@crovia/seal · v0.1.0 · cross-language byte-identical

Immutable continuity receipts for evolving AI systems.

Sign any JSON payload — get a verifiable receipt with timestamp, signature, and continuity. 8KB. Offline. Ed25519. Works in JavaScript and Python, with byte-identical output.

npm PyPI GitHub → Live demo ↓

npm install @crovia/sealcopy

pip install crovia-sealcopy

Try it now RUNS IN YOUR BROWSER

No signup, no install. Edit the JSON on the left, click Seal & verify. The receipt and verification result appear instantly — everything happens client-side using the same SDK code shipped on npm.

Your payload (any JSON)

ready

Receipt (signed, verifiable, anchorable)

Click "Seal & verify" to sign your payload.

↑ All cryptography runs locally. The page never sends your payload anywhere.

Two functions. That’s it.

// JavaScript import { seal, verify, generateKeySync } from "@crovia/seal"; const key = generateKeySync(); const receipt = await seal({ output: "Hello" }, { key }); const { valid } = await verify(receipt, { output: "Hello" });

# Python — same primitive, same byte format, same receipt from crovia_seal import seal, verify, generate_key key = generate_key() receipt = seal({"output": "Hello"}, key=key) result = verify(receipt, {"output": "Hello"})

Why teams use it

For AI labs

Sign every model card update. Prove what you claimed in v3.2 even after the page mutates in v3.3. Continuity chain → immutable lineage of declarations.

For compliance

Audit trail by construction. Every AI output your system emits gets a signed receipt. Regulators ask “what did the model say on Mar 14?” You answer with a byte-perfect receipt.

For research

Time-stamp eval results. Sign benchmark outputs the moment they’re produced. No more “the team retroactively edited the chart” reproducibility doubts.

For journalists

Pin AI policy claims. Vendors silently rewrite acceptable-use docs, training-data disclosures, model cards. One register() call freezes the page in the public substrate.

For app developers

Provenance with two lines of code. Replace handwritten audit logs with a chain of signed receipts. No DB schema changes, no new infra.

For agents & pipelines

Cross-step receipts. Each tool call, each LLM hop, each retrieval — one signed link in the chain. Verify the whole trajectory in one call.

Continuity chain

Chain receipts to build an immutable lineage. Verify the whole chain in one call.

Receipt format · crovia.receipt.v1

{ v: "crovia.receipt.v1", id: "cr_2026_AB23CD45EF67GH89IJ012KLMN3", issued_at: "2026-05-07T15:43:57.123Z", payload_hash: "sha256:<64 hex>", payload_alg: "sha256", prev: null, seq: 0, signer: "<64 hex Ed25519 pubkey>", sig_alg: "ed25519", canon: "csc-1", domain: "CROVIA-RECEIPT-v1", sig: "<128 hex Ed25519 signature>" }

Signature covers b"CROVIA-RECEIPT-v1\n" || csc1(receipt without sig). Domain separator prevents replay across protocols.

Public substrate LIVE

External receipts published via register() are aggregated into the public continuity graph. Optional — seal() and verify() never touch the network.

—Total anchored

—Last update (UTC)

import { register } from "@crovia/seal"; const ack = await register(receipt); // → { accepted: true, anchorId: "anch:cr_2026_..." }

Where it fits

Existing AI provenance systems all describe the present. None preserve evolution. @crovia/seal adds the missing dimension.

System	Has	Missing	Where seal fits
C2PA	provenance	continuity	continuity receipt
Model Cards	declarations	immutable lineage	chained seal
MCP	orchestration	persistent memory	cross-agent graph
SBOM / AI BOM	components	semantic evolution	linkage
AI policy / TOS	claims	historical persistence	temporal receipts