Cryptographic provenance for AI-generated content. Verifiable by you, your customer, or a regulator — without trusting our servers.
EU AI Act Article 50 takes effect 2026-08-02. Penalties up to €15M or 3% global turnover for ungoverned AI output. We're built for the deadline.
The control plane runs your agent inside a SPIFFE-identified sandbox, signing every lineage edge with Ed25519. The result is a portable, content-addressed bundle — the agent's output, the chain of computation that produced it, the trust JWKS, all cryptographically bound.
Bundles verify in your browser via a 376 KB wasm SDK, in your Python backend via PyO3, or in our public verifier service. The hosted endpoint is convenience — the SDKs are the trust root. Same Rust verifier, byte-for-byte, across all three surfaces.
Every verification appends to a chain-hashed transparency log with a signed tree head. Skeptical-code audits run quarterly, external cryptographic review biennially, an adversarial corpus gates every pull request. We publish the verdicts.
pip install nucleus-verifier
python -c "
import json
from nucleus_verifier import verify_bundle
bundle = open('bundle.json').read()
trust = json.dumps({'trust_jwks': json.load(open('issuer.jwks.json'))})
print(verify_bundle(bundle, trust))
"import init, { verifyBundle } from '@coproduct/verifier';
await init();
const report = verifyBundle(bundleJson, trustAnchorJson);
// → { ok: true, trust_mode: "out_of_band", edge_count: 5, ... }curl -sS -X POST https://verifier.coproduct.io/v1/verify \
-H "Content-Type: application/json" \
-d "$(jq -nc --slurpfile b bundle.json --slurpfile j issuer.jwks.json \
'{bundle: $b[0], trust_jwks: $j[0]}')"Five documents cover the regulator-facing surface. A compliance + security + dev review can complete from cold start in about ninety minutes of reading.
POST /v1/verifyGET /v1/bundles/{hash}/verifyGET /v1/log/sthGET /v1/log/sizeGET /.well-known/jwks.jsonGET /.well-known/nucleus-verifier-configuration
GET /healthz