Every completion leaves a receipt. Every copyleft exposure is flagged.
A code-gen merchant on the Visa CLI mints one hive-vcr-1 receipt per suggestion. License class of the training corpus, copyleft-exposure flags, and repo-binding are co-signed before the suggestion arrives in the editor.
The fields the operator co-signs before this call returns.
Every field below is co-signed by the operator with ML-DSA-65 and countersigned by Hive. Absence is not a default. Absence is a verification failure. The merchant cannot return the call's result without the receipt; the receipt cannot exist without these fields.
Code Generation · attestation fields
Three places this category needs a receipt yesterday.
Enterprise IP hygiene
When legal asks whether a copyleft snippet ever landed in a closed-source codebase, the receipts answer with cryptographic certainty, not a quarterly attestation.
Bug-bounty and provenance
If a suggested completion is later flagged as derived from a specific OSS file, the receipt lets the team rewind to the exact call and exact training-corpus class.
Acquisition due diligence
An acquirer's diligence team verifies code provenance by walking the receipt log. No reconstructive forensics. No vendor surveys.
One endpoint. One envelope. No Hive dependency in your inference path.
A code generation operator adopts hive-vcr-1 by appending the receipt envelope to the response and exposing a public verification key. Hive's countersignature is a sidecar; it does not sit on the critical path. If Hive disappears, the operator's receipts remain verifiable against the operator's own key.