Veridra
Built for regulated environmentsEU AI ActNIST AI RMFSR 11-7ISO 42001 (mapped)SOC 2 (in progress)
PlatformSolutionsArchitectureTrustDevelopersCompanyRequest review
Architecture · Evidence pipeline

SDK to pack. Five deterministic stages.

A decision leaves your model and enters Veridra at one well-defined point. It leaves the pipeline as signed, logged, regulator-admissible evidence, with nothing undefined in between.

Each stage is idempotent, observable, and verifiable. A pipeline run that crashes in the middle leaves no half-state: either the leaf is in the log with an inclusion proof, or it isn't. There is no partial commit.

End-to-end stages

01 · SDK capture

The Veridra SDK (Python, Node, Go, Java) sits next to your model. It captures inputs, outputs, model version, policy context, and confidence. We run golden vectors in CI to guarantee cross-language determinism.

02 · Canonicalize (RFC 8785)

The captured envelope is rendered to canonical JSON, byte-for-byte deterministic across locales, languages, and floating-point libraries. The canonical form is what gets hashed; nothing else.

03 · Sign (Ed25519, BYOK KMS)

The SDK calls the signer over mTLS. The signer asks the tenant-scoped KMS or HSM for an Ed25519 signature. The private key never leaves the custody boundary. The signer returns signature plus receipt.

04 · Log (Trillian Merkle tree)

The signed leaf is appended to the tenant transparency log. Trillian returns a synchronous inclusion proof against a new signed tree head, which witnesses will co-sign on cadence.

05 · Pack (on demand)

When an auditor or regulator asks, pack-builder assembles a signed PDF plus ZIP containing the decisions, policy records, incidents, and inclusion proofs. The pack verifies standalone, with no Veridra backend required.

Integration points

The pipeline is exposed to your systems at a small number of places. Each is a versioned, contract-driven boundary.

  • SDK — A few lines next to your inference call. Handles canonicalization, retries, batching, and signer discovery. Uses your existing service identity.
  • gRPC sign endpoint — For customers who don't want an SDK in the model runtime: send a canonical envelope and get back a signed receipt. Same mTLS requirement.
  • Policy hooks — The policy-engine is a pre-sign interceptor. A Rego policy can block a decision from being signed, and the block itself is a signed record.
  • Pack API — REST endpoint that composes time ranges, systems, frameworks, and output format. Returns a stable, signed bundle.

What the pipeline guarantees

  • Every accepted decision is either fully signed, logged, and inclusion-proven, or explicitly rejected. No silent partial writes.
  • The canonical bytes a Python SDK hashes are identical to the canonical bytes a Go SDK hashes for the same logical payload.
  • A signed leaf cannot be mutated post-hoc; corrections are new leaves that reference the original.
  • Verification of any signed record is possible without any Veridra service being online.
  • Every stage emits metrics and signed audit events; operator intervention is itself a signed log entry.
Determinism across languages
Same logical payload, same signed bytes
Cross-SDK determinism is enforced by golden vectors in CI. A payload signed in Python and re-signed in Go produces byte-identical canonical forms and byte-identical signatures. Regulators can verify a record without caring which language emitted it.
Closing the loop
The pipeline ties the platform together
Govern decides what should happen. The pipeline records what did happen. Watch detects when the two diverge. The transparency log anchors the timeline and the cryptographic-signing layer anchors identity. If any single stage of this pipeline fails the integrity check, the entire record is inadmissible — and that's the correct outcome. Evidence that can't be verified has no business being in a regulator's hands.
Developer quickstart Cryptographic signing Request a review