Every index leaves a receipt. Every retention claim is signed.
An embeddings merchant on the Visa CLI mints one hive-vcr-1 receipt per batch. Index region, retention class, and corpus class are co-signed so RAG pipelines have an admissible trail for what was indexed, when, and where it lives.
The fields the operator co-signs before this call returns.
Every field below is co-signed by the operator with ML-DSA-65 and countersigned by Hive. Absence is not a default. Absence is a verification failure. The merchant cannot return the call's result without the receipt; the receipt cannot exist without these fields.
Embeddings · Vector · attestation fields
Three places this category needs a receipt yesterday.
RAG compliance trails
An auditor reviewing a RAG-grounded answer walks the embedding receipts to confirm corpus class. The grounding is provable, not asserted.
Cross-region data residency
When a contract requires EU-only vectors, the per-batch receipt proves the index lived in the EU. Region is a signed field, not a console toggle.
Vector deletion attestation
A retention_class of 30d, combined with a later deletion receipt, gives a GDPR or CCPA caller an admissible artifact for the deletion itself.
One endpoint. One envelope. No Hive dependency in your inference path.
A embeddings · vector operator adopts hive-vcr-1 by appending the receipt envelope to the response and exposing a public verification key. Hive's countersignature is a sidecar; it does not sit on the critical path. If Hive disappears, the operator's receipts remain verifiable against the operator's own key.