Provncloud
Home
Log inGet Started
GitHubX

Protocol Vault // Core_V1

The Gateway to
Verifiable History

We transform data fingerprints into permanent, cryptographically verifiable audit trails anchored through Economy batching and direct Solana settlement modes.

0. Input Manifest

Input_Formatting

All claims MUST be pre-hashed using SHA-256 before submission. The API performs strict format validation.

Schema_Requirements
  • Exact 64 Hex Characters
  • No "0x" Prefix Allowed
  • Case Insensitive [0-9A-F]
Example Payload
{
"claim": "8f434346648f6b96df89dda901c5176b10a6d83961dd3c1ac88b59b2d8227a1"
}

Payload_Constraints

Optional structured data attached to anchors is subject to strict security hardening.

Hard_Thresholds
  • Max Size: 2,048 Bytes
  • Max Depth: 5 Levels
  • ASCII Printable Only
Note: Non-ASCII characters are automatically stripped by the sequencer to prevent PII leaks.

1. System Integrity

Monitor the production Orchestration Layer. The health probe verifies core stability and the exposed settlement modes.

GET /health
curl -X GET /api/health
Protocol_v4.1_Finalized
Ground Truth JSON
{
"status": "healthy",
"timestamp": "2026-01-03T04:10:00Z",
"services": {
"supabase": "healthy",
"solana": "healthy",
"api": "healthy"
}
}

2. Integration Registry

View Sovereign SDK on GitHub

X Python_Implementation

main.py
import requests
import hashlib
# 1. Prepare Claim
data = "my-secure-data-v1"
claim = hashlib.sha256(data.encode()).hexdigest()
# 2. Submit to Provncloud
res = requests.post(
"/api/api/verify",
headers={"X-API-Key": "provn_sk_live_xxxxxxxxxxxxxxxxxxxxxxxx"},
json={"claim": claim, "anchor_mode": "standard"}
)
print(f"Receipt: {res.json()['provn_receipt']['signature']}")

Node_TS_Implementation

anchor.ts
const res = await fetch("/api/api/verify/priority", {
method: "POST",
headers: {
"X-API-Key": "provn_sk_live_xxxxxxxxxxxxxxxxxxxxxxxx",
"Content-Type": "application/json"
},
body: JSON.stringify({
claim: "8f43...92a1"
})
});
const { anchor } = await res.json();

3. Hosted MCP Evidence

ProvnCloud runs McpVanguard as a dedicated adjacent runtime for your tenant. MCP tool calls are inspected at the gateway, hash-only receipt events are collected, and eligible receipts can become independently verifiable evidence without sending raw prompts, tool arguments, or secrets to ProvnCloud. Production runtimes are expected to run from a pinned immutable GHCR image digest, while ProvnCloud keeps the backend digest env and wrapper service source in lockstep.

1. Inspect

McpVanguard evaluates the mediated MCP request and returns allow, block, shadow_block, or review decisions.

2. Commit

The wrapper emits receipt_v1 events with canonical hashes and receipt-chain continuity fields.

3. Collect

The managed collector uploads tenant-scoped batches to ProvnCloud and reports heartbeat, backlog, quarantine, and upload offsets.

4. Verify

ProvnCloud stores receipt evidence, anchors eligible receipts, and exports verification bundles for /verify.

Receipt Proof Bundle Shape
{
"bundle_schema_version": "provncloud.mcp.receipt_proof_bundle.v1",
"receipt_id": "rec_...",
"canonical_digest": "sha256:...",
"anchor_status": "anchored",
"proof_material_available": true,
"proof_material_status": "available",
"receipt_snapshot": {
"receipt_event_redacted": true,
"canonical_digest": "sha256:..."
},
"chain_verification": {
"continuity_verified": true
}
}
Customer Verification Path

Download an exported evidence or proof bundle from Runtime Receipts, then paste the JSON into the public verifier.

/live means the process is alive, /ready means the runtime can serve traffic, and evidence ready means receipt uploads are fresh with no backlog or quarantine. Evidence files and dashboards must never include raw prompts, tool arguments, secrets, service tokens, or registry credentials. Receipt/proof records preserve evidence; they do not authorize downstream actions.

Open /verify

02_Authentication_Vectors

JWT_BEARER
WEB_RESOURCES
Authorization: Bearer <jwt>

OIDC/Supabase sessions for browser-based dashboards and user-facing explorers.

API_KEY
BACKEND_NODES
X-API-Key: provn_sk_live_...

Argon2 hashed keys for secure, server-to-server headless integration.

ED25519_SIG
SOVEREIGN_AUTH
X-Signature: <ed25519_hex>

Cryptographic proof-of-identity using Ed25519 key pairs for trustless authentication.

Sovereign_Ed25519_Signature

Trustless authentication using Ed25519 key pairs. No passwords, no sessions:

1. CHALLENGE

Server returns nonce via X-Nonce header.

2. SIGN

Client signs nonce + timestamp with Ed25519 private key.

3. VERIFY

Retry request with X-Signature header containing signed payload.

4. FINALITY

Server verifies signature and anchors the data.

Retry Headers Required:
payment-token:550e8400-e29b-41d4-a716...
payment-signature:4vB5T...zk9xWR

03_Settlement_Tiers

A

Economy_Mode

Batched (variable)
FREE

Batched low-cost settlement for high-volume SHA-256 claims. Economy batches proofs efficiently on Solana.

  • Solana batch settlement
  • BFT finality after batch flush
  • Merkle inclusion proofs provided
POST /api/verify (Economy)
curl -X POST /api/api/verify \
-H "X-API-Key: provn_sk_live_xxxxxxxxxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{
"claim": "8f43...92a1",
"anchor_mode": "economy"
}'
B

Standard_Mode

~1–5s (Solana finality)
1 credit

Direct settlement mode for paid traffic. Standard requests target Solana directly for fast, direct settlement.

  • 1 credit per proof
  • ~1–5s (Solana finality)
  • Direct settlement on Solana
POST /api/verify (Standard)
curl -X POST /api/api/verify \
-H "X-API-Key: provn_sk_live_xxxxxxxxxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{
"claim": "d1e2...f5a4",
"anchor_mode": "standard",
"lane": "solana"
}'
C

Priority_Mode

Direct / Sync
6 credits

The ultra-low-latency settlement path. Use the dedicated priority endpoint for direct anchoring on Solana.

  • 6 credits per proof
  • Direct synchronous settlement (Jito bundle)
  • Solana targeting
POST /api/verify/priority
curl -X POST /api/api/verify/priority \
-H "X-API-Key: provn_sk_live_xxxxxxxxxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{
"claim": "7c9b...0e3d"
}'
The_UX_Bridge_Protocol

Every request returns a Provncloud-Signed Receipt immediately. This Sovereign Assurance allows independent verification while chain finality completes by lane.

05_Advanced_Cryptography

Batch_Proof_Sequencing

Enterprise_OnlyMerkle_Construction

Merkle tree batching proves inclusion and sequence integrity across proof batches. Each batch root is anchored to Solana with a deterministic ordering guarantee.

root = merkle(h1, h2, ..., hn)
Verify Batch Externally
POST /api/api/verify

Hash-Only_Privacy

Universal privacy by design. Provncloud acts as a blind sequencer, anchoring Fingerprints (Hashes) without ever seeing the raw data payload.

  • Privacy FirstSupports Art 14 EU AI Act
  • Audit TrailANC_77a2... Verification
Fetch Compliance Receipt
GET /api/api/audit/log?anchor_id=...

07_Error_Interrogation

400
BAD_REQUEST

Invalid hash format (non-64 hex) or metadata too deep/large.

401
UNAUTHORIZED

Missing or malformed X-API-Key or JWT Bearer token.

402
PAYMENT_REQ

Insufficient credits or free tier limit reached. Top up credit packs or upgrade to proceed.

429
RATE_LIMIT

Ingress burst limit exceeded. Slow down your requests.

QoS_Infrastructure_Quotas

Traffic_Enforcement

Burst_Thresholds
  • Free Tier2 / SEC
  • Pro Tier10 / SEC
  • Enterprise100 / SEC

Limits are enforced per User_ID using a token-bucket algorithm. Management endpoints (Keys, Billing) are restricted to 100/min.

Response_Envelope

POST /api/verify Response
{
"proof_hash": "8f43...92a1",
"anchor": {
"mode": "standard",
"status": "confirmed",
"tx_signature": "5vB5...zk9xWR",
"anchored_at": "2026-01-12T20:00:00Z"
}
}

The tx_signature is your permanent audit key. It points to the inclusion record on the selected settlement network.

08_Sovereign_Verification

Zero-Trust_Audit_Trail

Provncloud is "Zero-Exit" by design. You can verify any claim independently of our infrastructure using the selected decentralized settlement layer.

1. Verify L1 Signature

Query the relevant chain explorer or node for the tx_signature. Verify the fingerprint matches your computed hash.

2. Immutable Trust

Supported settlement networks provide permanent cryptographic finality. Zero vendor lock-in.

Recommended_Library: provn-verify-sdk

For industrial-scale automated verification, use our open-source Rust SDK. It implements parallel chain state interrogation and proof validation.

Cargo.toml
provn-verify = "2.0.0"