TraceVault

Evidence support for The Veil Core

Forensic proof of every AI decision.

TraceVault creates cryptographically signed, tamper-evident records of every AI decision. When regulators, auditors, or customers ask what your AI did and why — you have forensic proof, not logs.

EU AI Act Article 14 enforcement beginsAugust 2, 2026

The Provenance Gap

What auditors see today

  • Application logs that can be altered after the fact
  • No cryptographic integrity — anyone with DB access can edit
  • Timestamps from your own servers, not independently verifiable
  • No chain linking — records can be deleted without trace

What TraceVault provides

  • Ed25519-signed decision envelopes — tamper-evident by design
  • SHA-256 hash chain — each record links to the previous one
  • RFC 3161 timestamps from independent authorities
  • Optional Sigstore Rekor publication — public, append-only proof

How It Works

01

Decision Event

Your Application

Your AI call — whether a direct API request, an agent workflow, or a custom pipeline — gets wrapped by the TraceVault SDK. The SDK captures what was decided, inputs considered, model used, confidence score.

02

Cryptographic Signing

TraceVault SDK

TraceVault SDK signs the record with Ed25519. Each record chains to the previous one via SHA-256 hash chain.

03

Independent Timestamp

External TSA

An RFC 3161 Timestamp Authority co-signs with a qualified timestamp. The record is now provably dated by a third party.

04

Transparency Log

Rekor (Public)

Optionally published to Sigstore Rekor — a public, append-only transparency log. Anyone can verify the record existed at that time.

Drop-in SDK

Two integration paths. Zero-code wrapper for Anthropic and OpenAI, or manual instrumentation for full control over any AI pipeline.

npm install @declade/traceveil-sdk
import Anthropic from "@anthropic-ai/sdk";
import { wrapAnthropic } from "@declade/traceveil-sdk";

const anthropic = new Anthropic();
const { client, getRecords } = wrapAnthropic(anthropic, { config });

// Use as normal — every call is automatically recorded
const response = await client.messages.create({
  model: "claude-sonnet-4-20250514",
  messages: [{ role: "user", content: userInput }],
});

// Each call → signed, chained, timestamped decision record
const records = getRecords();

What You Get

Forensic Decision Records

Signed, chained, independently timestamped decision envelopes that hold up under regulatory scrutiny.

EU AI Act Article 14 Ready

Decision records map directly to Article 14 human oversight requirements. Enforcement begins August 2, 2026.

TypeScript SDK

Drop-in SDK for Node.js and TypeScript. Wrap your AI calls, get provenance automatically. CLI for verify and export.

PDF Decision Certificates

Export any decision as a signed PDF certificate. Hand your auditor a document, not a database query.

Hash Chain Integrity

Every record links to the previous via SHA-256. Deleting or altering any record breaks the chain — tampering is immediately detectable.

Part of The Veil Core

TraceVault is the evidence layer of The Veil Core, not a separate product we sell on its own. It ships with an engagement; it is not a self-serve purchase.

Compliance Mapping

RegulationRequirementTraceVault Response
EU AI Act Art. 14Human oversight with sufficient recordsSigned decision records with full input/output provenance
EU AI Act Art. 12Automatic logging of AI system operationCryptographic hash chain — append-only, tamper-evident
GDPR Art. 22Meaningful information about automated decisionsDecision records include model, inputs, confidence, reasoning
DORA Art. 11ICT incident logging and reportingIndependent TSA timestamps prove when decisions occurred

Evidence Layer for The Veil Core.

TraceVault is the cryptographic evidence layer of The Veil Core. It ships with an engagement and is scoped alongside the rest of the pipeline — it is not sold as a separate main product, and there is no self-serve purchase path today.

Combined with the split-knowledge pipeline, you get identity-separated decision provenance — the AI that made the decision never knew who it was about, and you can prove it.

Get early access to the SDK

Book an Assessment