The receipt is the work.

Verification is only useful when a stranger can re-run it and reach the same answer. NEXIVERIFY is built around that one test.

Read the mechanisms
CapturedIn your environment
MechanismsFour
Attestation tiersL0 to L3
§ 01How verification works

Four mechanisms. One signed receipt.

Every verified run commits inputs, the policy applied, and the outcome together, before any verdict is issued. Re-run the receipt and it re-derives byte for byte — or it voids and shows exactly where it breaks.

M.1 · In build
Input provenance

Every input is bound to its origin at capture — source, timestamp, and content hash committed before the workflow runs. Unrooted or back-dated inputs are flagged at the door, not found in an audit later.

In pilots today
M.2 · In build
Pinned run

Spec, source, and trace are pinned today. Inputs, the policy, and the decision procedure become first-class pinned fields, signed at DSSE v0.4. A receipt binds an input-policy-outcome triple, not a claim.

Pinned · signed v0.4
M.3 · In build
Verifier attest

The open Apache 2.0 verifier commits inputs, intermediate trace, and final output to a receipt before the verdict. Any tamper voids it and shows where it broke. Ships with the June LICENSE drop.

Runs today · open June
M.4 · In build
Receipt as citation

The receipt is a hash. A buyer, regulator, or auditor cites the hash, re-fetches the substrate, and re-derives the verdict. No appeals to vendor goodwill. The receipt is the artifact, not the claim that quotes it.

Pilot intake
§ 02Levels of attestation

Open at the floor. Countersigned at the ceiling.

Four levels of attestation. The open verifier anyone can re-run sits at the floor; each level above adds a stronger signature, up to one a regulator can cite.

L0
Open verifier
The open verifier, free to run yourself from the June drop. Check any receipt on your own machine, no account needed. It keeps working whether or not you ever pay us.
Public · June
L1
NEXIVERIFY-signed
The emit hook runs in one workflow inside your environment and we sign each receipt. Your own auditors re-check it independently — the work never leaves your stack. The first commercial step.
Pilot intake open
L2
Independently countersigned
An independent firm countersigns the results, with single sign-on and audit logs across your production workflows. Built to clear procurement and security review.
Procurement-grade
L3
Regulator-citeable
Attestation scoped to a whole organization or sector — the receipt is the document an auditor or regulator can cite directly.
Planned
§ 03What a receipt looks like

A row a regulator can cite.

The schema below is what every verified run will render. The workflow action on the left, the checks applied in the middle, the verdict and seal on the right, the receipt hash at the end.

Workflow action Checks applied Verdict Seal Content hash
Payroll disbursement spec-conformance + input-provenance ADMITTED Sealed sha256:9f2a…e1b4
Citation admission editorial trust-root ROOTED Sealed sha256:4c7d…a0f9
EU AI Act control risk-class + human-oversight PASS Sealed sha256:b1e6…5d3c
Disbursement input-provenance Re-derivation failed void
Schema preview · the citeable content hash is a Merkle root shown as sha256: (full 64-hex in the receipt); a separate human-readable receipt_id carries provenance · format finalized at the LICENSE drop in June

Ready for a signed receipt?

Pilot intake is open for compliance teams, regulated operators, and procurement teams that need an attestation they can cite. One workflow, one capability, one signed receipt.

Talk to us Method questions