trails.

Full Demo
5

Launch Your Pilot

Work with our team on a 12-week pilot. $50K-150K typically.

Request Pilot

Ready to Build Verifiable AI?

SONATE is production-ready today. Start with the verification playground, read the spec, or schedule a governance demo with our team.