Prove what your AI
actually did.
Axyvera seals every AI coding session into a tamper-evident, hash-chained record — exported as a signed .axy bundle anyone can verify offline. No trust required, and nothing leaves your machine.
works with Claude Code & OpenAI Codex · free verifier, no license
A hash-chained record of the session
Every event an agent produces is normalised to a canonical form and appended to a hash chain. Change one byte anywhere in the history and the chain no longer verifies. Truncate the tail and the anchored count catches it.
- RFC 8785 canonical JSON digests
- Append-only, tamper-evident ordering
- Detects edits, reorders, and truncation
Each event is hashed with the digest of the one before it. The chain is only valid if every link agrees — a single altered byte breaks it.
Portable proof in a single .axy file
Export a session as a signed evidence bundle: the chain, its manifest, the coverage it honestly claims, and an Ed25519 signature. Hand it to a reviewer, an auditor, or a customer — it stands on its own.
- Ed25519-signed manifest
- Self-contained and offline
- Backward-compatible bundle format
A bundle carries the chain, its manifest, the coverage it claims, and an Ed25519 signature. It is complete on its own.
Anyone can check it, no license required
Verification is free and license-independent — on purpose. The party checking evidence should never have to trust, or pay, the party that produced it. Structure, content, signature, and coverage are reported separately.
- No account, no telemetry, no lock-in
- Separates signature validity from signer trust
- Reports coverage verbatim — never inflated
The verifier is a separate, free tool. Whoever receives evidence can check it without trusting — or paying — whoever produced it.
Redaction happens before anything is stored
Raw prompts, hook payloads, transcripts, and credentials are never persisted — not to disk, not to a vault, not to us. Nothing about your code or your session leaves the machine. There is no activation server to phone.
- Redaction before persistence, always
- No raw prompts or hidden reasoning stored
- Fully offline; nothing transmitted
Redaction runs before persistence. There is no server to phone, no telemetry, and no raw prompt ever written to disk.
Three commands, start to proof
Wrap a session, export a bundle, verify it. The capture is automatic; the proof is portable.
$ axyvera codex exec "add rate limiting to the API" sealing session · 42 events · chain valid $ axyvera adapters finalize codex --export ./proof.axy wrote proof.axy · ed25519 signed $ axyvera verify ./proof.axy signature: valid content: intact coverage: complete-for-declared-capabilities overall: PASS
The person reviewing the work runs one free command and gets an unambiguous verdict — with the coverage stated honestly, not sold.
- No CI wiring required to start
- Works the same offline and air-gapped
- Bundles stay compatible across versions
Coverage you can trust because it can say “no”
Most tools claim completeness. Axyvera reports exactly what it captured — and flags what it couldn't — in four honest states.
Provenance never escalates. Adapter-captured evidence is labelled adapter-reported, never observed. A tool that will admit a gap is a tool you can put in front of an auditor.
- complete-for-declared-capabilitiesEverything the adapter can capture, it captured. No gaps.
- partialMeaningful capture with identifiable holes — stated plainly.
- degradedStorage fell back or gaps were recorded during capture.
- unverifiableThe chain did not verify. We say so, loudly.
Bring evidence to AI-assisted work
Pro, Team, and Enterprise are onboarding now. The verifier is free forever — start by checking a bundle.
Request access to Axyvera
Tell us about your team and what you're building with AI. We'll set you up with a signed license.