Production Ready - Hardening Complete

The Standard for
Verifiable AI Trust

The Open Standard for Cryptographically-Verifiable AI Governance

SONATE Trust Receipt Specification v1.0 — Ed25519-signed receipts, hash-chained audit trails, independently verifiable. No vendor lock-in. No backend required.

Trust Receipt
VERIFIED
ID (SHA-256):f860961876968f2c...
Signature:Ed25519:f33ee6d928...
Agent DID:did:web:yseeku.com:agents:...
Chain Hash:715799d2fb16c4b6...
Trust Score:94/100 PASS
See It In Action

Platform Demo

Watch SONATE in action — from trust receipt generation to the full governance dashboard.

Full Platform Walkthrough

Complete overview of the SONATE governance dashboard — agents, trust scores, Overseer brain cycles, compliance reports, and real-time monitoring.

Trust Receipt Flow

See Ed25519-signed trust receipts generated in real-time — hash-chained, independently verifiable, with full SONATE principle scoring.

Why SONATE Exists

The Problem

  • No audit trail: AI systems make consequential decisions with zero verifiable record of what they did or why.
  • No safety verification: Enterprises have no way to independently verify that AI outputs meet governance requirements.
  • Vendor lock-in: Trust verification depends on proprietary dashboards with no interoperability.
  • Compliance gaps: Regulators have no standard way to audit AI behavior across organizations.

The SONATE Solution

  • Cryptographic proof: Ed25519-signed receipts for every AI interaction. Tamper-evident via hash chains.
  • Independent verification: Verify receipts in-browser with zero backend dependency. Full audit trail available.
  • Open standard: RFC 8785 canonicalization, W3C DIDs, cross-language SDKs. No vendor lock-in.
  • Compliance-ready: GDPR, HIPAA, SOC2, NIST-aligned. Privacy-by-default.
February 21, 2026

SONATE Hardening Sprint Complete

From research prototype to production-ready enterprise platform in one intensive sprint.

10

Core Packages

28+

Backend Services

30+

Dashboard Pages

3

Cross-Language SDKs

RFC-Style Specification (380 lines)
Autonomous Overseer Agent
Emergence Detection (Bedau Index)
Multi-Model Comparison Lab
Real-time Governance Dashboard
90+ Regression Tests

Cryptographic Trust Infrastructure

Real cryptography, not just hashing. Ed25519 signatures, W3C Decentralized Identifiers, and hash-chained receipts you can verify independently.

Live

Ed25519 Signed Receipts

Every interaction signed with Ed25519 digital signatures. Hash-chained for tamper-evident audit trails. Independently verifiable.

Live

Behavioral Drift Detection

Detects significant shifts in reasoning patterns, output volatility, or policy alignment across sessions.

Live

Embeddable Trust Status Badge

Real-time AI trust state, embeddable like an SSL status indicator.

Live

Tactical Replay

Time-travel debugger for AI conversations. Scrub through interactions, see trust scores evolve, replay identity shifts.

Live

Real-time Policy Scoring

Each response scored against six enforceable governance constraints. Adds <50ms overhead per interaction. Scores from 0–100 with detailed breakdowns.

Live

W3C DID Integration

Decentralized Identifiers for platform and agents. Standard did:web method with public key resolution.

Beyond Static Rules

The Overseer: Autonomous AI Governance

Static policy engines catch known violations. The Overseer is a constitutional governance agent that continuously monitors, reasons about, and adapts to emergent AI behavior — operating under a Trust Kernel that defines what it can and cannot do.

1

Sense

Ingest trust receipts, alerts, drift signals in real-time

2

Analyze

Evaluate patterns against constitutional principles

3

Plan

Generate governance actions within Trust Kernel bounds

4

Execute

Apply mitigations: re-prompt, constrain, escalate, or refuse

5

Measure

Track intervention effectiveness via CIQ metrics

6

Learn

Adapt governance strategies based on outcomes

Emergence Detection

Uses the Bedau computational emergence index to detect novel behavioral patterns that don't appear in any single interaction but emerge across agent workflows.

Trust Kernel

Constitutional framework defining the Overseer's own boundaries. Refusals are a feature, not a bug — the system can refuse unsafe actions even when instructed.

Live Governance Dashboard

30+ pages of real-time governance controls. Trust trends, agent comparisons, policy violations, drift monitoring, compliance reports — all live.

The SONATE Trust Protocol

Each response scored against six enforceable governance constraints. Adds <50ms overhead per interaction. The weighted scores combine into a single trust score (0–100) that determines policy compliance.

25%
Consent Architecture
Explicit user consent for AI interactions
20%
Inspection Mandate
All AI decisions must be auditable
20%
Continuous Validation
Ongoing behavior monitoring
15%
Ethical Override
Humans can always override AI
10%
Right to Disconnect
Users can opt out anytime
10%
Moral Recognition
Respect for human agency
94
Trust Score
Consent Architecture96%
Inspection Mandate92%
Ethical Override95%

The SONATE Architecture

Cryptographic proof-of-behavior for every AI interaction. Four-step pipeline from request to independent verification.

Step 1

AI Call Instrumented

wrap() hooks OpenAI, Anthropic, Gemini, or local LLM

Step 2

Receipt Generated

Canonical JSON → SHA-256 hash → Ed25519 signature

Step 3

Hash-Chained

Tamper-evident temporal ordering. Prevents insertion/deletion.

Step 4

Independently Verified

Browser verification. Zero backend. No vendor lock-in.

Performance Guarantees

<50ms

Verification latency per receipt

<5KB

Memory per receipt

0

Backend dependencies

Verify Any Receipt — In Your Browser

This is your strongest proof point. Paste a receipt and verify the signature, hash chain, DID identity, and privacy mode — all without touching a backend.

Test the Playground Now

Load a sample receipt, inspect every field, and verify the cryptography. No signup. No data collection. Pure verification.

Verification is available as a TypeScript SDK, Python library, or standalone web component.

For Developers

One-line wrap(). Full support for OpenAI, Anthropic, Gemini, and local LLMs. TypeScript or Python.

TypeScript

import { wrap } from '@sonate/sdk';

const receipt = await wrap(
  client.chat.completions.create,
  { model: 'gpt-4', messages }
);

// receipt is signed Ed25519

Python

from sonate.sdk import wrap

receipt = await wrap(
  client.messages.create,
  model='claude-3-opus',
  messages=[...]
)

# receipt is signed Ed25519

Supported AI Platforms

OpenAIAnthropicGoogle GeminiLocal LLMsCustom Functions

For Enterprises

Governance infrastructure that scales. Policy engine, privacy-by-default, DID-based identity.

Autonomous Overseer Agent

Constitutional governance brain that monitors, reasons, and intervenes autonomously — with built-in refusal capabilities.

Multi-Model Comparison Lab

Run the same prompt across OpenAI, Anthropic, Gemini side-by-side. Compare trust scores, latency, and policy compliance.

Emergence Detection

Bedau computational emergence index identifies novel patterns across agent workflows that no single interaction reveals.

30+ Page Governance Dashboard

Trust trends, agent performance, policy violations, drift monitoring, compliance reports, experiment tracking — all real-time.

Provider-Agnostic Gateway

Single API for OpenAI, Anthropic, Gemini, local LLMs. Switch models without changing governance infrastructure.

Privacy-by-Default

Hash-only mode for GDPR/HIPAA. W3C DID identity. Zero-backend verification. Full audit autonomy.

For Auditors & Regulators

Standard audit evidence. Deterministic. Independently verifiable. Compliance-mapped.

What You Get

  • Hash-Chained Audit Trail — Proof of temporal ordering. Prevents insertion/deletion/reordering.
  • RFC 8785 Determinism — Canonical JSON. Same input → identical hash across implementations.
  • Ed25519 Signature Verification — Public key resolution via W3C DID. Standard cryptography.
  • Test Vectors — Interoperability examples. Verify against SONATE or third-party implementations.

Compliance Mappings

  • GDPR Article 22 — Right to explanation. Audit trail proves human oversight.
  • HIPAA § 164.312 — Audit controls. Hash-only mode for patient privacy.
  • SOC2 Type II — Trustworthiness. Cryptographic proof of behavior.
  • ISO 27001 — Information security. Tamper-evident receipts satisfy A.12 controls.

SONATE vs Alternatives

How SONATE compares on the features that matter most.

FeatureSONATEObservability ToolsSafety FiltersLogging Systems
Cryptographic Receipts
Autonomous Governance Agent
Emergence Detection
Zero-Backend Verification
Privacy-by-Default (Hash-Only)
Multi-Model Comparison
Policy Engine
Open Specification
Cross-Language SDKs

Open Verification, Protected Core

We believe in transparency for trust verification while protecting the innovation that makes it possible.

Verification SDK

MIT License

Independently verify trust receipts in your own applications. Full Ed25519 signature verification, chain hash validation, and TypeScript support.

  • Node.js & browser support
  • Zero dependencies
  • Full TypeScript definitions
View on GitHub

Core Platform

Proprietary

The policy engine, trust scoring algorithms, and receipt generation are proprietary. Source available for transparency, commercial licensing available.

  • Policy engine & scoring
  • Receipt generation & signing
  • Enterprise dashboard
Enterprise Licensing

Why this model? Anyone can verify receipts independently (trust), but the core technology remains protected (business sustainability).

Your SONATE Conversion Path

From curiosity to production deployment in five steps.

1

Understand the Standard

Read the 380-line RFC-style specification. Understand the cryptography.

Read Spec
2

Instrument Your First Call

One-line wrap(). Works with OpenAI, Anthropic, Gemini, local LLMs.

Get Started
3

Verify a Receipt

Paste JSON in the playground. Verify signature, chain, DID, privacy mode.

Try Verification
4

Explore the Dashboard

See all receipts, trust scores, policy violations, audit trails.

Full Demo
5

Launch Your Pilot

Work with our team to scope and launch a governance pilot for your organization.

Request Pilot

Ready to Build Verifiable AI?

SONATE is production-ready today. Start with the verification playground, read the spec, or schedule a governance demo with our team.