Skip to content
Verifor

Verifor

When an AI agent does something, Verifor captures (a) what it declared it would do, (b) what it actually did, (c) who and what authorized each step, and (d) produces signed, transparency-log-anchored evidence anyone can verify offline without trusting us.
Quickstart Read the spec GitHub

What’s in the open layer

Section titled “What’s in the open layer”

This is Verifor’s open layer — Apache-2.0 source, CC-BY-4.0 specs, and a public transparency log anyone can run independently.

  • Open spec, frozen v0.0.0 — Intent Contract and Integration Contract published at schemas.verifor.dev.
  • Public transparency loglog.verifor.dev. Append-only Merkle log, OpenTimestamps-anchored, independently witnessed. RFC-6962 shape.
  • Offline verifier CLIverifor-verify. Apache-2.0 single binary that verifies any bundle without network.
  • In-browser verifierverify.verifor.dev. Same verification logic running in a browser’s Web Crypto context — no WASM, so the verification computation is inspectable in browser DevTools.
  • Reference adapters@verifor/sdk-core (runtime-agnostic SDK) and @verifor/adapter-mcp (Model Context Protocol bridge). Together they cover the entire MCP ecosystem — every MCP-speaking model runtime gets accountability through one adapter. Additional runtime coverage ships in the commercial distribution.

Why this exists

Section titled “Why this exists”

EU AI Act Article 12 logging enforcement begins 2026-08-02 with penalties up to €15M / 3% of turnover. Existing tools answer “what happened”; regulators are increasingly asking “prove it, offline, without trusting your vendor.” That answer is what Verifor produces.

This OSS half is the part that survives Verifor as a company. The spec, the log, the verifier — those keep working whether or not the commercial side does. Apache-2.0 + CC-BY-4.0 is the substrate for that durability.

Where to next

Section titled “Where to next”
  • Quickstart — declare your first contract, capture your first bundle, verify it offline. Five minutes.
  • Concepts — Intent Contract, evidence bundle, hash chain, transparency log, witnesses.
  • Adapters — the reference implementations across distinct runtimes (SDK, MCP).
  • Schemas — the canonical JSON schemas the verifier validates against.
  • Verify a bundle — CLI or in-browser. Same proof, different surface.
  • CLI referenceverifor-verify flags, options, exit codes.

Commercial-tier surfaces

Section titled “Commercial-tier surfaces”

The premium UI, enterprise admin (SSO/SCIM/BYOK), Sovereign-deployment infrastructure, additional runtime coverage beyond the open layer, narrative generation, threat-intel overlays, the signed-workpaper export pipeline, and the full backend service stack are part of the commercial distribution. Customers receive access as part of their Sovereign or Enterprise+ subscription. Contact [email protected] for commercial-tier inquiries.