Provenance

Prove what your AI actually generated.

Every Provenance report ships with a signed manifest: input hash, output hash, a timestamp anchored to a public entropy beacon, and an Ed25519 signature from an independent physical witness. Anyone you hand the report to verifies it in their own browser — no account, no tooling, no calling us. Built for legal, financial, and regulated workflows where “we ran it through a model” needs to survive discovery.

This page demonstrates the claim by proving itself. The manifest below is the signed record of this site's own deploy — including the bytes of the page you are reading.

Talk to us

manifest: /attest/site/latest.json · reproduce offline: attest/verify.sh

Workflow · 01

How it runs.

Signing rides alongside your existing pipeline. Nothing about how you produce reports changes; what changes is what you can hand to an inspector.

/01

Generate as usual

Your reports are produced however you produce them today. At delivery time, the inputs and outputs are hashed — the content itself never leaves your custody.

/02

Witness signs

An independent, separately controlled witness device reads the current public beacon pulse and signs the record against it. The witness shares no infrastructure with the systems producing the reports.

/03

Anyone verifies

The manifest is published at a stable URL. Counsel, auditors, and counterparties verify the signature in their own browser against a public, pinned Ed25519 key — in seconds, without contacting us.

Buyer · 02

Why this exists.

/01

Litigation defense

Opposing counsel claims your AI analysis was retrofitted post-hoc. Hand them a signed manifest, an immutable timestamp on the public beacon, and a witness pubkey they can verify from their laptop.

/02

EU AI Act log retention (Article 26)

Deployer log retention demands “we used model X on data Y at time Z” kept for ≥6 months. Provenance answers it cryptographically — a checked box, not a paragraph. Article 13 documentation and human-oversight obligations are organizational deliverables; Provenance covers the log-retention slice.

/03

Internal audit

SEC, FCA, internal risk. “Prove the AI was used correctly, not after the fact.” Signed timestamps from a witness you don't control. The auditor verifies it in their browser; no audit log to argue about.

/04

Adversarial provenance

Intelligence and journalism workflows where the source matters. “Yes that's our analysis, here's proof of when it was generated. Verify it yourself.” The deepfake era's antibody.

Architecture · 03

The chain.

your input sha-256 prompt_hash
model output sha-256 response_hash
timestamp ISO-8601 UTC

all of the above canonical message sha-256 inner_digest

the witness reads the current public beacon pulse pulse_id, value_hex
the witness Ed25519-signs attest|v1|inner_digest|pulse_id|value_hex|witnessed_at

the manifest is published at a stable URL
the proof runs in any modern browser: crypto.subtle.verify

We never claim zero trust. We claim minimal, explicit, one-time trust: pin the witness key once — out of band, from the public repo — and verify everything after, forever, without us in the loop.

Press it · 04

Verify one right now.

This button verifies a real, rotating attestation: the entropy beacon's latest signed physics frame. Your browser fetches the manifest, re-derives the artifact hash, and checks the witness signature — if the frame has rotated past the signed one, the proof reports that honestly.

No JavaScript? Fetch /entropy/frame/latest.attestation.json and reproduce every check offline with attest/verify.sh from the public site repo.

Comparison · 05

What vendor logs can't do.

Model vendors

  • Sign their own outputs with their own key
  • You're trusting their audit log, not cryptography
  • No third-party witness
  • No public timestamp anchor
  • “Trust the vendor”

Ledatic Provenance

  • Signed by an independent witness — not the model host
  • Public Ed25519 keys, browser-verifiable signatures
  • Witness device separately controlled and inspectable
  • Chained to a public entropy beacon you can read yourself
  • “Trust the cryptography”
Operated · 06

This isn't a whitepaper.

We shipped this in production. A 30-day commercial engagement ran its client deliverables through the witness chain — signed manifests, public verification pages. Closed 2026-05-12, paid in full. The witness infrastructure has signed the public beacon's observations continuously since April 2026, and the page you are reading is published through the same discipline: a signed deploy manifest, checked against the served bytes in your browser.

FAQ · 07

Common questions.

How is this different from a model vendor signing my output?
A vendor signs with a key they control, against an audit log they maintain. You're trusting them. Here, the signature comes from a witness that is independent of the report generator, verifiable against a public Ed25519 key, chained to a public beacon. Anyone can verify the chain end-to-end without contacting us.
What is the witness?
A dedicated, separately controlled physical signing device that shares no infrastructure with the systems producing the reports. Independence is the feature: its public keys are published, pinned in this site's verifier, and available out of band from the public repo.
What if the witness is down or compromised?
If the witness is unreachable at sign-time, the report is delivered unsigned with a clear “unwitnessed” disclosure — no false claims. Larger engagements provision a secondary witness so single-node outages don't block signing. If a key were ever compromised we publish a revocation and rotate; affected manifests are flagged on the verify surface.
Can you backdate a manifest?
No. The witness signs over the current pulse_id of the public entropy beacon. Pulses are append-only and publicly readable, and third parties observe the beacon continuously. To backdate, we would have to forge a public chain that other people already hold copies of.
Does verification need your backend?
The proof itself runs in your browser via WebCrypto — the only network call fetches the manifest. For maximum independence, don't even trust the page: the public site repo ships attest/verify.sh, which reproduces every check offline from the manifest and the pinned keys.
Browser support for Ed25519?
Current Chrome, Safari, and Firefox all run the in-browser signature check. Older browsers still see the manifest fields and the integrity checks — they just can't run the final signature step; the offline script covers them.
Inspect · 08

The public surfaces.

/keys

Witness public keys

fleet0.pub.pem (artifact witness, pk_fp cac5f21a70564aeb) · site_deploy.pub.pem (deploy signer, pk_fp 7b4391d64aecb9ac). Both pinned in this site's verifier; compare out of band against the public repo.

/witness

Latest signed observation

/witness/fleet0/latest — the witness signs each beacon pulse it observes; this is the most recent.

/pulse

Public entropy beacon

/entropy/pulse — append-only, published every ~2 s; the anchor every Provenance manifest binds against. The clock in the nav is reading it now.

/log

Beacon history

/entropy/pulse/log — recent pulses with their prev_hash chain. Walk the chain in one request.

Ready · 09

Your AI generated something.
Prove it.

Start a conversation Open the verifier