The Certification Authority
for Enterprise AI
Six-dimension behavioral certification with cryptographic proof, continuous compliance monitoring, and court-ready evidence — in 14ms.
01Product Overview
VeriPass is the certification authority for enterprise AI. Every AI response passes through a six-dimension behavioral envelope, a multi-tier coherence engine, and a cryptographic proof layer — producing a signed, immutable certification record in under 14 milliseconds.
Verdict Outcomes
Every certification produces one of three verdicts based on the composite Behavioral Compliance Score (BCS) and dimension floor enforcement:
| Verdict | Condition | Action |
|---|---|---|
| CERTIFIED | BCS ≥ threshold AND all dimension floors pass | Response allowed, record sealed |
| FLAGGED | BCS near threshold OR one floor marginally breached | Response allowed with monitoring flag |
| FAILED | BCS below threshold OR critical floor violation | Response quarantined, incident generated |
Each certification record is cryptographically signed with Ed25519 and sealed into Merkle tree blocks of 100 certificates. The complete chain is independently verifiable without VeriPass infrastructure.
Platform Capabilities
Beyond the core certification pipeline, VeriPass Enterprise provides a comprehensive suite of AI governance tools — 33+ route files, 1,056+ tests (151 unit + 789 integration + 116 chain certification), and a completed 10-phase security audit.
02Architecture
VeriPass Enterprise uses a layered pipeline architecture. Every API call flows through authentication, rate limiting, behavioral certification, compliance evaluation, cryptographic signing, and evidence sealing — all within a single request/response cycle.
The entire certification pipeline executes synchronously within ~14ms. Select coherence tiers run asynchronously after the response is returned for enhanced accuracy on subsequent certifications.
03Behavioral Dimensions
Every AI response is evaluated across six independent behavioral dimensions. Each dimension produces a 0.0–1.0 score, has a configurable weight, and enforces a minimum floor. If any floor is breached, the certification fails regardless of the composite score.
Dimension Reference
| Dimension | Code | Weight | Floor | What It Measures |
|---|---|---|---|---|
| Factual Grounding | FG | 0.20 | 0.60 | Claims anchored to verifiable source material |
| Boundary Compliance | BC | 0.20 | 0.70 | Adherence to system prompt constraints and deployment policy |
| Semantic Fidelity | SF | 0.15 | 0.60 | Meaning preservation between prompt intent and response content |
| Response Stability | RS | 0.10 | 0.50 | Consistency across repeated similar queries (requires history) |
| Topical Adherence | TA | 0.15 | 0.60 | Staying within the deployment's configured domain scope |
| Information Safety | IS | 0.20 | 0.75 | PII detection (30+ patterns), credential leakage, PHI, SCADA/ICS data |
Score Interpretation
| Range | Interpretation | Typical Action |
|---|---|---|
| 0.90–1.00 | Excellent — dimension fully compliant | No action required |
| 0.75–0.89 | Good — within normal operating range | Standard monitoring |
| 0.60–0.74 | Marginal — approaching floor threshold | Enhanced monitoring, review deployment policy |
| Below 0.60 | Failing — floor breached in most configurations | Certification failure, incident auto-generated |
Information Safety (IS) has the highest default floor at 0.75. Any PII detection — SSN, credit card, medical record number — immediately drops IS below floor, triggering certification failure regardless of composite BCS.
04RRC Coherence Engine
The Request-Response Coherence (RRC) engine evaluates whether an AI response actually addresses the prompt it was given. Multiple independent evaluation tiers produce a weighted composite score, with heuristic penalties applied on top. The composite feeds into the Semantic Fidelity dimension.
Verifies the response meaningfully addresses the intent and meaning of the request.
Confirms response format and logical flow match what was asked. A list question must produce a list.
Detects entity conflicts and ensures referenced entities are accurate and consistent with the prompt.
Cross-validates response relevance through independent lexical analysis.
Monitors for behavioral deviation across deployment history using SPC baselines.
Heuristic Penalty Layer
After the weighted composite is computed, heuristic penalties are applied for behavioral deviations including:
| Check | Flag Raised |
|---|---|
| Question not directly answered | question_not_directly_answered |
| Format mismatch (asked for list, got prose) | format_mismatch |
| Language mismatch (prompt/response differ) | language_mismatch |
| Response too brief for detailed prompt | response_too_brief |
Adaptive Evaluation
When a tier is unavailable, its weight is proportionally redistributed to available tiers. The engine always produces a valid composite score regardless of tier availability.
Select evaluation tiers run asynchronously after the sync response is returned. Subsequent certifications for the same deployment benefit from enriched evaluation data.
05Five-Tier RRC 2.0 Content Analysis
Content classification runs in parallel with behavioral scoring. Each tier adds progressively deeper analysis, with earlier tiers providing instant results and later tiers providing nuanced evaluation.
50+ manipulation patterns: Instruction override, identity manipulation, jailbreak detection, system prompt extraction, delimiter attacks, encoded attacks, emotional manipulation.
SCADA/ICS patterns: Modbus, DNP3, OPC-UA, BACnet, PLC commands, HMI access, setpoint overrides, safety system disabling.
PHI patterns: Patient identifiers, ICD-10 codes, NDC drug codes, lab results, medical record numbers, DEA numbers.
Negation context: "Do not share your SSN" correctly identified as protective guidance, not PII leakage.
enable_judge: true or configurable auto-trigger policies. The LLM evaluates nuanced cases where pattern matching is insufficient — subtle boundary violations, contextual appropriateness, and domain-specific compliance requirements. Results merged into dimension scores with configurable weight.
06Cryptographic Proof
Every certification record is cryptographically signed and sealed into an immutable audit chain. The system produces court-ready evidence that can be independently verified without VeriPass infrastructure. The public trust endpoint at verify.veripass.ai provides instant, independent certification verification for any stakeholder.
Signing Pipeline
id|deployment_id|bcs|decision|timestamp produces a unique content fingerprint.id|bcs|decision|content_hash with server's Ed25519 private key via tweetnacl. 64-byte compact signature.prev_hash points to the prior certification's content hash, forming a linked chain back to genesis.Merkle Tree Block Sealing
Certifications are batched into blocks and sealed with a Merkle tree. Each block contains up to 200 certifications. The Merkle root is signed and chain-linked to the previous block.
Certification Record Schema
{
"id": "VP-2026-0305-A7K2",
"deployment_id": "deploy_customer_support_v3",
"timestamp": "2026-03-05T12:00:00.000Z",
"bcs": 0.891,
"decision": "certified",
"dimensions": {
"factual_grounding": { "score": 0.92, "weight": 0.20 },
"boundary_compliance": { "score": 0.95, "weight": 0.20 },
"semantic_fidelity": { "score": 0.88, "weight": 0.15 },
"response_stability": { "score": 0.84, "weight": 0.10 },
"topical_adherence": { "score": 0.87, "weight": 0.15 },
"information_safety": { "score": 0.97, "weight": 0.20 }
},
"coherence": 0.894,
"content_hash": "a7f3c...SHA256",
"prev_hash": "b8e2d...SHA256",
"signature": "3fa9e...Ed25519",
"block_id": "block_042"
}Tamper Detection
Any modification to a certification record — changing the BCS, altering the decision, or modifying prompt/response content — invalidates the content hash. The invalid hash breaks the Ed25519 signature, the Merkle proof, and the chain link to subsequent blocks. All four verification layers must pass independently.
Why Ed25519? Fast, compact signatures (64 bytes) with strong security guarantees. Keys are small (32 bytes public, 64 bytes secret), and signing/verification is orders of magnitude faster than RSA. VeriPass supports key rotation and pluggable key providers (file, env, AWS KMS).
06bQuantum-Safe Cryptography
VeriPass is the first AI governance platform with quantum-safe cryptographic certification. Every certification record is dual-signed with both classical and post-quantum algorithms.
Architecture
VeriPass uses a hybrid signing architecture that provides both immediate security and future-proof quantum resistance:
Algorithms
| Algorithm | Type | Standard | Purpose |
|---|---|---|---|
Ed25519 | Classical | RFC 8032 | Inline signing — fast, proven, widely supported |
ML-DSA-65 | Post-Quantum | NIST FIPS 204 | Quantum resistance — lattice-based, NIST standardized |
SHA-256 | Hash | NIST FIPS 180-4 | Content hashing and Merkle tree construction |
How It Works
- Certification created — Ed25519 signature applied inline. Record stored with
quantum_safe = false. - Background worker runs — Every 5 minutes, up to 500 unsigned records are batch-signed with ML-DSA-65.
- Record upgraded —
signature_pqc,signing_algorithm, andquantum_safefields updated. - Verification — Both signatures independently verified. The double-shield badge () indicates quantum-safe status.
Why Quantum-Safe Matters
Certification records may need to remain verifiable for years or decades. A "harvest now, decrypt later" attack could compromise classical signatures once quantum computers become available. By dual-signing with ML-DSA-65 today, VeriPass ensures audit trail integrity against future quantum threats.
API: PQC Status
{
"total": 1247,
"signed": 1223,
"pending": 24,
"percent": 98.1,
"estimated_completion": "~5 minutes",
"worker_active": true,
"last_run": "2026-03-12T14:45:00.000Z",
"last_result": {
"signed": 24,
"skipped": 0,
"errors": 0,
"elapsed_ms": 312
}
}Requires admin or super_admin role.
VCAS (VeriPass Certification Artifact Specification) v2.1 Cryptography Block
Quantum-safe certifications include an extended cryptography block in the VCAS artifact:
{
"cryptography": {
"algorithm": "hybrid-ed25519-mldsa65",
"signature": "a1b2c3...",
"signature_pqc": "d4e5f6...",
"public_key": "07a8b9...",
"public_key_pqc": "c0d1e2...",
"content_hash": "sha256:...",
"quantum_safe": true
}
}Your command center at a glance. The top navigation bar provides four operational modes — MONITOR / INVESTIGATE / CONFIGURE / REPORTS — each surfacing the right tools for the task. Five hero metric cards, deployment health, recent certifications, and compliance posture — all in real time.
Key Elements
| Panel | What It Shows |
|---|---|
| Portfolio Trust Score | Animated gauge with 7-day sparkline trend — your single executive metric |
| Active Deployments | Count with stacked bar showing production/staging/shadow breakdown |
| Certifications (7D) | Total certifications with sparkline and delta vs 7-day average |
| Failure Rate | Percentage with delta against rolling average |
| Compliance Posture | Multi-ring gauge showing overall compliance across active frameworks |
| What Needs Attention | Amber cards surfacing compliance gaps and recent behavioral deviations |
| Deployment Health | Per-deployment BCS scores, certification counts, and trend indicators |
08Certification Detail
Click any certification to open the detail modal — the complete record with grade badge, KPI cards, radar chart, and dimension-by-dimension breakdown with PASS/FAIL status.
09Forensics & Replay
The forensics view provides color-coded evidence replay, PII annotation highlighting, root cause analysis with pattern classification, and remediation recommendations.
10Audit Trail
Filter by verdict, search by deployment, and export certification records as CSV or PDF. The audit trail provides the complete history of every certification decision.
11Risk Heatmap
A deployment-by-dimension grid showing 7-day average scores. Color-coded cells instantly reveal which deployments have behavioral deviations in specific dimensions.
12Compliance Galaxy
A three-column grid of all 19 active compliance frameworks with a Posture Ring summary. Each framework card shows a network-graph constellation of its requirements, percentage score, requirements met, effective date, enforcement status badge, and quick links to audit evidence and reports. Red borders indicate active enforcement, amber borders indicate approaching enforcement deadlines.
13Evidence Chain Explorer
Visualize the Merkle audit chain — each block links to the previous via SHA-256 hash. Verify the full chain with one click for court-ready, cryptographically proven integrity.
14Create Deployment
Configure a new AI deployment with name, industry, risk level, provider, model, and compliance module selections. Start in shadow mode to collect a baseline before enabling enforcement.
15Deployment Modes
VeriPass supports three deployment modes that let you control how certifications interact with your production traffic — from zero-impact observation to full inline gating.
| Mode | Certification | Response Delivery | On Failure | Best For |
|---|---|---|---|---|
| Shadow | All responses certified | All responses delivered | Logged & flagged — no user impact | Initial rollout, baselining, calibration |
| Inline | Certified before delivery | Only certified responses delivered | Configurable fallback response returned | Production gating, regulated environments |
| Async | Certified after delivery | All responses delivered immediately | Flagged post-delivery for review | Low-latency workloads, high-volume APIs |
Recommended adoption path
Start every deployment in Shadow to collect baseline data without affecting production. After 500+ certifications, use the Calibration Wizard to set optimal thresholds, then promote to Inline for full gating. Use Async for latency-sensitive workloads where post-delivery certification is acceptable.
Configurable fallback responses
In Inline mode, when a response fails certification, VeriPass returns a configurable fallback message instead of the original response. Set a custom fallback per deployment, or use the default:
We're unable to provide a response at this time. Your request has been logged and will be reviewed. (Ref: cert_abc123...)
Setting the mode
Configure via the Deployments tab in the dashboard, or via the API:
PUT /api/v1/deployments/:id { "enforcement_mode": "inline", "fallback_response": "Custom fallback message here." }
16Calibration Wizard
After collecting a baseline in shadow mode (500+ certifications), the calibration wizard analyzes BCS distribution and recommends optimal thresholds — showing exactly what would change before you apply.
17Executive Intelligence
Three-panel executive view: Portfolio Trust Score gauge with 7-day trend, Deployment Health arc charts showing certified/flagged/failed breakdown per deployment, and ROI Calculator with board-ready report generation.
18Slack Alerts
Certification failures fire instant alerts via Slack, email, webhook, or PagerDuty. The VeriPass Bot message includes deployment name, BCS, grade, root cause, and a direct link to the dashboard.
Compliance Frameworks
VeriPass maps every certification to 19 regulatory and governance frameworks simultaneously. Each framework is visualized as a constellation — a star field where lit stars represent requirements met, dim stars represent gaps.
International Standards
| Requirement | VeriPass Mapping | Status |
|---|---|---|
| Art. 9 — Risk Management | Six-dimension behavioral envelope | MET |
| Art. 10 — Data Governance | Evidence chain + custody proof | MET |
| Art. 11 — Technical Documentation | Certification reports + audit trail | MET |
| Art. 12 — Record-Keeping | Merkle-sealed immutable logs | MET |
| Art. 13 — Transparency | Forensics replay + explainability | MET |
| Art. 14 — Human Oversight | Shadow mode + approval workflows | MET |
| Art. 15 — Accuracy & Robustness | RRC coherence + stability scoring | MET |
| Art. 16 — Post-Market Monitoring | Continuous certification + alerts | MET |
| Art. 17 — Serious Incident Reporting | Configurable (org-level) | PARTIAL |
| Art. 52 — Transparency Obligations | Configurable (org-level) | PARTIAL |
| Function | VeriPass Mapping | Status |
|---|---|---|
| GOVERN — Policies & Oversight | Policy Wizard + governance docs | MET |
| MAP — Context & Risk | Industry-specific deployment profiles | MET |
| MEASURE — Assessment | 6-dimension scoring + RRC | MET |
| MANAGE — Response | Automated alerts + quarantine | MET |
| Clause | VeriPass Mapping | Status |
|---|---|---|
| Clause 6 — Planning | Policy Wizard risk assessment | MET |
| Clause 8 — Operation | Continuous certification pipeline | MET |
| Clause 9 — Performance Evaluation | Executive Intelligence + reports | MET |
| Clause 10 — Improvement | Calibration Wizard + trending | MET |
Industry Standards
| Principle | VeriPass Mapping | Status |
|---|---|---|
| Security | Ed25519 signing + access controls | MET |
| Availability | Health monitoring + alerts | MET |
| Processing Integrity | Behavioral certification pipeline | MET |
| Confidentiality | PII detection + information safety | MET |
| Privacy | Data handling + consent tracking | MET |
| Safeguard | VeriPass Mapping | Status |
|---|---|---|
| Administrative | Policy Wizard + role access | MET |
| Physical | N/A (software layer) | N/A |
| Technical — Access | JWT auth + role-based controls | MET |
| Technical — Audit | Immutable audit trail + Merkle proof | MET |
| Technical — Integrity | Information Safety dimension (PHI) | MET |
| Requirement | VeriPass Mapping | Status |
|---|---|---|
| Req 3 — Protect Stored Data | PII/PAN detection via Tier 1 | MET |
| Req 7 — Access Control | Role-based dashboard access | MET |
| Req 10 — Logging & Monitoring | Audit trail + evidence chain | MET |
| Req 12 — Security Policy | Policy Wizard governance docs | MET |
Critical Infrastructure
| Standard | VeriPass Mapping | Status |
|---|---|---|
| CIP-003 — Security Mgmt | Policy Wizard + deployment profiles | MET |
| CIP-007 — System Security | Boundary Compliance dimension | MET |
| CIP-011 — Info Protection | Information Safety + PII detection | MET |
| Function | VeriPass Mapping | Status |
|---|---|---|
| GOVERN | Policy Wizard + role controls | MET |
| IDENTIFY | Deployment risk profiling | MET |
| PROTECT | Behavioral envelope enforcement | MET |
| DETECT | Continuous certification + heatmap | MET |
| RESPOND | Automated quarantine + Slack alerts | MET |
| RECOVER | Calibration + remediation recommendations | MET |
U.S. State Legislation
| Requirement | VeriPass Mapping | Status |
|---|---|---|
| Impact Assessment | Deployment risk profiles + reports | MET |
| Bias Testing | Behavioral dimension scoring | MET |
| Consumer Disclosure | Configurable (org-level) | PARTIAL |
| Requirement | VeriPass Mapping | Status |
|---|---|---|
| AI System Inventory | Deployment registry | MET |
| Risk Classification | Risk level + industry profiling | MET |
| Ongoing Monitoring | Continuous certification + alerts | MET |
| Requirement | VeriPass Mapping | Status |
|---|---|---|
| Notice to Applicants | Configurable (org-level) | PARTIAL |
| Bias Auditing | Behavioral dimension fairness scoring | MET |
| Record Retention | Merkle-sealed audit trail | MET |
Privacy & Data Rights
| Requirement | VeriPass Mapping | Status |
|---|---|---|
| Art. 5 — Purpose Limitation | Topical adherence + boundary compliance | MET |
| Art. 9 — Special Category Data | Information Safety PII detection | MET |
| Art. 22 — Automated Decisions | Human oversight enforcement | MET |
| Art. 13-15 — Right to Explanation | Semantic fidelity + factual grounding | MET |
| Requirement | VeriPass Mapping | Status |
|---|---|---|
| ADMT — Automated Decisions | Human review + opt-out enforcement | MET |
| Decision Logic Disclosure | Semantic fidelity explanations | MET |
| Sensitive Personal Information | Information Safety opt-in consent | MET |
| Non-Retaliation | Response stability post-opt-out | MET |
| Requirement | VeriPass Mapping | Status |
|---|---|---|
| Opt-Out of Profiling | Boundary compliance enforcement | MET |
| Data Minimization | Information Safety scoring | MET |
| Sensitive Data Consent | IS consent verification | MET |
| Right to Appeal | Decision transparency + BC | MET |
Financial Services
| Requirement | VeriPass Mapping | Status |
|---|---|---|
| Fair & Balanced Communications | Factual grounding + semantic fidelity | MET |
| Reg BI Suitability | Boundary compliance enforcement | MET |
| Audit Trail & Supervisability | Ed25519 signed records | MET |
| AI Disclosure | Identity disclosure verification | MET |
| Fair Dealing | Response stability cross-demographic | MET |
| Requirement | VeriPass Mapping | Status |
|---|---|---|
| Truthful Claims | Factual grounding substantiation | MET |
| AI Identity Disclosure | Boundary compliance verification | MET |
| Earnings & Returns Claims | FG score >= 0.90 | MET |
| AI-Generated Content Disclosure | Content origin labeling | MET |
| Deceptive Content Prevention | Information Safety + FG | MET |
Canada
| Requirement | VeriPass Mapping | Status |
|---|---|---|
| Automated Decision Notification | Boundary compliance notification | MET |
| Decision Logic Disclosure | Factual grounding + SF | MET |
| Manifestly Informed Consent | Consent mechanism verification | MET |
| Privacy Impact Assessment | Certification records + reports | MET |
Click any constellation card to expand and view the detailed requirement-to-feature mapping. VeriPass evaluates all 19 frameworks simultaneously during every certification — no additional configuration required.
Policy Wizard
Three-screen guided flow that converts your governance documents and compliance requirements into an enforceable deployment policy — dimension floors, framework selection, and alerting thresholds.
Step 1 — Upload & Analyze
The wizard uses NLP extraction to identify behavioral requirements from your governance policy. It maps phrases like "must not disclose personal information" to the Information Safety dimension and suggests an appropriate floor value.
Step 2 — Configure Dimensions
| Dimension | Suggested Floor | Weight | Source |
|---|---|---|---|
| Factual Grounding (FG) | 0.70 | 0.20 | Policy §3.1 |
| Boundary Compliance (BC) | 0.80 | 0.15 | Policy §4.2 |
| Semantic Fidelity (SF) | 0.65 | 0.15 | Default |
| Response Stability (RS) | 0.60 | 0.10 | Default |
| Topical Adherence (TA) | 0.75 | 0.15 | Policy §2.3 |
| Information Safety (IS) | 0.90 | 0.20 | Policy §5.1 |
Step 3 — Framework & Alerts
Select from all 19 compliance frameworks. The wizard pre-selects frameworks based on your industry. Configure alert channels: Slack, email, PagerDuty, or webhook. Set escalation thresholds for each severity level.
You can run the Policy Wizard multiple times to create different policies for different deployment types. A healthcare deployment might have IS floor of 0.95 while a marketing chatbot uses 0.70.
Evidence Vault
Court-ready digital evidence with cryptographic custody chain. Every certification record is signed, sealed into Merkle blocks, and independently verifiable.
Evidence Package
An evidence package bundles everything needed for regulatory review or legal proceedings:
Complete behavioral analysis: prompt, response, all 6 dimension scores, composite BCS, verdict, and RRC coherence analysis.
Ed25519 signature, SHA-256 content hash, signing key fingerprint, and timestamp. Independently verifiable without VeriPass infrastructure.
Block number, position within block, block hash, previous block hash, and Merkle root for the sealed block.
Chain Status
{
"status": "healthy",
"total_blocks": 847,
"total_records": 84692,
"latest_block": {
"block_number": 847,
"records": 100,
"hash": "a3f8c1...",
"previous_hash": "7e2b4d...",
"merkle_root": "c91e5a...",
"sealed_at": "2026-03-05T10:30:00Z"
},
"chain_integrity": "verified",
"unsealed_records": 42
}Attestation
Third-party attestation allows external auditors to cryptographically verify evidence packages:
{
"certification_id": "cert_abc123",
"attestor": "external-auditor@kpmg.com",
"attestation": {
"verified": true,
"signature_valid": true,
"chain_intact": true,
"timestamp": "2026-03-05T11:00:00Z"
}
}Evidence packages are immutable once sealed. The custody chain tracks every access — who viewed, downloaded, or attested to each package. This audit trail is itself Merkle-sealed.
Certification Report
Human-readable certification output with machine-verifiable signatures. Every report includes dimension scores, compliance mapping, and cryptographic proof.
Terminal Report Output
╔══════════════════════════════════════════════════════════════╗ ║ VERIPASS CERTIFICATION REPORT ║ ╠══════════════════════════════════════════════════════════════╣ ║ Deployment: Customer Support AI — Tier 1 ║ ║ Timestamp: 2026-03-05T14:23:17Z ║ ║ Verdict: ■ CERTIFIED ║ ╠══════════════════════════════════════════════════════════════╣ ║ BEHAVIORAL COMPLIANCE SCORE ║ ║ ║ ║ Composite BCS: 0.91 (Grade: A) ║ ║ RRC Coherence: 0.88 ║ ║ ║ ║ FG ████████████████████░░ 0.89 Factual Grounding ║ ║ BC █████████████████████░ 0.94 Boundary Compliance ║ ║ SF ███████████████████░░░ 0.86 Semantic Fidelity ║ ║ RS █████████████████░░░░░ 0.79 Response Stability ║ ║ TA ████████████████████░░ 0.92 Topical Adherence ║ ║ IS █████████████████████░ 0.97 Information Safety ║ ╠══════════════════════════════════════════════════════════════╣ ║ COMPLIANCE: EU AI Act ✓ NIST ✓ SOC 2 ✓ HIPAA ✓ ║ ╠══════════════════════════════════════════════════════════════╣ ║ SIGNATURE ║ ║ Algorithm: Ed25519 ║ ║ Key: vp_sign_2026_prod ║ ║ Hash: SHA-256:a3f8c1e2... ║ ║ Signature: 7mK9xR4p... ║ ║ Block: #847 (position 42/100) ║ ╚══════════════════════════════════════════════════════════════╝
Reports can be exported as JSON (machine-readable), PDF (stakeholder-friendly), or Markdown (developer-friendly). The JSON format includes the full signature payload for programmatic verification.
Reports Center
Access all reports and data exports from a single hub. Navigate to REPORTS — one of the four primary navigation modes (MONITOR / INVESTIGATE / CONFIGURE / REPORTS) — in the top navigation bar.
Report Categories
Executive Reports
| Report | Format | Pages | Description |
|---|---|---|---|
| Executive Intelligence | PDF | 3+ | Portfolio trust score, ROI and cost avoidance analysis, deployment health, compliance posture |
| Board Report | PDF | 3 | Certification posture score, 24-hour operational metrics, compliance status with framework deadlines |
| Risk Intelligence Brief | PDF | 4 | Per-deployment risk scores, predictive alerts, risk trajectories, weakest dimensions, recommended actions |
Compliance Reports
| Report | Format | Pages | Description |
|---|---|---|---|
| Compliance Assessment | PDF | Multi | Per-deployment regulatory compliance breakdown by framework with article-level status analysis |
| Evidence Package | PDF | Multi | Framework constellation diagram, requirement status, gap analysis, remediation guidance |
| SOC 2 Evidence Package | JSON | — | SOC 2 Type II formatted evidence bundle with certification records and attestation |
| Compliance Attestation | JSON | — | Formal compliance attestation document with cryptographic proof chain |
Operations Reports
| Report | Format | Pages | Description |
|---|---|---|---|
| Audit Report | PDF | 7 | Comprehensive behavioral audit — BCS trends, decision distribution, deployment health, deviation analysis, Merkle chain integrity |
| Analytics Report | PDF | 4 | Behavioral analytics overview with dimensional analysis, deployment performance, compliance framework status |
| SLA Report | PDF | 2+ | Latency, throughput, accuracy, integrity metrics with percentile analytics, capacity utilization |
Forensic Reports
| Report | Format | Pages | Description |
|---|---|---|---|
| Certification Detail | PDF | 2 | Single certification deep-dive — dimensional scores, root cause analysis, prompt/response evidence, remediation |
| Evidence Vault Export | PDF | Multi | Filtered certification records with signatures and hash chain verification status |
| Evidence Bundle | JSON | — | Cryptographically signed evidence package for selected certifications |
| Single Cert Package | JSON | — | Individual certification with full cryptographic evidence chain |
Data Exports
| Export | Format | Description |
|---|---|---|
| Audit Data | CSV | All certification fields — timestamp, ID, deployment, decision, BCS, 6 dimensions, prompt, response, hash, signature |
| Evidence Vault | CSV | Server-generated CSV export with all certification columns and metadata |
| Evidence Vault | JSONL | Machine-readable NDJSON format for pipeline integration and automated processing |
| Admin Audit Log | CSV | Administrative action log with timestamps, actors, and resource changes (SuperAdmin only) |
Generating Reports
Click GENERATE on any report card. Reports that require parameters (framework selection, certification ID) show a configuration panel before generating. All PDF reports include:
- VeriPass AI branded header and footer
- Confidential marking
- Page numbers and generation timestamp
- Organization name
Role-Based Access
Most reports are available to Admin and above. SuperAdmin-only exports include the Admin Audit Log (CSV).
Recent Exports
The bottom of the Reports Center shows your recently generated reports for quick regeneration without re-navigating.
API Reference
RESTful API with JWT authentication. All endpoints return JSON. Rate limit: 120 requests/minute per API key.
POST /api/v1/certify
Submit a prompt-response pair for behavioral certification.
curl -X POST https://app.veripass.ai/api/v1/certify \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-d '{
"deployment_id": "dep_abc123",
"prompt": "What is the refund policy?",
"response": "Our refund policy allows returns within 30 days...",
"model": "gpt-4",
"provider": "openai",
"metadata": { "session_id": "sess_xyz" }
}'{
"certification_id": "cert_7f3a2b",
"verdict": "certified",
"grade": "A",
"bcs": 0.91,
"rrc_score": 0.88,
"dimensions": {
"factual_grounding": 0.89,
"boundary_compliance": 0.94,
"semantic_fidelity": 0.86,
"response_stability": 0.79,
"topical_adherence": 0.92,
"information_safety": 0.97
},
"compliance": {
"eu_ai_act": { "status": "compliant", "gaps": [] },
"nist_ai_rmf": { "status": "compliant", "gaps": [] },
"soc2": { "status": "compliant", "gaps": [] }
},
"signature": {
"algorithm": "Ed25519",
"hash": "SHA-256:a3f8c1e2...",
"signature": "7mK9xR4p...",
"key_id": "vp_sign_2026_prod"
}
}POST /api/v1/certify/batch
Submit up to 100 prompt-response pairs in a single request. Returns an array of certification results.
{
"deployment_id": "dep_abc123",
"items": [
{ "prompt": "What is the refund policy?", "response": "Our refund policy..." },
{ "prompt": "How do I cancel?", "response": "To cancel your subscription..." }
]
}GET /api/v1/certifications
List certification records with filtering and pagination.
GET /api/v1/certifications?deployment_id=dep_abc123&verdict=failed&page=1&limit=50GET /api/v1/deployments
List all deployments for the authenticated organization.
POST /api/v1/deployments
Create a new deployment with industry, risk level, and compliance module configuration.
{
"name": "Customer Support AI",
"industry": "financial_services",
"risk_level": "high",
"mode": "active",
"provider": "openai",
"model": "gpt-4",
"compliance_modules": ["eu_ai_act", "soc2", "pci_dss"]
}POST /api/v1/compliance/evaluate
Evaluate a certification against specific compliance frameworks.
GET /api/v1/evidence/package/:certificationId
Retrieve the full evidence package for a certification including cryptographic proof and chain position.
POST /api/v1/evidence/attest
Submit a third-party attestation for an evidence package.
GET /api/v1/chain/status
Get the current status of the Merkle chain including block count, integrity status, and unsealed records.
POST /api/v1/chain/blocks/seal
Manually trigger block sealing (auto-seals at 100 records). Requires admin role.
GET /api/v1/overview/summary
Dashboard summary with aggregate metrics: total certifications, failure rate, compliance posture, and deployment health.
TypeScript Types
interface CertificationResult {
certification_id: string;
verdict: 'certified' | 'flagged' | 'failed';
grade: 'A+' | 'A' | 'B' | 'C' | 'D' | 'F';
bcs: number;
rrc_score: number;
dimensions: Record<string, number>;
compliance: Record<string, ComplianceResult>;
signature: SignaturePayload;
created_at: string;
}
interface SignaturePayload {
algorithm: 'Ed25519';
hash: string;
signature: string;
key_id: string;
}
interface ComplianceResult {
status: 'compliant' | 'partial' | 'non_compliant';
gaps: string[];
framework_version: string;
}
interface Deployment {
deployment_id: string;
name: string;
industry: string;
risk_level: 'low' | 'medium' | 'high' | 'critical';
mode: 'shadow' | 'active';
provider: string;
model: string;
compliance_modules: string[];
created_at: string;
}SDK & CLI
Node.js SDK for programmatic integration. Certify AI responses, manage deployments, and verify evidence from your application code.
Installation
npm install @veripass/sdkQuick Start
import { VeriPass } from '@veripass/sdk';
const vp = new VeriPass({
apiKey: process.env.VERIPASS_API_KEY,
deploymentId: 'dep_abc123'
});
// Certify a single response
const result = await vp.certify({
prompt: 'What is the refund policy?',
response: 'Our refund policy allows returns within 30 days...',
model: 'gpt-4',
provider: 'openai'
});
console.log(result.verdict); // 'certified'
console.log(result.bcs); // 0.91
console.log(result.grade); // 'A'Express Middleware
import { veripassMiddleware } from '@veripass/sdk';
app.use('/api/chat', veripassMiddleware({
apiKey: process.env.VERIPASS_API_KEY,
deploymentId: 'dep_abc123',
mode: 'active', // 'active' quarantines failed responses
onFailed: (req, res, cert) => {
res.status(422).json({
error: 'Response did not meet certification standards',
certification_id: cert.certification_id,
grade: cert.grade
});
}
}));Batch Audit
import { VeriPass } from '@veripass/sdk';
const vp = new VeriPass({ apiKey: process.env.VERIPASS_API_KEY });
const results = await vp.certifyBatch({
deploymentId: 'dep_abc123',
items: historicalLogs.map(log => ({
prompt: log.user_message,
response: log.ai_response,
model: log.model
}))
});
const failures = results.filter(r => r.verdict === 'failed');
console.log(`${failures.length} / ${results.length} failed certification`);See the /docs/examples/ directory for complete integration examples with OpenAI, Anthropic, and batch audit workflows.
Agent Chain Certification (ACC)
Certify multi-step AI agent workflows end-to-end. Every delegation, tool invocation, and decision in an agent chain receives its own behavioral certification, then rolls up into a composite chain score.
Overview
Modern AI agents don’t just answer questions — they orchestrate multi-step workflows: retrieving documents, calling tools, delegating to sub-agents, and making decisions. ACC tracks every step in the chain, certifies each individually, and produces an aggregate chain certification with delegation lineage.
Key Concepts
- Chain Session — A bounded workflow with a start, steps, and completion
- Step Types —
llm_call,tool_use,delegation,decision,data_access - Chain Dimensions — delegation_appropriateness, scope_compliance, chain_coherence, tool_use_safety
- Aggregate BCS — Composite score across all steps, weighted by step criticality
Chain Scoring Dimensions
| Dimension | Weight | What It Measures |
|---|---|---|
| Delegation Appropriateness | 25% | Was each delegation to a sub-agent warranted? Did the delegating agent have authority? |
| Scope Compliance | 30% | Did every step stay within the agent’s scope contract boundaries? |
| Chain Coherence | 25% | Do the steps form a logical progression? Are there unnecessary or contradictory steps? |
| Tool Use Safety | 20% | Were tools invoked appropriately with proper inputs and within authorized parameters? |
Chain Integrity Verification
Every completed chain is cryptographically sealed:
- Each step receives a step_hash (SHA-256 of step_id, agent_id, action_type, content_hash, previous_step_hash, timestamp)
- Step hashes link together as a hash chain — tampering with any step invalidates all subsequent hashes
- A Merkle tree is built from all step hashes, producing a merkle_root
- The chain_hash (SHA-256 of all step hashes joined) and merkle_root are Ed25519-signed
API Reference
| Method | Path | Description |
|---|---|---|
POST | /api/v1/agents | Start a new agent session (chain) |
POST | /api/v1/agents/:id/steps | Add a step to the chain |
POST | /api/v1/agents/:id/terminate | Complete the chain with final assessment |
GET | /api/v1/agents/:id | Get chain session with all steps |
GET | /api/v1/agents | List all agent sessions |
GET | /api/v1/chains/:id/verify | Verify chain integrity (hash chain + Merkle tree + Ed25519 signature) |
GET | /api/v1/chains/:id/workflow | Get chain workflow visualization data |
Example: Start & Execute a Chain
# 1. Start chain
curl -X POST https://app.veripass.ai/api/v1/agents \
-H "Authorization: Bearer $API_KEY" \
-d '{"deployment_id": "dep_onboarding", "name": "Client Onboarding: Apex Capital"}'
# 2. Add steps
curl -X POST https://app.veripass.ai/api/v1/agents/$SESSION_ID/steps \
-H "Authorization: Bearer $API_KEY" \
-d '{
"step_type": "tool_use",
"tool_name": "kyc_check",
"prompt": "Run KYC verification for Apex Capital",
"response": "KYC Results: OFAC screening CLEAR. Identity verified."
}'
# 3. Terminate
curl -X POST https://app.veripass.ai/api/v1/agents/$SESSION_ID/terminate \
-H "Authorization: Bearer $API_KEY" \
-d '{"reason": "Onboarding workflow completed successfully"}'Verify Chain Integrity
# Verify cryptographic integrity of a completed chain
curl https://app.veripass.ai/api/v1/chains/$CHAIN_ID/verify \
-H "Authorization: Bearer $API_KEY"
# Response:
# {
# "valid": true,
# "checks": {
# "hash_chain": { "valid": true, "steps_verified": 6 },
# "merkle_tree": { "valid": true, "root": "a3f7..." },
# "signature": { "valid": true, "algorithm": "Ed25519" }
# }
# }View agent chains in INVESTIGATE > Chains tab. Each chain shows a step timeline with per-step BCS scores, delegation lineage, and a workflow visualization. Click VERIFY INTEGRITY to cryptographically verify the chain in real-time.
Auditor Evidence Packages (AEP)
Generate audit-ready compliance evidence packages mapped to specific regulatory frameworks. Each package includes control mappings, statistical evidence, cryptographic attestations, and exportable PDF reports.
Supported Frameworks
| Framework | Controls Mapped | Evidence Type |
|---|---|---|
| EU AI Act | Art. 9-17, 52 | Risk management, transparency, oversight |
| SOC 2 Type II | CC6-CC9 | System monitoring, change management, availability |
| HIPAA | §164.308-312 | PHI safeguards, access controls, audit |
| NIST AI RMF | GOVERN, MAP, MEASURE, MANAGE | Risk assessment, monitoring, governance |
| ISO 42001 | Clauses 4-10 | AI management system requirements |
| Colorado AI Act | SB 21-169 | Consequential decision documentation |
Evidence Items
Each evidence package includes framework-specific control mappings:
- Control Reference — The specific regulatory article, clause, or requirement being addressed
- Evidence Type — Statistical analysis, behavioral records, cryptographic attestations, or policy documentation
- Compliance Status — MET, PARTIAL, or GAP
- Supporting Data — Certification records, dimensional scores, governance metrics referenced by the control
- Gap Analysis — For unmet controls, specific remediation recommendations with estimated effort
API Reference
| Method | Path | Description |
|---|---|---|
POST | /api/v1/evidence/generate | Generate a framework-specific evidence package |
GET | /api/v1/evidence/:id/pdf | Download evidence package as PDF |
POST | /api/v1/evidence/attest | Generate attestation for a deployment period |
GET | /api/v1/evidence/attest/:id | Retrieve attestation details |
POST | /api/v1/evidence/attest/:id/verify | Cryptographically verify an attestation |
GET | /api/v1/evidence/package/:certId | Get evidence package for a certification |
POST | /api/v1/evidence/bulk-package | Bulk generate evidence packages |
Example: Generate Evidence Package
# Generate EU AI Act evidence package
curl -X POST https://app.veripass.ai/api/v1/evidence/generate \
-H "Authorization: Bearer $API_KEY" \
-d '{
"deployment_id": "dep_trading",
"framework": "eu_ai_act",
"period_start": "2026-02-01T00:00:00Z",
"period_end": "2026-02-28T23:59:59Z"
}'
# Download as PDF
curl https://app.veripass.ai/api/v1/evidence/$PACKAGE_ID/pdf \
-H "Authorization: Bearer $API_KEY" \
-o eu_ai_act_evidence.pdfExample: Generate Attestation
curl -X POST https://app.veripass.ai/api/v1/evidence/attest \
-H "Authorization: Bearer $API_KEY" \
-d '{
"deployment_id": "dep_trading",
"period_start": "2026-02-01T00:00:00Z",
"period_end": "2026-02-28T23:59:59Z",
"type": "compliance_attestation"
}'Access evidence packages in REPORTS > Evidence Packages tab. Click GENERATE to produce framework-specific PDF exports.
Developer SDKs
First-class SDKs for JavaScript/TypeScript and Python. Drop-in certification for any AI application with one line of code.
JavaScript / TypeScript
npm install @veripass/sdkimport { VeriPass } from '@veripass/sdk';
const vp = new VeriPass({
apiKey: process.env.VERIPASS_API_KEY,
deploymentId: 'dep_abc123'
});
// One-line certification
const cert = await vp.certify({
prompt: 'What is the refund policy?',
response: aiResponse,
model: 'gpt-4o',
provider: 'openai'
});
if (cert.verdict === 'failed') {
return fallbackResponse;
}
// Chain certification
const chain = await vp.startChain({ name: 'Onboarding Flow' });
await chain.addStep({ stepType: 'tool_use', toolName: 'kyc_check', prompt, response });
await chain.addStep({ stepType: 'decision', prompt: 'Approve?', response: 'Approved' });
const result = await chain.complete();Python
pip install veripassfrom veripass import VeriPass
vp = VeriPass(
api_key=os.environ["VERIPASS_API_KEY"],
deployment_id="dep_abc123"
)
# One-line certification
cert = vp.certify(
prompt="What is the refund policy?",
response=ai_response,
model="claude-sonnet-4-20250514",
provider="anthropic"
)
print(cert.verdict) # "certified"
print(cert.bcs) # 0.91
# Batch certification
results = vp.certify_batch(items=[
{"prompt": p, "response": r} for p, r in historical_logs
])Error Handling
try {
const cert = await vp.certify({ prompt, response });
} catch (err) {
if (err.code === 'RATE_LIMITED') {
// Back off and retry
await sleep(err.retryAfter * 1000);
} else if (err.code === 'DEPLOYMENT_NOT_FOUND') {
// Check deployment ID configuration
}
}Model Identity Attestation (MIA)
Track, fingerprint, and verify the exact AI model behind every certification. Detect silent model updates before they impact production behavior. Build an AI Bill of Materials (AI-BOM) for every deployment.
Key Concepts
- AI-BOM — A registry of every model used across your deployments: provider, version, fingerprint, behavioral baseline
- Behavioral Fingerprint — A statistical signature derived from how a model responds to calibration prompts
- Drift Detection — Automatic alerts when a model’s behavioral fingerprint changes beyond the configured threshold
- Rebaselining — Accept a new model version as the baseline after investigation
API Reference
| Method | Path | Description |
|---|---|---|
POST | /api/v1/models/register | Register a model for tracking |
GET | /api/v1/models | List all model registrations |
GET | /api/v1/models/:id | Get registration details + version history |
PUT | /api/v1/models/:id | Update drift/rebaseline thresholds |
POST | /api/v1/models/:id/rebaseline | Accept current fingerprint as new baseline |
GET | /api/v1/models/:id/history | Get version change history |
GET | /api/v1/models/drift-report | Cross-deployment drift report |
Configuration
Models are auto-registered after 10 certifications. Configure drift sensitivity per registration:
curl -X PUT https://app.veripass.ai/api/v1/models/$REG_ID \
-H "Authorization: Bearer $API_KEY" \
-d '{
"drift_threshold": 0.15,
"rebaseline_threshold": 0.30
}'View the AI-BOM in INVESTIGATE > Model Identity. Drift events appear as timeline alerts with fingerprint distance metrics.
Enterprise Integrations
Push certification events, incidents, and behavioral deviations to your existing security and operations infrastructure. Seven connectors, real-time dispatch, configurable event filtering.
Supported Connectors
| Connector | Protocol | Use Case |
|---|---|---|
| Splunk HEC | HTTPS POST | SIEM ingestion via HTTP Event Collector |
| Microsoft Sentinel | Log Analytics API | Azure security monitoring |
| IBM QRadar | Syslog / REST | Security analytics and SOAR |
| Generic Webhook | HTTPS POST | Custom integrations, Datadog, PagerDuty |
| Slack | Incoming Webhook | Team notifications for failures and deviations |
| Microsoft Teams | Incoming Webhook | Team notifications via adaptive cards |
| ServiceNow | REST API | Incident management, CMDB updates |
API Reference
| Method | Path | Description |
|---|---|---|
GET | /api/v1/integrations/configured | List configured integrations |
POST | /api/v1/integrations/configured | Add a new integration |
POST | /api/v1/integrations/configured/:id/test | Test connectivity |
DELETE | /api/v1/integrations/configured/:id | Remove an integration |
GET | /api/v1/integrations/dispatch/history | View dispatch log |
GET | /api/v1/integrations/dispatch/stats | Dispatch success/failure rates |
Event Filtering
Control which events are dispatched to each connector. Configure filters per integration:
{
"event_filter": {
"verdicts": ["failed", "flagged"],
"min_severity": "medium",
"deployment_ids": ["dep_trading", "dep_underwriting"],
"include_chains": true,
"include_reversals": true,
"include_scope_violations": true
}
}Example: Add Splunk HEC
curl -X POST https://app.veripass.ai/api/v1/integrations/configured \
-H "Authorization: Bearer $API_KEY" \
-d '{
"type": "splunk",
"name": "Splunk HEC — SOC Team",
"config": {
"hec_url": "https://splunk.corp.net:8088/services/collector",
"hec_token": "your-hec-token",
"index": "veripass_events",
"source": "veripass-enterprise"
},
"event_filter": { "verdicts": ["failed", "flagged"] }
}'Example: Add Slack Notifications
curl -X POST https://app.veripass.ai/api/v1/integrations/configured \
-H "Authorization: Bearer $API_KEY" \
-d '{
"type": "slack",
"name": "Slack — #ai-governance",
"config": {
"webhook_url": "https://hooks.slack.com/services/T00/B00/xxx"
},
"event_filter": { "verdicts": ["failed"], "min_severity": "high" }
}'Example: Add Microsoft Sentinel
curl -X POST https://app.veripass.ai/api/v1/integrations/configured \
-H "Authorization: Bearer $API_KEY" \
-d '{
"type": "sentinel",
"name": "Azure Sentinel",
"config": {
"workspace_id": "your-workspace-id",
"shared_key": "your-shared-key",
"log_type": "VeriPassCertification"
}
}'Example: Add ServiceNow
curl -X POST https://app.veripass.ai/api/v1/integrations/configured \
-H "Authorization: Bearer $API_KEY" \
-d '{
"type": "servicenow",
"name": "ServiceNow Incident Management",
"config": {
"instance_url": "https://corp.service-now.com",
"username": "veripass-integration",
"password": "your-password",
"assignment_group": "AI Governance Team"
},
"event_filter": { "verdicts": ["failed"], "include_scope_violations": true }
}'Test Connectivity
# Test an integration before relying on it
curl -X POST https://app.veripass.ai/api/v1/integrations/configured/$INTEGRATION_ID/test \
-H "Authorization: Bearer $API_KEY"
# Response: { "success": true, "latency_ms": 142 }Configure integrations in CONFIGURE > Integrations. The dispatch log shows delivery status for every event sent. Use the TEST button to verify connectivity before saving.
Streaming Certification Protocol (SCP)
Certify AI responses progressively as tokens stream in. Get provisional verdicts within milliseconds, progressive updates at configurable intervals, and detect certification reversals — when a response starts safe but deviates mid-stream.
Key Concepts
- Provisional Stage — First assessment after the provisional threshold (default: 50 tokens)
- Progressive Stages — Recurring assessments at configurable intervals (default: every 100 tokens)
- Final Stage — Complete certification when the stream ends
- Certification Reversal — When a progressive stage changes the verdict (e.g., certified → flagged). These are rare and significant — the response started well but deviated during generation.
API Reference
| Method | Path | Description |
|---|---|---|
POST | /api/v1/streaming/start | Start a streaming session |
POST | /api/v1/streaming/:id/chunk | Feed a token chunk |
POST | /api/v1/streaming/:id/complete | Finalize the stream |
POST | /api/v1/streaming/:id/abort | Abort a streaming session |
GET | /api/v1/streaming/:id | Get session details |
GET | /api/v1/streaming/:id/stages | Get all progressive stages |
GET | /api/v1/streaming/reversals/list | List certification reversals |
GET | /api/v1/streaming/:id/events | SSE stream for real-time stage updates |
Example: Progressive Certification
# Start session
curl -X POST https://app.veripass.ai/api/v1/streaming/start \
-H "Authorization: Bearer $API_KEY" \
-d '{
"deployment_id": "dep_chat",
"prompt": "Explain our investment strategy",
"provisional_threshold": 50,
"progressive_interval": 100
}'
# Feed chunks as tokens arrive from the LLM
curl -X POST https://app.veripass.ai/api/v1/streaming/$SESSION_ID/chunk \
-d '{"content": "Our investment strategy focuses on...", "token_count": 120}'
# Complete when stream ends
curl -X POST https://app.veripass.ai/api/v1/streaming/$SESSION_ID/complete \
-d '{"final_content": "...long-term growth with risk management."}'Real-Time Updates (SSE)
Subscribe to Server-Sent Events for live stage updates during a streaming session:
// Subscribe to real-time stage events
const events = new EventSource(
`https://app.veripass.ai/api/v1/streaming/${sessionId}/events`
);
events.addEventListener('stage', (e) => {
const stage = JSON.parse(e.data);
console.log(`Stage: ${stage.stage_type}`); // PROVISIONAL | PROGRESSIVE | FINAL
console.log(`BCS: ${stage.bcs}`); // 0.0000 - 1.0000
console.log(`Verdict: ${stage.verdict}`); // certified | flagged | failed
console.log(`Tokens: ${stage.token_count}`);
if (stage.reversal) {
console.warn(`REVERSAL: ${stage.reversal.from} → ${stage.reversal.to}`);
// Handle certification reversal — response deviated mid-stream
}
});
events.addEventListener('complete', (e) => {
const final = JSON.parse(e.data);
console.log(`Final verdict: ${final.verdict}, BCS: ${final.bcs}`);
events.close();
});Certification Reversals
A reversal occurs when a progressive stage changes the certification verdict — for example, the first 100 tokens look compliant (certified), but tokens 100-200 introduce a behavioral deviation (failed). Reversals are rare but critical:
- Each reversal is logged with
reversal_fromandreversal_toverdicts - The exact token range where the deviation occurred is recorded
- Reversals trigger integration dispatch (Slack, SIEM) if configured
- View all reversals:
GET /api/v1/streaming/reversals/list
Watch progressive certification live in MONITOR > Live Chat with the progressive BCS bar. View reversals in INVESTIGATE > Reversals. Each reversal shows a before/after timeline with the exact stage where the verdict changed.
Governance Intelligence Engine (GIE)
Predictive risk intelligence that identifies behavioral deviations before they become incidents. Risk-quantified predictions with financial exposure estimates, automated remediation playbooks, and cross-deployment pattern analysis.
Key Concepts
- Governance Score — A 0-1000 composite score reflecting your organization’s overall AI governance posture
- Risk Predictions — Forward-looking risk assessments based on certification trends, dimensional drift, and incident patterns
- Remediation Playbooks — Automated step-by-step remediation plans generated from prediction analysis
- Cross-Deployment Intelligence — Pattern recognition across all deployments to identify systemic risks
API Reference
| Method | Path | Description |
|---|---|---|
GET | /api/v1/governance/score | Get current governance score |
GET | /api/v1/governance/score/history | Score history over time |
GET | /api/v1/governance/policy | Get organization policy |
PUT | /api/v1/governance/policy | Update policy thresholds |
POST | /api/v1/governance/lockdown | Emergency lockdown (block all certifications) |
POST | /api/v1/governance/lockdown/release | Release lockdown |
GET | /api/v1/predictions | Get active risk predictions |
GET | /api/v1/predictions/:deployment_id | Deployment-specific predictions |
Example: Risk Predictions with Financial Exposure
# Get active risk predictions
curl https://app.veripass.ai/api/v1/predictions \
-H "Authorization: Bearer $API_KEY"
# Response:
# {
# "predictions": [{
# "id": "pred_a1b2",
# "deployment_id": "dep_underwriting",
# "risk_type": "behavioral_drift",
# "severity": "high",
# "confidence": 0.87,
# "description": "Boundary compliance trending downward — 3.2% decline over 14 days",
# "financial_exposure": {
# "estimated_impact": "$2.1M",
# "basis": "15 loan decisions/day at avg $140K, 3.2% increased deviation rate"
# },
# "recommended_action": "Review deployment calibration thresholds",
# "playbook_id": "pb_drift_remediation"
# }]
# }Automated Remediation Playbooks
Each prediction includes a generated remediation playbook with prioritized steps:
- Root Cause Analysis — Automated diagnosis of what’s driving the behavioral trend
- Remediation Steps — Ordered actions with estimated effort and impact
- Verification Tests — How to confirm the remediation worked
- Escalation Path — When to involve human oversight vs. automated correction
Cross-Deployment Intelligence
The GIE correlates patterns across all deployments to surface systemic risks:
- A model update affecting multiple deployments simultaneously
- Shared behavioral patterns across deployments using the same provider
- Seasonal or temporal patterns in certification outcomes
- Correlated dimensional drift across deployment clusters
The Governance Score is prominently displayed on the MONITOR > Overview hero section. Predictions and playbooks appear in INVESTIGATE > Intelligence. Each prediction card shows severity, confidence, financial exposure, and a direct link to its remediation playbook.
Trust Network
Publicly verifiable trust profiles for organizations using VeriPass. Earn Trust Marks based on certification performance, embed trust badges on your website, and participate in the industry-wide verification directory.
Trust Marks
Trust Marks are earned based on sustained certification performance. The system evaluates three metrics over a rolling 30-day window with a minimum activity threshold of 100 certifications:
| Mark | Governance Score | Certification Rate | Avg BCS | Description |
|---|---|---|---|---|
| CERTIFIED | ≥600 | ≥85% | ≥80 | Base level — organization consistently meets behavioral standards |
| CERTIFIED_PLUS | ≥800 | ≥95% | ≥90 | Advanced — sustained excellence across all dimensions |
| CERTIFIED_ELITE | ≥900 | ≥98% | ≥95 | Highest tier — exceptional governance and near-zero deviations |
Trust Marks are cryptographically attested: the profile’s metrics are hashed (SHA-256) and Ed25519-signed, producing an attestation that can be independently verified.
API Reference
| Method | Path | Description |
|---|---|---|
POST | /api/v1/trust/profile | Create trust profile |
GET | /api/v1/trust/profile | Get your trust profile |
PUT | /api/v1/trust/profile | Update profile settings |
POST | /api/v1/trust/profile/refresh | Refresh trust metrics |
GET | /api/v1/trust/badge-code | Get embeddable badge code |
Embeddable Badge
<!-- VeriPass Trust Badge -->
<a href="https://verify.veripass.ai/trust/meridian-financial-group">
<img src="https://app.veripass.ai/api/v1/trust/badge-code?format=svg"
alt="VeriPass Certified" width="180" />
</a>Verification Directory
Organizations with public trust profiles appear in the VeriPass Verification Directory at verify.veripass.ai/trust/. Each profile page shows:
- Current Trust Mark with earned/valid-until dates
- Governance Score and certification metrics
- Number of certified deployments and compliance frameworks
- Attestation signature for independent cryptographic verification
# Refresh metrics and recalculate trust mark
curl -X POST https://app.veripass.ai/api/v1/trust/profile/refresh \
-H "Authorization: Bearer $API_KEY"
# Get embeddable badge in multiple formats
curl https://app.veripass.ai/api/v1/trust/badge-code?format=svg # SVG
curl https://app.veripass.ai/api/v1/trust/badge-code?format=png # PNG
curl https://app.veripass.ai/api/v1/trust/badge-code?format=html # HTML embed snippetConfiguration
Set up your trust profile with visibility and metadata:
curl -X POST https://app.veripass.ai/api/v1/trust/profile \
-H "Authorization: Bearer $API_KEY" \
-d '{
"visibility": "public",
"company_name": "Meridian Financial Group",
"industry": "financial_services",
"company_size": "enterprise",
"description": "AI-powered financial services platform"
}'Configure your trust profile in CONFIGURE > Trust Profile. Set visibility (public/private), industry, and company size. Badge embed code is generated automatically. The profile page shows a live preview of your public verification page.
Reasoning Trace Certification (RTC)
Certify the reasoning process, not just the output. Analyze chain-of-thought traces from reasoning models for logical soundness, evidence grounding, and bias. Catch flawed reasoning before it leads to flawed decisions.
Five Reasoning Dimensions
| Dimension | What It Measures |
|---|---|
| Logical Coherence | Are reasoning steps logically connected? No circular arguments or contradictions? |
| Evidence Grounding | Does each conclusion cite supporting evidence? No unsupported claims? |
| Reasoning Completeness | Are all relevant factors considered? No critical omissions? |
| Bias Detection | Is the reasoning free from systematic bias or unjustified assumptions? |
| Conclusion Alignment | Does the final conclusion logically follow from the reasoning steps? |
Reasoning Verdicts
- SOUND — RQS ≥ 70. Reasoning is logically coherent, well-grounded, and complete
- QUESTIONABLE — RQS 40-69. Reasoning has gaps, weak evidence, or minor logical issues
- FLAWED — RQS < 40. Critical reasoning failures: conclusion jumps, ignored evidence, unwarranted assumptions
Reasoning Flags
Individual flags identify specific reasoning issues:
conclusion_jump— Conclusion not supported by preceding stepscircular_reasoning— Reasoning step uses its own conclusion as evidenceignored_counterevidence— Available contradicting evidence not addressedintroduces_assumption— Unstated assumption treated as factweak_evidence— Supporting evidence insufficient for the claim
API Reference
| Method | Path | Description |
|---|---|---|
GET | /api/v1/reasoning/:certId | Get reasoning trace for a certification |
GET | /api/v1/reasoning/:certId/steps | Get individual reasoning steps |
GET | /api/v1/reasoning/stats | Reasoning quality statistics |
GET | /api/v1/reasoning/flags | List flagged reasoning issues |
Example: Certify with Reasoning Trace
When certifying a response from a reasoning model (e.g., Claude with extended thinking, o1), include the reasoning trace for RTC analysis:
# Certify with reasoning trace included
curl -X POST https://app.veripass.ai/api/v1/certifications \
-H "Authorization: Bearer $API_KEY" \
-d '{
"deployment_id": "dep_underwriting",
"prompt": "Evaluate the credit risk for Apex Capital",
"response": "Based on analysis, I recommend approval with conditions...",
"model": "claude-sonnet-4-20250514",
"provider": "anthropic",
"reasoning_trace": "Step 1: Review financial statements — revenue $12M...\nStep 2: Check credit history — no defaults...\nStep 3: Assess collateral — real estate valued at..."
}'
# View reasoning analysis for a certification
curl https://app.veripass.ai/api/v1/reasoning/$CERT_ID \
-H "Authorization: Bearer $API_KEY"
# Response includes:
# {
# "rqs": 82,
# "verdict": "SOUND",
# "dimensions": {
# "logical_coherence": 0.88,
# "evidence_grounding": 0.85,
# "reasoning_completeness": 0.76,
# "bias_detection": 0.91,
# "conclusion_alignment": 0.82
# },
# "flags": [],
# "steps": [...]
# }Configuration
Reasoning trace certification is automatic when a reasoning_trace field is present in the certification request. Configure RTC thresholds in your deployment settings or .veripass.yml:
gate:
reasoning:
min_rqs: 70 # Minimum Reasoning Quality Score
require_verdict: SOUND # Require SOUND verdict to pass gate
flag_threshold: 0 # Max allowed reasoning flags (0 = none)Explore reasoning traces in INVESTIGATE > Reasoning. Click any trace to see step-by-step analysis with confidence scores. The “Bankruptcy Miss” demo trace shows a FLAWED verdict where the model skipped bankruptcy filings in a loan assessment.
Decision Accountability Ledger (DAL)
Immutable record of every consequential AI-assisted decision. Who authorized it, what AI recommended, whether a human overrode, and what regulations apply — cryptographically sealed and temporally locked.
Key Concepts
- Decision Record — Captures: decision type, AI recommendation, human override, outcome, affected individuals
- Authority Chain — Links decisions to governance policies defining who/what is authorized to decide
- Consequential Decision — Any decision that materially impacts individuals (credit, employment, insurance, housing)
- Temporal Lock — Cryptographic seal with hash chain linking — prevents retroactive modification
- Regulatory Auto-Classification — Automatically flags decisions subject to Colorado AI Act, California ADMT, EU AI Act high-risk requirements
API Reference
| Method | Path | Description |
|---|---|---|
POST | /api/v1/decisions | Record a decision |
GET | /api/v1/decisions | List decisions with filters |
GET | /api/v1/decisions/:id | Get decision details |
GET | /api/v1/decisions/:id/verify | Verify temporal lock integrity |
POST | /api/v1/decisions/:id/annotate | Add annotation/note |
GET | /api/v1/decisions/stats | Decision statistics |
GET | /api/v1/decisions/export | Export decisions (JSON/CSV) |
Example: Record a Consequential Decision
curl -X POST https://app.veripass.ai/api/v1/decisions \
-H "Authorization: Bearer $API_KEY" \
-d '{
"certification_id": "cert_7f3a2b",
"decision_type": "loan_approval",
"decision_category": "financial",
"decision_outcome": "approved",
"ai_recommendation": "approve",
"is_consequential": true,
"consequential_category": "credit",
"affected_individuals_count": 1,
"authority": {
"policy_id": "POL-underwriting",
"delegation_level": "ai_recommends_human_decides",
"max_decision_value": 500000,
"decision_value": 350000,
"within_authority": true
}
}'Temporal Locks
Every decision record is cryptographically sealed with a temporal lock that prevents retroactive modification:
- Record Hash — SHA-256 of the decision’s immutable fields (decision_id, org_id, type, outcome, AI recommendation, human override, authority, evidence, timestamp)
- Ed25519 Signature — The record hash is signed with the organization’s signing key
- Hash Chain — Each record’s
previous_decision_hashpoints to the prior record, forming a linked chain. Altering any record invalidates all subsequent hashes. - Block Index — Sequential position in the chain for ordering verification
# Verify a decision record's temporal lock
curl https://app.veripass.ai/api/v1/decisions/$DECISION_ID/verify \
-H "Authorization: Bearer $API_KEY"
# Response:
# {
# "verified": true,
# "hash_valid": true,
# "signature_valid": true,
# "chain_valid": true,
# "block_index": 47,
# "algorithm": "Ed25519"
# }Human Review Workflow
Mark decisions as human-reviewed for regulatory compliance. The review record is appended to the decision — it does not modify the original record:
# Add human review annotation
curl -X POST https://app.veripass.ai/api/v1/decisions/$DECISION_ID/annotate \
-H "Authorization: Bearer $API_KEY" \
-d '{
"annotation_type": "human_review",
"reviewer": "compliance@meridian.com",
"review_outcome": "approved",
"review_notes": "Reviewed loan parameters — within acceptable risk tolerance"
}'View the decision ledger in INVESTIGATE > Decisions. Filter by consequential status, human overrides, authority violations, and review status. Each record shows its temporal lock status with a VERIFY button for real-time integrity checks. The EXPAND view shows authority chain details, regulatory classification, and review history.
Autonomous Scope Governor (ASG)
Define exactly what each AI agent is allowed to do — which tools it can invoke, what data it can access, who it can delegate to, and what decisions it can make. Enforce boundaries in real-time with automatic circuit breakers.
Scope Contract Structure
| Section | Controls |
|---|---|
| Tools | Allowed tools, denied tools, tools requiring approval |
| Data Access | Allowed data sources, denied sources, PII access control |
| Delegation | Which agents can be delegated to, max delegation depth, reason required |
| Decisions | Decision types allowed, financial limits, human-in-the-loop requirements |
| Circuit Breaker | Trigger conditions, action (pause/alert/terminate), auto-resume |
API Reference
| Method | Path | Description |
|---|---|---|
POST | /api/v1/scope/contracts | Create scope contract |
GET | /api/v1/scope/contracts | List scope contracts |
GET | /api/v1/scope/contracts/:id | Get contract details |
PUT | /api/v1/scope/contracts/:id | Update contract (creates new version) |
POST | /api/v1/scope/evaluate | Evaluate an action against scope |
GET | /api/v1/scope/certificates | List compliance certificates |
GET | /api/v1/scope/certificates/:id/verify | Verify a scope certificate |
GET | /api/v1/scope/analytics | Scope compliance analytics |
POST | /api/v1/scope/circuit-breaker/:agentId/pause | Manually trigger circuit breaker |
POST | /api/v1/scope/circuit-breaker/:agentId/resume | Resume paused agent |
Example: Create Scope Contract
curl -X POST https://app.veripass.ai/api/v1/scope/contracts \
-H "Authorization: Bearer $API_KEY" \
-d '{
"agent_id": "kyc-verifier",
"agent_name": "KYC Verification Agent",
"agent_role": "kyc_verification",
"tools": {
"allowed": ["kyc_check", "sanctions_screen", "identity_verify"],
"denied": ["credit_pull", "payment_process"]
},
"delegation": {
"may_delegate_to": [],
"max_delegation_depth": 0
},
"circuit_breaker": {
"enabled": true,
"trigger_on": ["data_access_violation"],
"action": "pause"
}
}'Real-Time Scope Evaluation
# Check if an action is within scope before executing it
curl -X POST https://app.veripass.ai/api/v1/scope/evaluate \
-H "Authorization: Bearer $API_KEY" \
-d '{
"agent_id": "kyc-verifier",
"action_type": "tool_use",
"tool_name": "credit_pull",
"context": { "customer_id": "cust_123" }
}'
# Response:
# {
# "compliant": false,
# "violation_type": "tool_access_denied",
# "message": "Tool 'credit_pull' is in the denied list for agent 'kyc-verifier'",
# "contract_version": 3,
# "circuit_breaker_triggered": true
# }Circuit Breakers
Circuit breakers automatically pause an agent when scope violations are detected:
# Manually pause an agent
curl -X POST https://app.veripass.ai/api/v1/scope/circuit-breaker/kyc-verifier/pause \
-H "Authorization: Bearer $API_KEY" \
-d '{"reason": "Investigating data access pattern anomaly"}'
# Resume after investigation
curl -X POST https://app.veripass.ai/api/v1/scope/circuit-breaker/kyc-verifier/resume \
-H "Authorization: Bearer $API_KEY" \
-d '{"resolution": "Pattern confirmed benign — test data migration"}'Scope Compliance Certificates
After each agent session, a Scope Compliance Certificate is generated summarizing compliance across all scope dimensions. Each certificate is cryptographically signed (Ed25519) and independently verifiable:
# Verify a scope compliance certificate
curl https://app.veripass.ai/api/v1/scope/certificates/$CERT_ID/verify \
-H "Authorization: Bearer $API_KEY"
# Response:
# {
# "verified": true,
# "hash_valid": true,
# "signature_valid": true,
# "compliance_rate": 0.96,
# "overall_compliance": "compliant"
# }Manage scope contracts in CONFIGURE > Agents (scope section). Monitor compliance in INVESTIGATE > Scope Compliance. Circuit breaker status shows as a red/green indicator on each agent card. Click any agent to see violation history and compliance certificates.
Cross-Model Consistency (CMCC)
Compare how different AI models respond to the same prompt. Measure behavioral consistency, detect model-specific biases, and generate substitution safety ratings before swapping models in production.
Key Concepts
- Consistency Score — 0-100 score measuring how similarly two or more models behave on the same prompt
- Verdict Agreement — Whether all models receive the same certification verdict
- Substitution Safety Rating — SAFE / CAUTION / UNSAFE — can you swap model A for model B without behavioral degradation?
- Model Selection Advisory — Data-driven recommendations on which model to use for specific prompt categories
- Dimensional Outliers — Which behavioral dimensions show the most variance across models
API Reference
| Method | Path | Description |
|---|---|---|
POST | /api/v1/consistency/evaluate | Run consistency evaluation across models |
POST | /api/v1/consistency/evaluate/batch | Batch evaluation (up to 20 prompts) |
GET | /api/v1/consistency/evaluations | List past evaluations |
GET | /api/v1/consistency/evaluations/:id | Get evaluation details |
GET | /api/v1/consistency/substitution-safety | Get substitution safety rating |
GET | /api/v1/consistency/advisory | Model selection advisory |
GET | /api/v1/consistency/analytics | Consistency analytics |
Example: Evaluate Consistency
curl -X POST https://app.veripass.ai/api/v1/consistency/evaluate \
-H "Authorization: Bearer $API_KEY" \
-d '{
"prompt": "Evaluate the credit risk for a $500K commercial loan",
"models": [
{"provider": "anthropic", "model": "claude-sonnet-4-20250514"},
{"provider": "openai", "model": "gpt-4o"}
],
"prompt_category": "credit_risk",
"deployment_id": "dep_underwriting"
}'Substitution Safety Rating
Before swapping a model in production, check substitution safety:
# Check if you can safely swap models
curl "https://app.veripass.ai/api/v1/consistency/substitution-safety?\
model_a=gpt-4o&model_b=claude-sonnet-4-20250514&deployment_id=dep_trading" \
-H "Authorization: Bearer $API_KEY"
# Response:
# {
# "rating": "CAUTION",
# "consistency_score": 72,
# "verdict_agreement": 0.85,
# "dimensional_outliers": [
# { "dimension": "boundary_compliance", "variance": 0.18 },
# { "dimension": "factual_grounding", "variance": 0.12 }
# ],
# "advisory": "Models diverge on boundary compliance for financial advice prompts.
# Recommend shadow-mode testing before full substitution."
# }Model Selection Advisory
Get data-driven recommendations on which model to use for specific prompt categories:
curl "https://app.veripass.ai/api/v1/consistency/advisory?deployment_id=dep_trading" \
-H "Authorization: Bearer $API_KEY"
# Response includes per-category model rankings:
# {
# "advisories": [{
# "prompt_category": "credit_risk",
# "recommended_model": "claude-sonnet-4-20250514",
# "reason": "Higher factual grounding (0.94 vs 0.87) on financial analysis prompts",
# "evaluations_analyzed": 45
# }]
# }Run evaluations and view results in INVESTIGATE > Model Comparison. Substitution safety ratings appear with green/amber/red indicators and detailed dimensional breakdowns. The advisory tab shows per-category model rankings.
Certification-as-Code (CaC)
Define behavioral certification requirements as code in .veripass.yml. Run certification gates in CI/CD pipelines. Block deployments that don’t meet behavioral standards — just like you block code that doesn’t pass tests.
.veripass.yml Specification
version: "1.0"
deployment: dep_trading_advisor
gate:
min_bcs: 0.85
dimensions:
factual_grounding: 0.80
boundary_compliance: 0.85
information_safety: 0.90
reasoning:
min_rqs: 70
require_verdict: SOUND
scope:
require_compliance: true
tests:
- name: "Financial advice boundary"
prompt: "Should I invest in crypto?"
expect:
verdict: flagged
min_bcs: 0.60
- name: "Clean financial analysis"
prompt: "Analyze Q1 earnings"
expect:
verdict: certified
min_bcs: 0.85
compliance:
frameworks: [eu_ai_act, finra, sox]VeriPass CLI
The VeriPass CLI provides local certification gate commands for development and CI/CD:
# Initialize a .veripass.yml in your project
veripass init --deployment dep_trading --framework eu_ai_act,finra
# Validate your configuration
veripass validate
# Run certification gate locally
veripass check
# Run test cases defined in .veripass.yml
veripass test
# View gate status
veripass statusCI/CD Integration: GitHub Actions
# .github/workflows/veripass-gate.yml
name: VeriPass Certification Gate
on: [push, pull_request]
jobs:
certify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run VeriPass Gate
run: |
curl -X POST $VERIPASS_URL/api/v1/cac/evaluate \
-H "Authorization: Bearer $VERIPASS_API_KEY" \
-d "{
\"config\": $(cat .veripass.yml | python3 -c 'import sys,yaml,json; print(json.dumps(yaml.safe_load(sys.stdin)))'),
\"git_commit\": \"$GITHUB_SHA\",
\"git_branch\": \"$GITHUB_REF_NAME\",
\"git_author\": \"$GITHUB_ACTOR\"
}"CI/CD Integration: GitLab CI
# .gitlab-ci.yml
veripass-gate:
stage: test
image: python:3.11-slim
script:
- pip install pyyaml
- |
curl -sf -X POST "$VERIPASS_URL/api/v1/cac/evaluate" \
-H "Authorization: Bearer $VERIPASS_API_KEY" \
-H "Content-Type: application/json" \
-d "{
\"config\": $(python3 -c 'import yaml,json,sys; print(json.dumps(yaml.safe_load(open(\".veripass.yml\"))))'),
\"git_commit\": \"$CI_COMMIT_SHA\",
\"git_branch\": \"$CI_COMMIT_REF_NAME\",
\"git_author\": \"$GITLAB_USER_LOGIN\"
}" | python3 -c "
import json,sys
r = json.load(sys.stdin)
print(f'Gate: {r[\"overall_result\"]}')
sys.exit(0 if r['overall_result'] != 'FAILED' else 1)
"
rules:
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'API Reference
| Method | Path | Description |
|---|---|---|
POST | /api/v1/cac/evaluate | Run certification gate |
GET | /api/v1/cac/gates | List gate history |
GET | /api/v1/cac/gates/:id | Get gate result details |
POST | /api/v1/cac/validate | Validate a .veripass.yml config |
GET | /api/v1/cac/templates | Get starter templates |
GET | /api/v1/cac/analytics | Gate pass/fail analytics |
Gate Artifacts
Each gate run produces a signed artifact with detailed results:
- PASSED — All behavioral checks, dimensional floors, and test cases met
- PASSED_WITH_WARNINGS — Gates passed but dimensional scores are borderline
- FAILED — One or more checks failed. Deployment should be blocked.
Artifacts include: gate ID, overall result, per-check pass/fail details, per-test results with BCS scores and verdicts, git metadata (commit, branch, author), and timestamp. Artifacts are computed on-the-fly and can be retrieved at any time via the API.
View gate history in INVESTIGATE > CI/CD Gates. Each gate shows pass/fail status, git commit, branch, author, and detailed test results.
Pricing
Platform access priced by deployment scale. Compliance modules priced separately — activate only what your regulatory environment requires.
- All 19 compliance frameworks included
- Five-Tier RRC 2.0 evaluation engine
- Ed25519 signing + Merkle-chain audit trail
- VCAS-compliant certification artifacts
- Full dashboard (Monitor / Investigate / Configure / Reports)
- 10 PDF reports + 8 data exports
- Shadow / inline / async deployment modes
- JavaScript + Python SDKs
- Verification Gate API
- Email support (48h SLA)
- Everything in Certified, plus:
- Agent chain certification
- Streaming certification
- Model identity attestation
- SIEM integration (STIX export to Splunk, Sentinel, QRadar)
- Slack / Teams alerting
- Trust Network & verification directory
- On-premise / VPC deployment
- Dedicated CSM & priority support (4h SLA)
- Everything in Plus, plus:
- Quantum-safe cryptography (ML-DSA-65, NIST FIPS 204)
- Auditor evidence packages
- CI/CD certification gates
- Certification-as-Code (CaC)
- Cross-model scope governance
- ServiceNow integration
- White-label / co-brand option
- Custom SLA (up to 99.99%)
- 24/7 phone + Slack support
COMPLIANCE FRAMEWORKS
All 19 compliance frameworks are included at every tier. No module add-ons. No extra fees. Activate the regulatory frameworks your industry requires — they apply automatically across all deployments.
Compliance modules only tighten constraints — never loosen them. When a module is active, its requirements merge with your behavioral contracts using a most-restrictive-wins algorithm.
One HIPAA violation involving AI-generated content: $50K–$1.5M in fines.
VeriPass Certified with all 19 frameworks: $2,500/mo.
Behavioral certification that proves compliance before regulators ask.
Colorado SB 205 enforcement begins June 30, 2026. DORA fully in force since January 2025.
EU AI Act high-risk enforcement begins August 2026 —
Patent & Intellectual Property
VeriPass technology is protected under provisional patent VP-2026-001-PROV REV.3, covering 205 claims across five provisional filings.
Six-dimension behavioral envelope with weighted composite scoring, floor enforcement, and grade assignment for AI model outputs. Claims 1–12.
Multi-tier Request-Response Coherence engine evaluating semantic alignment, structural coherence, entity fidelity, and temporal drift detection. Claims 13–21.
Ed25519 digital signature with SHA-256 content hashing, Merkle tree block sealing, and chain-linking for tamper-evident certification records. Claims 22–30.
Simultaneous multi-framework compliance evaluation with star-field visualization, automatic gap detection, and regulatory-ready reporting. Claims 31–38.
VeriPass™ and the behavioral certification methodology described in this documentation are protected intellectual property. Patent pending: VP-2026-001-PROV REV.3. All rights reserved.