Proof
Don't trust Prova. Verify the receipt yourself.
Every AI decision Prova records becomes a tamper-evident, Ed25519-signed receipt. The signature is checkable by anyone, offline, against a public key Prova publishes. The verifier below runs entirely in your browser. Watch a real receipt verify, then change one character and watch the signature break.
This ran entirely in your browser. Prova's server was only asked for a public key, the same one any auditor can fetch at /api/v1/keys/{key_id}. The signed bytes never left this page.
The prefilled receipt is a real signed fixture from Prova's cross-language conformance suite. Paste one of your own and the verifier fetches its key from /api/v1/keys instead.
What a receipt is
A receipt is a signed record of one AI decision: its kind, its source, the payload you sent, any policy verdicts and detector findings, the timestamps, and an Ed25519 signature over all of it. Model calls, agent steps, tool calls, retrievals, and policy firings each produce one. The signature is the audit trail, not a row in a log you could later edit.
Why tamper-evident matters
The signature covers the whole decision.
A schema_version 2 receipt binds the attribution metadata too: which model decided, on whose behalf, when, from which app and environment. Change which model answered, or downgrade a finding from high to low, and the signature stops matching. The body hash alone already catches an edited payload.
Verifiable without trusting Prova.
The public key endpoint is unauthenticated. A regulator three years from now fetches the published key, recomputes the canonical body, and checks the signature, with no Prova account and no Prova in the loop. If it verifies, the receipt is authentic and unchanged since Prova signed it.
A dashboard screenshot is not evidence.
A screenshot can be re-created, and a database row can be quietly updated. A signed receipt cannot be altered without breaking the signature, and the proof of that travels with the receipt. That is the difference between showing an auditor a chart and handing them evidence.
How an auditor uses it
You hand them a signed export for the window in question. They fetch the public key, recompute the canonical body with sorted keys and no whitespace, and run the Ed25519 verify with openssl or the SDK. The same steps this page just ran, on their own machine. The receipt format is open, so they never depend on a Prova tool to do it.