Every index leaves a receipt. Every retention claim is signed.
An embeddings merchant on the Visa CLI mints one hive-vcr-1 receipt per batch. Index region, retention class, and corpus class are co-signed so RAG pipelines have an admissible trail for what was indexed, when, and where it lives.
The fields the operator co-signs before this call returns.
The operator signs every field below with ML-DSA-65, the government's post-quantum signature standard, and Hive signs it too. If a field is missing, that's not a default setting. It means the check failed. The merchant can't hand back a result without the receipt, and the receipt can't exist without these fields.
Embeddings · Vector · attestation fields
Three places this category needs a receipt yesterday.
RAG compliance trails
An auditor reviewing a RAG answer can walk through the embedding receipts and confirm what data it came from. That's proof, not just a claim.
Cross-region data residency
When a contract requires EU-only vectors, the receipt for each batch proves the index lived in the EU. The region is a signed field, not just a setting someone flipped in a dashboard.
Vector deletion attestation
Set a retention_class of 30 days, and pair it with a later deletion receipt. Now a GDPR or CCPA request has a signed record proving the data was actually deleted.
One endpoint. One envelope. No Hive dependency in your inference path.
An embeddings and vector operator adopts hive-vcr-1 by adding the receipt package to its response and publishing a verification key. Hive's signature rides alongside the operator's own, off to the side. It never sits on the critical path. If Hive goes away, the operator's receipts still check out against the operator's own key.