Proof

Proof that survives outside the dashboard.

An EvidencePack is a content-addressed, signed bundle of receipts and proof-graph edges. It is built to verify offline, so a reviewer or a customer can check what your AI agents did without trusting your console.

Hashed, not stored. Signed, not logged. Verified by anyone, not just you.

Verify a sample EvidencePack Receipts vs logs

What it is

A bundle that carries its own proof.

When an AI agent takes a sequence of consequential actions, the evidence is scattered across logs and consoles. An EvidencePack collects the signed receipts, binds them with the proof-graph edges that show how they relate, and addresses the whole set by a content hash. The pack is the proof, not a pointer to it.

Manifest

A canonical index of every artifact in the pack, hashed so the contents cannot be swapped or trimmed.

Receipts

The signed verdicts and bound effects for each action, each one verifiable on its own.

ProofGraph edges

The causal links between intents, verdicts, and effects, so the order of events is part of the record.

Policy references

The policy hashes each action was checked against, so a reviewer can see the rules that applied.

Content hash

A single hash over the canonical manifest, so the whole pack is addressed by its contents.

Verifies offline

Everything needed to check the pack travels with it. No live HELM, no dashboard, no trust in the source.

Why offline matters

A record you can only read in one console is not evidence.

The people who most need the proof are the ones outside your systems: a security reviewer, an auditor, a customer doing diligence. An EvidencePack is built for them.

  • The content hash detects any change to the manifest or its artifacts.
  • Each receipt signature verifies with the public key, on any machine.
  • The proof-graph edges preserve the order of intents, verdicts, and effects.
  • No dependency on a live HELM instance or a vendor dashboard to read it.

How to verify

Four steps, no service required.

Verification is a local check. Anyone with the pack and the public key can run it.

Step 1

Take the pack

Receive the EvidencePack as a file. It carries everything needed to check it.

Step 2

Recompute the hash

Hash the canonical manifest and compare it to the pack’s content hash.

Step 3

Check the signatures

Verify each receipt signature with the public key. No live service required.

Step 4

Read the verdict

See the ALLOW, DENY, or ESCALATE decision and the effect it was bound to.

Questions

EvidencePacks, in plain terms.

What is an EvidencePack?

A content-addressed, signed bundle that holds a manifest, the receipts for a set of actions, and the proof-graph edges between them. It is built so it can be verified outside any dashboard, by someone who does not run your systems.

Why does offline verification matter?

A record you can only read inside a vendor console is only as trustworthy as the console. An EvidencePack is hashed and signed, so a reviewer, an auditor, or a customer can verify it on their own machine without trusting the source.

How is a pack different from a single receipt?

A receipt proves one action. An EvidencePack collects the receipts for a sequence, adds the proof-graph edges that show how they relate, and binds the whole set under one content hash.

How do I verify one?

Recompute the manifest hash, compare it to the pack’s content hash, then check each receipt signature with the public key. If the hash matches and the signatures verify, the pack has not been altered.

Keep reading

Follow the proof path.

Receipts vs logs Why a log is not proof an action was authorized. Execution authority The layer that decides whether an action may run. HELM AI Kernel The open-source fail-closed execution boundary. Verify a sample EvidencePack Check a signed bundle for yourself.

Terms

Plain-language terms

EvidencePack

A small bundle of records used to verify one event or review path.

Use for replayable evidence slices.
ProofGraph

A record chain that helps replay and check what happened.

Use for HELM proof records and replay paths.
ALLOW

HELM lets the action run.

Use as a canonical verdict.
DENY

HELM blocks the action.

Use as a canonical verdict.
ESCALATE

HELM stops and asks for more facts, policy, or human approval.

Use as the canonical non-dispatch path for missing facts, policy hold, or approval.

Hand over proof, not access.

See a signed EvidencePack and verify it yourself, the way a reviewer would.

Verify a sample EvidencePack Request an architecture review