Imprimatur™ · The pre-attestation gate · Patent Pending

A flight recorder
proves what crashed.
A clearance
stops the takeoff.

Every other Hive primitive signs a receipt after the model runs. Imprimatur signs a clearance before it runs — and the engine refuses any inference that cannot present a valid, unexpired clearance. The control, not the record.

4 pre-conditions · all must pass Ed25519 · JCS-canonical clearance Gate or Passport · two modes Asserts policy · never legality
From record to control
IMPRIMATUR // CLEARANCE PENDING
kindhive.imprimatur.clearance.v1
model_approvedchecking
inputs_eligiblechecking
context_permittedchecking
boundary_authorizedchecking
precond_root
assertionpre_clearance_conditions_met
asserts_legalfalse
expires_at
Evaluating pre-conditions…
CLEARED
TO RUN

Forensics document the incident.
A control prevents it.

01Bind before, not after
A clearance is signed and bound to a specific inference shape — model, input commitment, jurisdiction, data class — before the call is allowed to execute. The signature is the permission slip.
02No clearance, no run
In Gate mode the inference engine refuses any call that cannot present a valid, unexpired clearance. An uncleared inference is structurally prevented from running — not flagged afterward.
03The closed loop
Imprimatur says ALLOWED → the model runs → an existing Hive receipt (SiGR, AFiR, Stream) proves what actually ran. ran_as_cleared is true only when the executed model matches the cleared model.
The four pre-conditions

A clearance issues only when
all four are satisfied.

Each pre-condition is a named, signed leaf. The four are folded into a single Merkle commitment — the precond_root — using the same construction as Hive's batch receipts. Two calls with an identical satisfied set share a root and laterate off one clearance.

01 · Model approved
Composes with MiR
The model id is on the tenant's approved list. The Model-Identity Receipt feeds this check, so the approval is itself provable, not asserted.
02 · Inputs eligible
Composes with RCP
The input is presented as a sealed commitment, eligible under the tenant's policy. Raw payloads never have to cross the boundary to be cleared.
03 · Context permitted
Jurisdiction in force
The policy regime for this call — EU AI Act, HIPAA, a data-residency rule — is in force at issuance time and recorded in the clearance.
04 · Boundary authorized
Data class checked
The data class — PHI, PCI, none — is authorized to cross this boundary. A clearance for one class does not authorize a call carrying another.
What it asserts — and what it never will

It proves your checks ran.
It does not certify the law.

This is the line that keeps the primitive defensible. The enterprise defines the policy. Hive enforces it and signs that the enforcement ran and passed. Hive is not a truth oracle for legality.

What it never asserts

  • That the inference was legal
  • That the policy itself is correct or compliant
  • Any judgment Hive is not positioned to make
  • A truth claim that creates oracle liability

What the clearance asserts

  • pre_clearance_conditions_met — all four checks ran and passed
  • The exact inference shape the clearance is bound to
  • The issuance time and the expiry it is valid within
  • A commitment to the satisfied set, verifiable by anyone
Two modes, one primitive

A hard gate, or a passport
that travels with the call.

GateHard control
REFUSEon missing / invalid / expired

The enforcement door. Present the clearance and the call about to run; the engine returns ALLOW only if the clearance verifies and binds the call. Otherwise REFUSE — which is how an uncleared inference is prevented from executing. With executed_model, the same door runs the closed-loop ran_as_cleared check.

POST /v1/imprimatur/gate
# present a clearance + the call about to run
{ "clearance": { ... }, "sig_b64u": "…", "call": { "model": "…" } }
# -> { "decision": "ALLOW" }  or  { "decision": "REFUSE", "reason": … }
PassportPortable
VERIFYno shared secret

A portable verifiable credential that travels with the call across systems and vendors. Anyone holding the public key can verify the clearance offline — the signature, the precond_root re-derivation, the assertion discipline, and the expiry — with no call back to Hive.

GET /v1/imprimatur/:clearance_id
# fetch + passport-verify a clearance
# -> { "verification": { "valid": true, "sig_ok": true, "root_ok": true } }
Who buys a gate

The receipts are for the platform.
The gate is for the regulated buyer.

Every other primitive on the Stack is sold to the platform serving inference. Imprimatur is sold to the regulated enterprise that consumes inference and has to prove control before the model fires — in regimes where an after-the-fact log is not enough.

Healthcare & life sciences
HIPAA / PHI
Prove an approved model handled an eligible, sealed input under an in-force regime before a single PHI token reaches the model.
Banking & insurance
PCI / SR 11-7
Model-risk and data-boundary controls that fire before execution, with a signed clearance an examiner can verify independently.
EU-regulated AI
EU AI Act
High-risk systems that must demonstrate the right model, inputs, context, and data class were authorized at the moment of use.
Public sector & defense
Sovereign
Air-gapped and data-residency deployments where an uncleared inference must be structurally impossible, not merely logged.
AI gateways & platforms
Embed & resell
Gateways serving regulated customers embed the gate at the edge and pass the control through as a contractual guarantee.
The procurement reality
10× a record
Enterprises pay far more for a control that prevents an incident than for a record that documents one. The gate is the budget line.
Priced as a control, not a receipt

A clearance is worth more
than the receipt that follows it.

$0.0015per clearance issued at the gate  ·  verification free, forever  ·  license is the deal

Issuing a clearance runs four pre-condition checks and signs a control — categorically more than emitting a receipt, and priced accordingly: roughly 7× a SiGR signature. Verifying a clearance is free for anyone, offline, with no secret. Reuse via precond_root is free — an identical satisfied set laterates off the existing clearance. The meter is the wedge; for a regulated buyer the annual license is the close.

TierMonthly clearances issuedPer clearance
Pilotfirst 100kFree
Scale100k – 10M$0.0015
Platform10M – 250M$0.0011
Sovereign250M+$0.0008 floor

Graduated by band, like cloud egress. Reuse via precond_root never bills twice. Hardened add-ons — PQ clearance signatures and ledger anchoring of the clearance log — carry the same volume discount on a higher base. Sovereign floor negotiable.

Gate license
from $180k
/ year · one regime
  • Gate enforcement embedded at your inference edge
  • Metered usage credited against the license
  • One compliance regime (HIPAA, PCI, or EU AI Act)
  • Policy-authoring SDK + offline verifier
  • Closed-loop ran_as_cleared with your existing receipts
Start the deal
Enterprise control plane
from $480k
/ year · all regimes + passport
  • Gate + Passport across every regime you operate in
  • Tamper-evident clearance log, anchorable to Base
  • Highest issuance-capacity tier
  • Composition with MiR, RCP, SiGR, AFiR under one rail
  • Roadmap input on the clearance format
Start the deal
Sovereign / on-prem
$500k–$1.2M+
/ year · custom
  • Key custody on your own infrastructure
  • PQ clearance signatures, hardened hashing
  • Air-gap and data-residency deployment
  • Scoped to your jurisdiction and audit regime
  • Dedicated enforcement capacity
Talk sovereign
The category, not the line item

Pre-execution control is a new rail.
The first to lay it owns the toll.

A regulated enterprise running agents at scale issues a clearance on every gated call. At control prices, the rail compounds fast — and once one regulated buyer requires it in an RFP, the requirement propagates to its peers within a cycle.

One regulated enterprise
$13.2M
ARR at 1B gated clearances/month on the Platform band, before licenses and hardened add-ons.
A regulated sector adopts
$66M
Once one health system or bank gates its agents, the control becomes the procurement baseline for its peers.
Category-wide
$300M+
When a pre-execution clearance is the default for regulated AI, the systems that cannot produce one are the exception that has to explain itself.
Get access

Pilot the gate now.
License it when it's load-bearing.

Two paths, one rail. Run a scoped pilot against your own policy, or book a license when the gate becomes the control your auditors and customers depend on.

01 · Pilot

Scoped 30-day pilot

Bring one regime and your approved-model list. We stand up the gate against your policy, issue clearances on your traffic, and show the closed-loop ran_as_cleared check end to end. First 100k clearances free.

Start a pilot
02 · Verify

Verify a clearance

Verification is free, forever — anyone, offline, no secret. Re-derive the precond_root, check the assertion discipline, verify the Ed25519 signature against the published key.

Open the verifier
03 · License

Book a license

Gate license, enterprise control plane, or sovereign on-prem. Tell us your regimes and volume and we will scope the deal — metered usage credits against it.

Connect with us
Public rails: USDC + Base. Verification is free, forever — anyone, offline, no secret.
Imprimatur™ · Patent Pending

Not a flight recorder.
A pre-flight clearance the
aircraft can't take off without.

The forensic receipt tells you what went wrong. The clearance makes sure it can't. For regulated AI, that is the difference between an audit finding and an audit pass.

Gate · refuse the uncleared Passport · verify anywhere Closed loop · ran_as_cleared [email protected]