ProcureLock — a receipt rail for every state of procure-to-pay.
Every transition in a B2B procurement cycle — request, quote, purchase order, PO acknowledgement, advance shipping notice, goods receipt, invoice, payment — bound to a dual-signed, post-quantum-ready receipt. Buyers, suppliers, ERPs, and procurement networks verify the chain offline. Live in production today.
What ProcureLock is
ProcureLock is the receipt-rail surface for procure-to-pay (P2P) and order-to-cash (O2C) flows. Every state transition in the procurement pipeline — purchase request raised, quote received, PO issued, PO acknowledged by the supplier, advance shipping notice transmitted, goods receipt confirmed, invoice received, payment disbursed — produces a dual-signed (Ed25519 + ML-DSA-65) post-quantum-ready receipt that any party in the cycle can verify offline.
Goods-receipt, invoice, and payment attestations validate cryptographic chain-of-custody from the prior po_issued receipt and enforce a true three-way match at protocol level. The chain_verify primitive returns the entire history for a PO, in canonical order, with any state-machine gaps, quantity mismatches, or price variances called out explicitly. ProcureLock is live on hivemorph today at /v1/procurelock/*.
EDI standards coverage
ProcureLock field semantics align with the four EDI dialects a global procurement function already speaks. Receipts drop into existing ERP, P2P, and supplier-network stacks without translation.
| Standard | Coverage |
|---|---|
| ANSI X12 | 850 (PO), 855 (PO ack), 856 (ASN), 810 (invoice), 820 (payment), 861 (receiving advice) |
| UN/EDIFACT | ORDERS, ORDRSP, DESADV, INVOIC, REMADV, RECADV |
| cXML | OrderRequest, ConfirmationRequest, ShipNoticeRequest, InvoiceDetailRequest, PaymentRemittanceRequest |
| SAP IDoc | ORDERS05, ORDRSP, DESADV01, INVOIC02, PEXR2002 — direct ERP binding |
| Peppol BIS | Billing 3.0, Order 3.0, Despatch Advice 3.0 — pan-European compliance |
| UBL 2.1 | Universal Business Language order, despatch, invoice, remittance documents |
| ISO 20022 | pain.001, pacs.008, camt.054 payment binding (Cosmic tier) |
The 10 MCP tools
| Tool | Purpose |
|---|---|
procurelock_event_attest | Attest a state transition with a dual-signed receipt envelope. |
procurelock_event_get | Retrieve a stored attestation by id. |
procurelock_event_verify | Verify both signatures on a stored attestation. |
procurelock_three_way_match | Enforce PO / goods receipt / invoice three-way match with explicit variance codes. |
procurelock_chain_verify | Verify the full state-machine chain for a PO. |
procurelock_by_po | Full transition chain for a PO, ordered by timestamp. |
procurelock_by_buyer | Paginated history by buyer DID. |
procurelock_by_supplier | Paginated history by supplier DID. |
procurelock_pricing | Read live pricing surface. |
procurelock_health | Health probe. |
Live well-known manifest at hivemorph.onrender.com/v1/procurelock/health. Contact for MCP integration credentials.
The attestation envelope
Every event_attest call returns an envelope containing: buyer DID, supplier DID, PO number, line item identifiers, event type, event hash, timestamp, optional carrier / 3PL / financier DIDs, optional ERP correlation id (SAP IDoc number, Coupa transaction id, Ariba network id), monetary value, currency code, and dual signatures (Ed25519 + ML-DSA-65). The signatures bind every field. Any tamper attempt invalidates verification.
The envelope is CBOR-canonical. Verification works offline against the issuer's published public keys — no Hive call required. ML-DSA-65 (NIST FIPS 204) is the post-quantum signature; Ed25519 (RFC 8032) provides classical assurance. Both must verify for the receipt to be valid.
Three-way match enforcement
The procure-to-pay state machine has a defined topology. A goods receipt cannot precede a PO. An invoice cannot be paid without a matched goods receipt. ProcureLock enforces this at protocol level — three_way_match compares PO line items, goods receipt quantities, and invoice amounts and emits explicit variance codes for any over-shipment, short-ship, price discrepancy, tax mismatch, or quantity gap. chain_verify reports out-of-order transitions, missing states, or unmatched cycles with discrepancy codes.
Cancellations, reversals, and credit memos are valid from any state. Each is its own attestation, signed by the originating party, anchored against the prior chain.
Deployment patterns
- ERP sidecar — a small daemon co-located with SAP / Oracle / NetSuite / D365 that fires
event_attestat every IDoc / business object lifecycle event with sub-second impact. - Procurement-network bridge — Coupa, Ariba, or Jaggaer call
event_attestat each cXML round-trip; suppliers and buyers verify offline against the receipt rail without changing their integration shape. - Carrier / 3PL integration — the carrier hits
event_attestfor ASN and proof-of-delivery events with chain-of-custody to the priorpo_issuedreceipt, making the shipment leg tamper-evident. - Audit / SOX / financier verification — the auditor or supply-chain financier runs
chain_verify+three_way_matchagainst the PO and gets a full canonical history, signed end-to-end.
Pricing
| Tier | Per event | Annual band |
|---|---|---|
| Standard | $0.0008 | $2,996 — $96K per buyer-supplier dyad |
| Cosmic | $0.0048 | ISO 20022 / Peppol / SOX-attested cycles |
| Unlimited | — | $2,999 / month flat |
Settlement: USDC on Base 8453 via x402. Volume contracts available for Tier-1 buyers and procurement networks above 10M events / year.
Field map
ProcureLock binds every procurement state to a dual-signed receipt that drops cleanly into existing ERP and procurement-network infrastructure. Each attestation accepts the procurement-native correlation fields below; the receipt envelope round-trips through standard X12 / EDIFACT / cXML / IDoc transports via the Hive Receipt primitive.
| Field | Format | Maps to |
|---|---|---|
buyer_did / supplier_did | did:hive:… | X12 N1 party loop; cXML From / To; SAP partner function (LF / WE / RE); Peppol EndpointID |
po_number | string | X12 850 BEG03; EDIFACT BGM segment; cXML OrderRequestHeader/@orderID; SAP EBELN |
line_item_id | string | X12 PO1 LIN01; cXML ItemOut/@lineNumber; SAP EBELP |
event_hash | sha256 hex | Document snapshot digest at the state transition; UBL DocumentReference hash linkage |
erp_transaction_id | string | SAP IDoc number (DOCNUM); Coupa transaction id; Ariba ANID + DocumentNumber |
asn_number | string | X12 856 BSN02; EDIFACT DESADV BGM; cXML ShipNoticeRequest/@shipmentID |
monetary_value / currency | decimal · ISO 4217 | X12 TDS01 / CUR; EDIFACT MOA / CUX; cXML Money |
prior_attestation_id | UUID | Chain-of-custody pointer to prior state in the cycle |
Receipt envelopes are CBOR-canonical and fit inside any X12 / EDIFACT / cXML / IDoc transport. Cross with DeedLock when the procurement leg has a real-estate component, or stamp directly into Coupa / Ariba / SAP S/4HANA / Oracle Procurement Cloud pipelines.
Make every procurement state cryptographically auditable
$0.0008 per event. USDC on Base 8453. 10 MCP tools, all live.
Contact sales See the platformQuestions buyers actually ask
What does ProcureLock attest?
Every state transition in the procurement pipeline — purchase request raised, quote received, PO issued, PO acknowledged by the supplier, advance shipping notice transmitted, goods receipt confirmed, invoice received, payment disbursed — produces a dual-signed (Ed25519 + ML-DSA-65) post-quantum-ready receipt that any party in the cycle can verify offline.
Does ProcureLock replace SAP, Coupa, or Ariba?
No. ProcureLock binds into the EDI dialects already in use. Receipts drop into existing ERP, P2P, and supplier-network stacks without translation. Field semantics align with X12, EDIFACT, cXML, IDoc, Peppol BIS, UBL 2.1, and ISO 20022.
How is the three-way match enforced?
ProcureLock enforces the procure-to-pay state machine at protocol level. The three_way_match primitive compares PO line items, goods receipt quantities, and invoice amounts and emits explicit variance codes for any over-shipment, short-ship, price discrepancy, tax mismatch, or quantity gap.
What does each event cost?
Standard tier is $0.0008 per attested event. Cosmic tier (ISO 20022 / Peppol / SOX-attested cycles) is $0.0048 per event. Unlimited is $2,999 per month flat. Settlement is in USDC on Base 8453 via x402.
How is the receipt verified?
The envelope is CBOR-canonical. Verification works offline against the issuer's published public keys — no Hive call required. ML-DSA-65 (NIST FIPS 204) is the post-quantum signature; Ed25519 (RFC 8032) provides classical assurance. Both must verify for the receipt to be valid.
Where is ProcureLock deployed?
ERP sidecars co-located with SAP, Oracle, NetSuite, or D365. Procurement-network bridges in Coupa, Ariba, and Jaggaer. Carrier and 3PL integrations for ASN and proof-of-delivery. Audit, SOX, and supply-chain financier verification flows.
Hive runs the receipt rail underneath the broader A2A · agent-to-agent commerce category.