Private proof-layer workspace · Chime × Hive · not indexed, not linked publicly · thehiveryiq.com
Independent proof layer · complement, not competitor

Chime built the control plane.
Hive adds the proof.

Chime already owns the hard part: ChimeCore, a homegrown core banking platform built to embed AI safely without leaning on black-box vendors or legacy infrastructure, with human oversight and accountability at every stage. Hive doesn’t re-run any of that. Hive takes each AI-assisted action the control plane already governs and turns it into an independently signed, portable receipt under a post-quantum signature — so the control plane’s decisions become provable to an examiner, a partner, or a member, long after the moment passed.

Chime decides what happens and keeps a human accountable. Hive proves that it happened, under which model and guardrails, with which human in the loop — independently, and exportable.
~70%
of support interactions AI-powered
Chime newsroom · source 1
−60%
cost to serve
Chime newsroom · source 1
2×+
member satisfaction (more than doubled)
Chime newsroom · source 1
~30%
of code written / reviewed with AI
Chime newsroom · source 1

Figures above are Chime’s own published numbers, cited from the Chime newsroom (chime.com/newsroom) — reported by Chime, not asserted by Hive. They show the scale at which AI already acts inside Chime; Hive’s role is to make that scale provable.

Millions of AI actions. One receipt rail.

Every governed AI action crosses the same independent rail on its way to a signed receipt — support replies, dispute triage, fraud checks, compliance operations. Illustrative visual of the live rail; not live production traffic.

Move through the flow →
OriginMembers & AI actions Control planeChimeCore Independent proofHive rail → signed receipt

Why an independent receipt beats a self-written log

Chime supplies the control plane and the accountability; Hive supplies the independent proof. Keeping the two roles separate is exactly what makes the proof worth anything to a regulator, a partner bank, or a member.

A governed action, and how it becomes evidenceindependent by design
Chime supplies the control plane

ChimeCore and human-overseen AI decide what happens across support, disputes, fraud triage, and compliance operations. That judgment is Chime’s, and stays Chime’s — Hive never makes the decision.

A self-written log is still a claim

An internal log Chime writes about its own AI is credible but self-referential. An independent receipt — signed by a party with no stake in the outcome — is what an examiner or partner can treat as evidence rather than assertion.

Hive supplies the independent proof

Hive signs the attested conditions of the action — model and tool identity, guardrail and consent trace, human handoff, output hash — under ML-DSA-65 (NIST FIPS 204). It attests conditions and actions, never a verdict on the member.

Separation is the product: “trust our AI” becomes “verify our AI.” Hive attests that the governed action occurred under stated model, guardrails, and human oversight — not whether the member decision was “right,” which stays Chime’s call.

The same oversight evidence, assembled two ways

For a fintech operating at Chime’s scale, partner-bank and examiner oversight is a standing, recurring request. This isn’t about whether Chime has controls — it does. It’s about how quickly the independent evidence of those controls can be assembled and handed to someone who wasn’t in the room.

Assembled by hand

Time to produceWeeks
FormSpreadsheets + screenshots
Trust modelSelf-attested
CoverageSampled subset
RefreshManual, each cycle

Assembled as a signed bundle

Time to produceSeconds
FormSigned evidence bundle
Trust modelVerifiable offline, by any party
CoverageEvery receipted action
RefreshContinuous, queryable
The receipt rail is additive: it doesn’t replace Chime’s controls, it makes the proof of them independently checkable — by a partner bank, an examiner, or the member — without taking Chime’s word for it.

Where Hive plugs into each Chime surface

Pick a surface. Each shows what Chime already does (with its own published facts), the one place a durable-proof gap tends to open, and the Hive receipt that closes it. Nothing here changes Chime’s methodology — the receipt wraps around the action Chime already governs.

AI-assisted member support~70% AI-powered · Chime-reported
Chime already does

Chime reports AI powers roughly 70% of support interactions, with cost to serve down 60% and member satisfaction more than doubled — all under human oversight (source 1).

Where the proof gap appears

Transcripts show what was said, but they aren’t independently signed evidence per interaction of which model/tool answered, which guardrails applied, and where a human took over — the record an examiner or partner asks for.

How Hive plugs in

A signed support-action receipt binds model + tool identity, guardrail/consent trace, and human-handoff point under ML-DSA-65 — verifiable offline, no access to Chime’s systems required.

A disputed transaction starts a regulatory clock

Under Regulation E, a bank generally has up to 10 business days to investigate a disputed electronic transaction (or issue provisional credit). The point isn’t to “win” the clock — it’s that when independent receipts are captured as the AI and humans act, the evidence is already assembled and signed before the window closes.

Receipts assemble as the action unfolds

Illustrative timeline only — not Chime’s actual process, and not legal or compliance advice. Hive attests the conditions and actions of the governed workflow (model identity, guardrail and consent trace, human handoff, output hash), never a verdict on the member or a guarantee of any regulatory outcome.

Hive primitives — and which one fits which Chime workflow

Every Hive receipt is signed with ML-DSA-65 (NIST FIPS 204 post-quantum signature) and is dual-signed alongside Ed25519. Tap a Chime workflow to see which primitives apply; the matching cards light up green.

applies ✓
AFiR™
Attested Fragmented Inference Routing
Every AI inference and tool sub-step cryptographically attested with ML-DSA-65 — the per-action runtime receipt behind fraud triage and support.
/afir/protection/ →
applies ✓
Model receipts
Signed proof per model call · live today
A signed receipt for every model call across first-party adapters — model identity, input/output hashes, verifiable in-browser. Live now.
/model-receipts/ →
applies ✓
Evidence bundle
Content-sealed export
Disputes and compliance artifacts sealed into one exportable, re-verifiable package for a reviewer — chain of custody as an object.
/verify/ →
applies ✓
SmartAgent™
Route receipts
Each model / tool / human-handoff decision across a workflow captured as a signed route receipt on the route graph.
/smartagent-route-graph/ →
applies ✓
x402 rail
Pay-per-action settlement · live today
USDC on Base 8453. A payment_required quote/proof flow emits a signed receipt for controlled external service calls — no card, no account.
/x402-checkout/ →
applies ✓
Activation keys
Metered fleet usage · request-backed today
A tk_live activation packet meters fleet usage and unlocks operator surfaces. Request-backed today; API self-serve issuance is fast-follow.
/activate/ →

Receipt coverage calculator

Enter your own assumptions to estimate the operational proof footprint — how many signed evidence events a receipted deployment would produce and export. This is a planning estimate, not a quote: no revenue, pricing, or economics, just receipt volume.

Your assumptions in · proof metrics outlive · updates as you type
/mo
%
/mo
/mo
/action
%
Support-action receipts / mo0
Dispute evidence receipts / mo0
Fraud triage receipts / mo0
Total signed evidence events / mo0
Daily receipt rate0
Export / audit bundle volume / mo0
Suggested pilot size (2-week slice)0
Operational proof metrics only. No revenue, pricing, subscription, or deal-size figures are computed or implied. Input defaults are illustrative placeholders, not Chime figures.

Exam evidence-bundle simulator

Click the evidence a pilot would sign into a member-support or dispute action. Each component adds its fields to the exportable bundle preview — the same shape a reviewer or examiner would re-verify offline.

Compose an export bundle0 evidence fields
signed verification output · per action · conditions & actions, not a verdict

        
Attests conditions and actions only — never a verdict on the member or the correctness of Chime’s decision. Field values shown are illustrative.

The receipt journey — from member action to examiner export

Click any step to see exactly what evidence Hive signs there. The decision and accountability are Chime’s; the signature, portability, and export are Hive’s.

Try the live rail — one curl

This hits Hive’s public, no-auth x402 quote endpoint and returns a live settlement envelope with an ML-DSA-65 (FIPS 204) signed quote receipt. No key, no secret, nothing to install. To see signed receipts for real model calls, run the free live demo at /model-receipts/.

POST · https://receipts.thehiveryiq.com/v1/x402/quote
curl -sS -X POST https://receipts.thehiveryiq.com/v1/x402/quote \
  -H 'Content-Type: application/json' \
  -d '{"agent_did":"did:example:chime-support","profile":"nano"}'

The response includes the rail (USDC on Base 8453), a signed quote receipt, and its ML-DSA-65 / FIPS 204 post-quantum posture. To emit a paid receipt end-to-end, walk the live flow at /x402-checkout/; to start a pilot, request an activation key at /activate/. No secrets are ever placed on this page.

Receipts for money movement, not just AI actions

The same independent rail that receipts Chime’s AI, support, and compliance actions can receipt money movement — fraud interventions, dispute and Reg E evidence, account actions, and AI-assisted transfers. Stablecoins move value. Hive proves the intent, actor, policy, receipt, settlement state, and recoverability window around that movement.

Three proof states around every movementprovable today
Before money moves

Intent receipt: actor, amount, asset, recipient, policy context, authorization state — signed before anything leaves.

While money is moving

Submitted, relay-observed, chain-pending, escrowed, quarantined, or an issuer/custodian hold requested — the live state, receipted.

After settlement

Chain-verified, receiver-attested, counter-transfer initiated, evidence-only, or a recovery bundle exported for a dispute or examiner.

Chime-specific today: fraud-intervention receipts, dispute & Reg E evidence bundles, account-action provenance, and AI-assisted money-movement receipts. A Circle/USDC-compatible receipt schema is live today; a direct Circle integration is a next-stage partnership — shown in Act II, not asserted as shipped.
R3Pv™ · Receipt Proof Vectors

From single receipts to proof vectors that decide the next action

A Hive receipt is a machine-readable proof-state object. Group receipts into receipt teams, bundles, or graphs — a dispute, a transfer, a support case — and Hive Ledger derives an R3Pv: a Receipt Relay, Recovery, and Routing Proof Vector. The vector encodes verification, policy, economic, healing/recoverability, routing, risk, and permitted-next-action state, so a person or workflow knows whether to continue, pause, escalate, hold, recover, or preserve evidence.

How a proof vector reads for a member eventderived in the ledger
What the vector encodes

Verification & policy state, economic exposure, the healing/recoverability window, routing, risk, and the permitted next action — one object, not a pile of logs.

What it decides

Fraud interventions, dispute & Reg E bundles, AI-assisted support, and transfer hold / release decisions — continue, pause, escalate, or route for human review.

Why members trust it

Every decision points back to signed receipts. The vector is the summary; the receipts are the proof — replayable for the member, an examiner, or an audit.

Healing is part of the vector: pre-broadcast stop/revoke, escrow or quarantine, issuer/custodian freeze if integrated, counter-transfer recovery, or evidence-only after final settlement. Hive proves what happened early enough to act where the rail allows, and proves what happened afterward when it does not.

The proof vector is now a live callable primitive — group signed receipts with POST /v1/r3pv/groups, then GET /v1/r3pv/vector?group_id=… returns a single Ed25519-signed vector that round-trips POST /v1/receipt/verify. For a member transfer under review, the signed vector reads like this:

R3Pv signed proof vector · schema r3pv-v1.0.0 · member transfer
{
  "signed_vector": {
    "vector_id": "r3pv.vector_…",
    "key_id": "did:hive:hivemorph",
    "algorithm": "Ed25519",
    "vector": {
      "schema": "r3pv-v1.0.0",
      "verification_depth": "self_attested",
      "weakest_proof_boundary": "self_attested",
      "healing_state": "pre_broadcast_stoppable",
      "policy_state": "not_evaluated",
      "routing_recommendation": "require_approval",
      "permitted_next_actions": ["hold", "require_approval", "preserve_evidence"]
    }
  },
  "verification": { "ok": true, "verify_endpoint": "/v1/receipt/verify" }
}
● What you can test today smoke tested 2026-07-06 · production

The signed Receipt Relay and the live R3Pv proof-vector primitive are both callable now: GET /v1/r3pv/health, POST /v1/receipt-relay/event, POST /v1/r3pv/groups, and GET /v1/r3pv/vector all returned HTTP 200 on 2026-07-06, and the signed vector verified verified=true at /v1/receipt/verify. Round-trip is network-dependent — measure receipt latency separately from settlement / rail latency. Measured latency & runnable curl →

Group a member receipt, generate the signed vector — runnable today
# sign a receipt for the event under review
curl -sS -X POST https://receipts.thehiveryiq.com/v1/receipt-relay/event \
  -H 'Content-Type: application/json' \
  -d '{"action":"account_action","external_system":"chime",
      "actor":{"did":"did:example:support-agent"},
      "payload":{"kind":"transfer_hold","reason":"review"},
      "healing_state":"pre_broadcast_stoppable"}' \
  | python3 -c 'import sys,json; json.dump(json.load(sys.stdin)["receipt"],open("r.json","w"))'

# group it, then generate + sign the proof vector
GID=$(curl -sS -X POST https://receipts.thehiveryiq.com/v1/r3pv/groups \
  -H 'Content-Type: application/json' \
  -d "{\"label\":\"chime\",\"receipts\":[$(cat r.json)]}" \
  | python3 -c 'import sys,json; print(json.load(sys.stdin)["group_id"])')
curl -s -w '\nvector %{time_total}s %{http_code}\n' \
  "https://receipts.thehiveryiq.com/v1/r3pv/vector?group_id=$GID"
Hive Protected Flow · signed decisions on top of R3Pv · live now

The signed proof vector becomes a signed decision — permit, hold, recover, escalate — with a meter quote

R3Pv tells you the honest state of a receipt group. Hive Protected Flow is the premium decision layer that takes that vector, applies a declared policy pack and declared exposure at risk, and returns an Ed25519-signed assessment: one of eight decision classes (permit, permit_with_evidence, require_approval, hold, recover, reroute, escalate, block), the risk factors that drove it, the permitted next actions, and a three-part meter quote — platform fee + R3Pv/Healing premium band + optional basis points on protected exposure. The meter is a quote, not a settlement. No funds move. Overrides can only make policy stricter, never looser.

Signed decision, honestly derived

The decision is the strictest of the R3Pv routing recommendation, the exposure band, and any policy hard-fail. POST /v1/protected-flow/assess returns signed_assessment with decision, rationale, risk_factors, and permitted_next_actions, all signed by did:hive:hivemorph. The assessment round-trips /v1/receipt/verify like any Hive receipt.

Three-part meter (protected-value pricing)

Broad coverage prices as lightweight infrastructure. Protected/high-risk flow prices as protected value: platform_fee_usd + protection_premium_usd (banded by decision class) + optional exposure_premium_usd (basis points on declared exposure). Named policy packs ship today: default, strict_bank, high_risk_agent.

Evidence export, auditor-ready

GET /v1/protected-flow/evidence/{group_id}/export bundles the signed R3Pv vector, the latest signed assessment, the referenced signed receipts, and the signer's pubkey material into a single signed bundle. Everything an auditor needs to re-verify the whole flow offline, no Hive call required.

Live signed assessment · real response shape from POST /v1/protected-flow/assess
{
  "signed_assessment": {
    "assessment_id": "protected_flow.assessment_1783344027_2941ed841f06",
    "payload_sha256": "2d137891401ae1a8d1820478…",
    "sig_b64u": "lTCi2JjQO4c-y9SiHeGBWnk7…",
    "key_id": "did:hive:hivemorph",
    "algorithm": "Ed25519",
    "assessment": {
      "schema": "protected-flow-v1.0.0",
      "decision": "hold",
      "rationale": "r3pv_routing=require_approval→require_approval; exposure_band=permit; policy_hard_fail=hold; strictest wins.",
      "permitted_next_actions": ["hold","export_evidence","preserve_evidence"],
      "risk_factors": [
        {"factor": "weakest_boundary_below_policy", "severity": "high"}
      ],
      "policy_pack": {"name": "default", "require_min_tier": "relay_observed"},
      "declared_exposure_usd": 500.0,
      "meter_quote": {
        "platform_fee_usd": 0.10,
        "protection_premium_usd": 1.00,
        "exposure_premium_usd": 0.0001,
        "total_usd": 1.10,
        "note": "Quote only. No funds move."
      }
    }
  },
  "verification": { "ok": true, "verify_endpoint": "/v1/receipt/verify" }
}

Runnable smoke — hit production yourself

Assess a Circle-shaped USDC intent under the default policy pack, then again under strict_bank. Same receipt, stricter policy → stricter decision. No funds move. This service never calls Circle APIs.

# Protected Flow — end-to-end smoke against live production
curl -sS https://receipts.thehiveryiq.com/v1/protected-flow/health | head -c 400; echo

# Sign a stablecoin-intent receipt (no funds moved)
curl -sS -X POST https://receipts.thehiveryiq.com/v1/receipt-relay/event \
  -H "Content-Type: application/json" \
  -d '{"action":"stablecoin_transfer","external_system":"circle","actor":{"did":"did:example:agent"},"payload":{"asset":"USDC","amount":"1000.00","from":"0xSender","to":"0xRecipient","network":"base","net_moved":"0.00"},"healing_state":"pre_broadcast_stoppable"}' \
  | python3 -c 'import sys,json; json.dump(json.load(sys.stdin)["receipt"], open("receipt.json","w"))'

# Assess (default policy, $500 exposure) — expect hold on self_attested weakest boundary
curl -sS -X POST https://receipts.thehiveryiq.com/v1/protected-flow/assess \
  -H "Content-Type: application/json" \
  -d "{\"label\":\"circle-usdc\",\"receipts\":[$(cat receipt.json)],\"policy_pack\":\"default\",\"declared_exposure_usd\":500.0}"

# Assess (strict_bank policy, $50k exposure) — expect hold with chain_verified requirement
curl -sS -X POST https://receipts.thehiveryiq.com/v1/protected-flow/assess \
  -H "Content-Type: application/json" \
  -d "{\"receipts\":[$(cat receipt.json)],\"policy_pack\":\"strict_bank\",\"declared_exposure_usd\":50000.0}"

Pricing framing

Broad coverage prices as lightweight infrastructure. Protected/high-risk flow prices as protected value: platform fee + R3Pv/Healing premium band + optional basis points on declared exposure. Named policy packs ship today — default, strict_bank, high_risk_agent — and custom packs are a strategic-window conversation. Protected Flow is category-defining and, like R3Pv, it never reverses finalized chain transactions and never calls Circle APIs.

Start receipting — three ways in

Every action below hits a real, running Hive surface. Start with one paid receipt, test a model receipt for free, or request an activation key to scope a pilot.

Where the same proof layer could take Chime next

Act I receipts the AI, support, and compliance actions Chime already runs — making today’s control plane independently provable. Act II points the same independent proof layer at what Chime has publicly said it is building toward: proactive, trusted financial assistants delivered with transparency, consent, and human safeguards (source 1). These are strategic options to weigh, not a claim that everything is live today.

Every line below rests on the same principle: an independent attestor. A bank can’t meaningfully attest its own AI to a regulator — which is exactly why an outside proof layer adds value, and what makes these lines harder to replicate. Each should be reviewed with counsel and Chime’s compliance function before any external launch.

Candidate line 01

Receipted financial-assistant actions

AFiR · model receipts · consent trace
The categoryAs Chime’s proactive assistant takes member-facing actions, each one is delivered with a signed receipt binding the transparency, consent, and human-safeguard trace Chime already promises — proof the assistant stayed inside its mandate.
Where Chime fitsChime has publicly described building toward proactive trusted financial assistants with transparency, consent, and human safeguards. The receipt makes those safeguards demonstrable, not just stated.

Hive attests the assistant’s conditions and actions — never that a financial recommendation was right. That honest boundary is what keeps it credible to a regulator.

Candidate line 02

Dispute & evidence packets, ready to send

Evidence bundle · content-sealed export
The categoryEvery dispute resolves into a pre-assembled, signed evidence packet a network or regulator can re-verify offline — turning a documentation burden into a one-click, provable export.
Where Chime fitsDispute operations already gather evidence; here the packet becomes a portable, tamper-evident object rather than an internal file.

The chain of custody is the product; the bundle is the artifact that survives an audit.

Candidate line 03

Audit-ready regulator bundles

Control-execution receipts · assurance posture
The categoryCompliance controls export as signed, examiner-ready bundles that prove a control ran, on which inputs, under which policy version — on demand, not reconstructed before an exam.
Where Chime fitsControls already exist; the proof that they executed is what would be new, and what an examiner increasingly asks to see.

Audit-surviving controls are a candidate category; the receipt graph is the audit trail.

Candidate line 04

Agentic rails for controlled external services

x402 settlement · agent-task receipts
The categoryWhen a Chime agent needs a controlled external service, it pays and proves on-rail via x402 (USDC / Base 8453, live today), with each agent task receipted. Provider-independent agent-task receipts are ready; broad agent-platform coverage (e.g. Manus) is awaiting a first-party API surface — a roadmap item, not a live integration.
Where Chime fitsAs agentic operations grow, the settlement + proof rail is already live; the external-agent-platform coverage expands as those platforms expose callable APIs.

x402 settlement and signed receipts are live; specific third-party agent-platform integrations are labelled as fast-follow, never asserted as shipped.

Candidate line 05

Payment healing & recoverability windows

Receipt Relay · rail-specific recovery
The categoryHive does not claim every payment can be reversed. Hive proves what happened early enough to act where the rail allows, and proves what happened afterward when it does not. Where the rail allows: pre-broadcast stop/revoke, escrow or quarantine hold, an issuer/custodian freeze request if integrated, or a counter-transfer workflow. Where it does not: an examiner-ready recovery bundle exported from Hive Ledger.
Where Chime fitsChime already runs fraud and dispute operations; with an integrated rail, the recoverability window becomes an explicit, receipted control rather than a manual scramble.

Issuer/custodian freeze and counter-transfer are labelled with integration, never asserted as live; the intent receipt and evidence bundle are provable today.

Act I proves what Chime runs today. Act II points the same independent proof layer at where Chime is heading — each a strategic option to weigh, harder to replicate because independence can’t be self-supplied, and none of them a claim that the line is live today.

Chime governs. Hive proves. Together the control plane isn’t only trusted — it’s independently provable.

Explore the live surfaces

Every link below is a real, running page — not a mock.

Sources

Public references for the Chime statements cited above. Where numbers appear on those pages, treat them as source-reported by Chime, not asserted here.

  1. How Chime is using AI to rewire financial services — Chime newsroom. Covers ChimeCore as a homegrown core banking platform for embedding AI safely without black-box vendors or legacy infrastructure; AI as a core capability with human oversight and accountability at every stage; ~30% of code written / reviewed with AI; ~70% of support interactions AI-powered with cost to serve down 60% and member satisfaction more than doubled; and the direction toward proactive trusted financial assistants with transparency, consent, and human safeguards. chime.com/newsroom/news/how-chime-is-using-ai-to-rewire-financial-services/
  2. Hive live rails referenced on this page: x402 checkout /x402-checkout/, signed model receipts /model-receipts/, runtime protection /afir/protection/, independent verification /verify/, and activation /activate/.