trust model

Built so you never have to take our word for it.

Axyvera is an assurance tool, so its own guarantees have to hold under scrutiny. Here is exactly what it promises, and what happens when someone tries to cheat it.

Redaction before persistence

Raw prompts, hook payloads, transcripts, and credentials are redacted before anything is written — to disk, to a vault, or anywhere. The redaction step is not optional and not after-the-fact.

Provenance never escalates

Evidence a tool captured is labelled adapter-reported, never observed. Coverage is one of four honest states. A record can admit what it does not know — that is the point.

No activation server

Licenses are signed files verified locally. There is no phone-home, no license check over the network, and no way for us to see who is running what.

No telemetry, ever

Axyvera collects nothing by default and has no hidden reasoning persistence. What runs on your machine stays on your machine.

Verification is adversarial-safe

The verifier separates signature validity from signer trust, and reports content integrity independently. A valid signature from an untrusted key is never presented as trusted.

Tamper-evident by construction

The hash chain anchors event count and chain root, so edits, reorders, and tail-truncation all fail verification — not just obvious corruption.

Adversarial cases

If someone tries to cheat

  • Someone edits the session history

    Chain digests no longer agree → verification fails.

  • Someone truncates the tail

    Anchored event count/root mismatch → detected.

  • Someone re-signs with their own key

    Signature is valid but signer_trust is not 'trusted'.

  • A tool over-claims what it captured

    Coverage caps at partial/degraded — never inflated to complete.

  • A secret slips into a payload

    Redaction runs before persistence; raw secrets are never stored.

Honest coverage

Coverage is the clearest expression of the trust model: the tool is allowed — required — to say when it fell short.

Coverage vocabularynever inflated
  • complete-for-declared-capabilitiesEverything the adapter can capture, it captured. No gaps.
  • partialMeaningful capture with identifiable holes — stated plainly.
  • degradedStorage fell back or gaps were recorded during capture.
  • unverifiableThe chain did not verify. We say so, loudly.
Cryptography

Standard primitives, used plainly

Nothing exotic — the strength is in how the pieces are combined, and in what is never written down.

Ed25519 signatures

Bundles and licenses are signed with Ed25519. Verification is offline and needs only the public key — no signing service, no network.

SHA-256 hash chain

Every event digest folds in the previous one. The chain root and event count are anchored, so edits, reorders, and truncation all fail.

Canonical JSON

Digests are computed over a deterministic serialization, so the same events hash to the same bytes on any machine — no ambiguity to exploit.

Data handling

What we store, and what we never do

CategoryWhat that means
Stored locally, redactedCanonicalized event metadata, hash-chain digests, coverage state, signatures — in your local vault.
Never stored, anywhereRaw prompts, hook payloads, transcripts, hidden reasoning, API keys, or credentials.
Never collectedTelemetry, usage analytics, or any phone-home. There is no server to receive it.
the commercial site is separate
axyvera.com stores only the licenses it issues and the access requests people submit — never customer sessions. That backend's storage, caching, and rate limiting are described honestly on the platform page. The product itself has none of it.