Every completion leaves a receipt. Every copyleft exposure is flagged.
A code-gen merchant on the Visa CLI mints one hive-vcr-1 receipt per suggestion. License class of the training corpus, copyleft-exposure flags, and repo-binding are co-signed before the suggestion arrives in the editor.
The fields the operator co-signs before this call returns.
The operator signs every field below with ML-DSA-65, the government's post-quantum signature standard, and Hive signs it too. If a field is missing, that's not a default setting. It means the check failed. The merchant can't hand back a result without the receipt, and the receipt can't exist without these fields.
Code Generation · attestation fields
Three places this category needs a receipt yesterday.
Enterprise IP hygiene
When legal asks whether a copyleft snippet ever landed in a closed-source codebase, the receipts give a signed answer. No more waiting for a quarterly review.
Bug-bounty and provenance
If someone later flags a suggested completion as copied from a specific open-source file, the receipt lets the team go back to the exact call and see exactly what training data it came from.
Acquisition due diligence
A buyer's due diligence team checks where the code came from just by reading the receipt log. No digital forensics. No vendor surveys.
One endpoint. One envelope. No Hive dependency in your inference path.
A code generation operator adopts hive-vcr-1 by adding the receipt package to its response and publishing a verification key. Hive's signature rides alongside the operator's own, off to the side. It never sits on the critical path. If Hive goes away, the operator's receipts still check out against the operator's own key.