Private beta · v1 spec + open-source verifier

The evidence layer for customer-facing AI agents.

Tamper-evident records of every prompt, response, and tool call. Cryptographic integrity anchored to three independent witnesses — the Bitcoin blockchain, a quorum of timestamp authorities, and a public append-only ledger. Forensic-grade evidence bundles, verifiable by any third party — in the browser, or with the open-source CLI. For the moment a regulator, plaintiff, or board member asks what your AI actually said.

Open an example bundleVerify it yourself
Bundle formatv1.0.17
VerifierGo + WASM, open source
Methodologyv1.1 · §§1-9 substantive
Conformance fixtures27 published

IThe Artifact

The receipt is the product.

Every export is a forensic-grade evidence bundle: canonical event records, Merkle proofs, an OpenTimestamps anchor, a signed manifest, and a cover document a non-technical reader can follow. The bundle below is a real, downloadable artifact — same code path that processes customer events, signed with a development key, anchored to live OpenTimestamps calendars.

nuwyre_export_cypress-derm_2026-04-22.zipVerified ✓
N U W Y R E
Evidence Bundle · Cover Page
Bundle IDEB-2026-04-22-CDG-DEMO-001
Bundle typeexample-demo · nuwyre-bundle/v1
OrganizationCypress Dermatology Group, PLLC (synthetic — demo)
Agentscheduling-receptionist (claude-sonnet-4-6)
Period2026-04-22T00:00:00Z → 2026-04-22T23:59:59Z
Sessions11 conversations · 37 events
Flags raised7 flagged · 4 clean — see scenario_index.json
Daily rootce905ca8…5b5cea93
Policy packs activetcpa-v1 1.0.0 · hipaa-aligned-v1 1.0.0 · off-script-v1 1.0.0
Manifest · SHA-256
  • events.jsonld2bcec3d…684b5b8c
  • evaluations.jsonl8e45d949…26ee9b79
  • merkle_proofs.json76809df2…c5736d1c
  • daily_roots.json718374df…54e6518d
  • ots_receipts/2026-04-22.ots4b93cbda…0107ab7d
Ed25519 Signature · Issuer Key Pinned in CLI
-----BEGIN NUWYRE DEMO SIGNATURE-----
algorithm: ed25519
key_fingerprint_spki_b64: MCowBQYDK2Vw…gTxGOj8OpjE=
(development key — example bundles only)
-----END NUWYRE DEMO SIGNATURE-----
Format · nuwyre-bundle/v1nuwyre verify ./nuwyre_export_cypress-derm_2026-04-22.zipMethodology · §5.7
Download nuwyre_export_cypress-derm_2026-04-22.zip

IIThe Verification

Don't trust us. Verify it yourself.

Every bundle verifies end-to-end against the bundle itself plus three independent external witnesses — the public Bitcoin chain (OpenTimestamps), a quorum of RFC 3161 timestamp authorities, and our public append-only anchor repository. No login. No API call to our servers.

~/cypress-derm — verify
# run the TypeScript reference verifier against the example bundle
$ pnpm --filter @nuwyre/example-bundle verify

NuWyre Verify v0.1.0 (TypeScript reference implementation)

Bundle: nuwyre_export_cypress-derm_2026-04-22.zip
Format: nuwyre-bundle/v1

─ Manifest signature …………………………………… ok
─ Hash chain reconstruction (37 events, 11 sessions) ok
─ Merkle proof verification (37 proofs) ……………… ok
─ OpenTimestamps anchor (Bitcoin confirmation pending) pending
─ RFC 3161 anchor (3-of-3 TSAs) ………………………… ok
─ Public anchor cross-check (NuWyre/anchors@ade149b2) ok
─ Audio binding (1 file, hash matches) ……………… ok

PASS · BUNDLE INTEGRITY VERIFIED

Seven independent integrity checks.

  1. 01Manifest signature.Every artifact's hash is signed with our pinned Ed25519 key. Any byte modified anywhere fails the check.
  2. 02Hash chain reconstruction.Each event references its predecessor. Insertions, deletions, or reorderings break the chain visibly.
  3. 03Merkle proof verification.Every event's inclusion in its daily root is mathematically demonstrable from the proof bundled with it.
  4. 04OpenTimestamps anchor.Each daily root is committed to Bitcoin via OpenTimestamps. The earliest provable existence of every record.
  5. 05RFC 3161 anchor.Same daily root countersigned by three independent public time-stamping authorities; ≥2 valid receipts required for verification.
  6. 06Public anchor cross-check.Same daily root committed to a public GitHub repository with SSH-signed commits — the third independent anchor leg, alongside Bitcoin and the RFC 3161 quorum.
  7. 07Audio binding.Every audio file referenced by a transcript event is SHA-256-bound; verifiers re-hash and check against content.audio_ref.hash.

The TypeScript verifier above is correctness-only. The load-bearing forensic verifier is the open-source Go CLI — single static binary, separate codebase, third-party verifiers (regulators, plaintiff counsel, journalists) use it. The same conformance fixture suite governs both.

IIIThe Methodology

Read the actual threat model.

A public methodology document describes exactly what NuWyre claims, what it does not, and how every claim is enforced. Written for forensic experts, regulators, and defense counsel — not marketers. v1.1 ships with §§1-9 substantively drafted (threat model, integrity model, evidence format incl. v2.0.0 dual-signing amendment, verification procedure incl. dual-sig dispatch, policy evaluation, detection and response, retention and legal hold, audio handling, limitations); §10 (quarterly review log) ships as honest stub awaiting first production-quarter entries; §11 (worked example) deferred to v1.2 awaiting real customer scenario data.

The methodology covers the threat model (what tampering is prevented and what isn't), the integrity model (how the cryptographic guarantees compose), the evidence format specification (a public, versioned, open standard), the verification procedure (independently performable), the policy evaluation methodology (deterministic, reproducible, version-pinned), audio binding, retention and legal hold, and the limitations we openly disclose.

It is the document a federal court will read if your evidence is challenged. It is the document a reinsurer will read before pricing AI liability coverage. It is the document we will be held to.

  • § 1Threat Model
  • § 2Integrity Model
  • § 3Evidence Format Specification
  • § 4Verification Procedure
  • § 5Policy Evaluation Methodology
  • § 6Detection and Response
  • § 7Retention and Legal Hold
  • § 8Audio Handling
  • § 9Limitations and Honest Disclosures
  • § 10Quarterly Review Log(forthcoming)
  • § 11Worked Example(deferred to v1.2)
Download methodology · PDF (1.4 MB)CHANGELOG
NuWyre · Technical Document 001

A Forensic Specification for AI Agent Interaction Records

Threat model, integrity model, and evidence format · v1.1

STATUS  ·  PUBLISHED
UPDATED  ·  2026-05-26
VERSION  ·  v1.1 · CHANGELOG
LICENSE  ·  CC-BY 4.0
PUBLIC RECORD

IVThe Transparency Log

Every daily root, publicly anchored.

Every customer's events roll up into a single daily Merkle root, committed to Bitcoin via OpenTimestamps and to a public GitHub repository with signed commits. Anyone — regulator, customer, journalist, competitor — can audit the log without our permission.

Anchor Log · github.com/NuWyre/anchors
No production anchors yet. The first daily root populates once customer ingestion begins. The example bundle anchor below demonstrates the architecture.

Demonstration · referenced from the canonical example bundle

Example Bundle Anchor · 2026-04-22
UTC Date
2026-04-22
Root SHA-256
ce905ca8…5b5cea93
Events
37
OTS Status
pending
RFC 3161 Status
Verified · 3/3
GitHub Anchor Status
anchor-pending
anchor-pending · GitHub commit lift pending deploy bootstrap

Detection & Alerting

You'll know within minutes — not at the next audit.

NuWyre evaluates every interaction against your policy packs after it's captured. When something is flagged, it alerts you within minutes — email, Slack, or webhook, on the rules you set. NuWyre is not in the call path, so it never blocks or delays the agent; it tells you fast, and hands you the tamper-evident record of exactly what happened.

Your channels
Email, Slack, or webhook — configurable per rule.
Your rules
Severity threshold (info → critical), regime (TCPA, HIPAA, …), specific policy packs, or a count within a time window.
Within minutes
Evaluation and dispatch run every minute — a fired rule reaches you in minutes, not at the next audit.
Daily digest
An optional daily compliance email summarizing flag counts by severity.

VQuestions Compliance Officers Ask

Frequently asked, plainly answered.

Is this admissible as evidence in court?

Admissibility depends on the matter, the forum, and qualified counsel — we don't make legal claims. What we provide are records that meet the technical bar for authenticity and integrity: cryptographic chain of custody, independently verifiable timestamps, and reproducible evaluation. The methodology document at §4 covers what verification proves and what it does not.

How is this different from Galileo, Langfuse, or Datadog's AI observability?

Different layer. Those tools produce operational telemetry — useful for engineers, modifiable by the operator. We produce forensic evidence — cryptographically anchored, independently verifiable, designed to hold up to a regulator or a court. Most customers in regulated industries run both: an observability tool for ops, NuWyre for the audit trail. We work alongside them, not instead of them.

What happens if NuWyre stops operating?

Every evidence bundle is verifiable without us. The CLI is open source and pinned with our public key. Daily roots are committed to a public GitHub repository and anchored to Bitcoin. If we cease operation tomorrow, every bundle exported before then remains independently verifiable forever, by anyone, using only the public chain and a clone of our anchor repo.

Do you sit in the runtime path of our AI agent?

No. We ingest events asynchronously via webhook. We never block, modify, or delay your agent's outputs. If our service is down, your AI keeps running; events queue and ingest when we're back. We're an audit layer, not a guardrail. For real-time blocking, pair us with a guardrail tool — we record what they do.

How do you handle PHI, PII, and redaction requests?

Configurable redaction at ingestion preserves the cryptographic chain via tombstones — content removed, fact of removal logged, hash chain intact. Legal hold flags suspend retention. Every retention and redaction action is itself a logged event, so the lifecycle of every record is auditable.

The Stakes

The cost of a violation.

NuWyre does not prevent violations or reduce penalties — that is not what an evidence layer does. What it gives you is the defensible record: when a violation is alleged, an audit lands, or litigation starts, you can prove exactly what your AI said, when it said it, and that the record has not been altered since.

These are the exposures on the table in that dispute. NuWyre is what you bring to it.

TCPA
U.S. voice & messaging agents

$500 per negligent call or text · up to $1,500 per willful violation

Assessed per call or text. A private right of action means plaintiffs sue directly, and class actions aggregate the per-violation amount across every contact in the class — a single campaign can run to seven or eight figures.

When a plaintiff claims your agent called without consent, the audio recording bound into the tamper-evident chain — and the transcript beside it — is your proof of what was actually said, and when.

47 U.S.C. § 227(b)(3)
HIPAA
U.S. healthcare agents handling PHI

$145–$73,011 per violation · up to $2,190,294 for willful neglect

Civil monetary penalties are tiered by culpability and adjusted for inflation annually; the 2026 range runs $145–$2,190,294 per violation, capped at $2,190,294 per identical provision per calendar year. (Statutory baseline: $100–$50,000 per violation.)

When OCR asks what your patient-facing agent disclosed, you produce an independently verifiable record of the interaction — not a screenshot from a log you control.

2026 HHS adjustment, 45 CFR 102 (eff. 2026-01-28) · baseline 42 U.S.C. § 1320d-5
EU AI Act
Agents touching EU subjects

up to €35M or 7% of worldwide annual turnover

Tiered fines: up to €35M / 7% of global turnover for prohibited practices; up to €15M / 3% for other obligations, including high-risk; up to €7.5M / 1% for supplying incorrect information — whichever is higher. Obligations phase in through 2025–2026.

Regulators want runtime proof that governance held at the moment of processing — not a policy document. A signed, externally anchored bundle is that proof.

Reg. (EU) 2024/1689, Art. 99

Figures are statutory maxima and per-violation amounts as of 2026-05-24, cited to primary sources above; HIPAA amounts are the current HHS inflation-adjusted figures. Actual penalties depend on the matter, forum, culpability, and qualified counsel. NuWyre makes no representation that its use prevents, reduces, or avoids any penalty — it provides records whose authenticity and integrity are independently verifiable.

Private Beta

Records you can defend.

NuWyre is in private beta with methodology reviewers from healthcare and financial services. If your AI agents are talking to your customers, we'd like to talk to you.

Request a quoteRead the methodology