proofnest 0.3.0

Verifiable AI causal accountability — not what was done, but WHY. W3C VC 2.0, SHAKE256, EU AI Act.

proofnest

Verifiable AI receipt chain — W3C VC 2.0, quantum-safe, PROOFNEST protocol.

pip install proofnest

Every AI action leaves a cryptographically linked receipt. Tamper-evident. Auditable. Yours.

---

Quick start

from proofnest import create_receipt, append_receipt, verify_chain

# Create a receipt for any AI action
receipt = create_receipt(
    action="execute",
    tool="Bash",
    input_data={"command": "ls /tmp"},
    session_id="my-session-001",
)

# Persist to local JSONL chain
append_receipt(receipt)

# Verify the entire chain
is_valid, errors = verify_chain()
assert is_valid, errors

---

Claude Code hook (PostToolUse)

Add to .claude/settings.json:

{
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "",
        "hooks": [
          {
            "type": "command",
            "command": "python3 -m proofnest.hooks"
          }
        ]
      }
    ]
  }
}

The hook reads tool use data from stdin and appends a W3C VC 2.0 receipt to ~/.proofnest/dogfood/chain.jsonl.

---

Verify chain

# Verify all links are intact
proofnest verify

# Show statistics
proofnest stats

# Tail last 5 receipts
proofnest tail ~/.proofnest/chain.jsonl 5

# Export full chain as JSON
proofnest export ~/.proofnest/chain.jsonl out.json

---

Architecture

                       ┌─────────────────────────────┐
                       │         Your Agent           │
                       │  (Claude / GPT / Codex / ...)│
                       └────────────┬────────────────-┘
                                    │ tool_use + tool_result
                                    ▼
                       ┌─────────────────────────────┐
                       │    PROOFNEST Middleware       │
                       │  ┌────────────────────────┐  │
                       │  │  Receipt Builder        │  │
                       │  │  - W3C VC 2.0 envelope  │  │
                       │  │  - SHAKE256-256 hash    │  │
                       │  │  - ML-DSA-65 signature  │  │
                       │  │  - previousHash link    │  │
                       │  └──────────┬─────────────┘  │
                       └────────────-│────────────────-┘
                                     │
                     ┌───────────────┼───────────────┐
                     ▼               ▼               ▼
              chain.jsonl       PROOFNEST        Optional:
              (local SSOT)       Node API        Bitcoin anchor
                                (verify peer)   (OpenTimestamps)

Each receipt contains:

• @context — W3C VC 2.0 + PROOFNEST context
• id — urn:proofnest:receipt:sha256:<hash>
• type — ["VerifiableCredential", "ProofNestReceipt"]
• issuer — DID of the agent or node
• issuanceDate — ISO 8601 timestamp
• credentialSubject — tool name, input hash, output hash, model, session ID
• proof — ML-DSA-65 signature + SHAKE256-256 chain hash + previousHash

---

W3C VC 2.0 compliance

Receipts conform to the W3C Verifiable Credentials Data Model 2.0 specification. Each receipt is a valid Verifiable Credential that can be verified independently by any W3C VC-compatible verifier.

---

Quantum safety

Signatures use ML-DSA-65 (CRYSTALS-Dilithium, NIST FIPS 204). Hashes use SHAKE256-256 (SHA-3 family, NIST FIPS 202). Both are quantum-resistant by NIST post-quantum standards.

---

License

AGPL-3.0-or-later. See LICENSE.

Commercial licensing and hosted verification available at proofnest.io.

---

Links

• Website: proofnest.io
• Docs: docs.proofnest.io
• Repository: github.com/proofnest/proofnest-python
• Protocol spec: proofnest.io/spec