Built so you never have to take our word for it.
Axyvera is an assurance tool, so its own guarantees have to hold under scrutiny. Here is exactly what it promises, and what happens when someone tries to cheat it.
Redaction before persistence
Raw prompts, hook payloads, transcripts, and credentials are redacted before anything is written — to disk, to a vault, or anywhere. The redaction step is not optional and not after-the-fact.
Provenance never escalates
Evidence a tool captured is labelled adapter-reported, never observed. Coverage is one of four honest states. A record can admit what it does not know — that is the point.
No activation server
Licenses are signed files verified locally. There is no phone-home, no license check over the network, and no way for us to see who is running what.
No telemetry, ever
Axyvera collects nothing by default and has no hidden reasoning persistence. What runs on your machine stays on your machine.
Verification is adversarial-safe
The verifier separates signature validity from signer trust, and reports content integrity independently. A valid signature from an untrusted key is never presented as trusted.
Tamper-evident by construction
The hash chain anchors event count and chain root, so edits, reorders, and tail-truncation all fail verification — not just obvious corruption.
If someone tries to cheat
Someone edits the session history
→ Chain digests no longer agree → verification fails.
Someone truncates the tail
→ Anchored event count/root mismatch → detected.
Someone re-signs with their own key
→ Signature is valid but signer_trust is not 'trusted'.
A tool over-claims what it captured
→ Coverage caps at partial/degraded — never inflated to complete.
A secret slips into a payload
→ Redaction runs before persistence; raw secrets are never stored.
Coverage is the clearest expression of the trust model: the tool is allowed — required — to say when it fell short.
- complete-for-declared-capabilitiesEverything the adapter can capture, it captured. No gaps.
- partialMeaningful capture with identifiable holes — stated plainly.
- degradedStorage fell back or gaps were recorded during capture.
- unverifiableThe chain did not verify. We say so, loudly.
Standard primitives, used plainly
Nothing exotic — the strength is in how the pieces are combined, and in what is never written down.
Ed25519 signatures
Bundles and licenses are signed with Ed25519. Verification is offline and needs only the public key — no signing service, no network.
SHA-256 hash chain
Every event digest folds in the previous one. The chain root and event count are anchored, so edits, reorders, and truncation all fail.
Canonical JSON
Digests are computed over a deterministic serialization, so the same events hash to the same bytes on any machine — no ambiguity to exploit.
What we store, and what we never do
| Category | What that means |
|---|---|
| Stored locally, redacted | Canonicalized event metadata, hash-chain digests, coverage state, signatures — in your local vault. |
| Never stored, anywhere | Raw prompts, hook payloads, transcripts, hidden reasoning, API keys, or credentials. |
| Never collected | Telemetry, usage analytics, or any phone-home. There is no server to receive it. |