Every token call leaves a receipt, and every region claim gets signed.
An LLM merchant on the Visa CLI creates one hive-vcr-1 receipt for every call. The operator signs the region, the hardware type, where the model was trained, and whether prompts got redacted, all before any tokens come back to you.
The operator signs these fields before the call ever comes back to you.
The operator signs every field below with ML-DSA-65 (the government's post-quantum signature standard), and Hive signs on top of that. If a field is missing, that's not a default setting. It means the receipt fails verification. The merchant can't send you a result without the receipt, and the receipt can't exist without these fields filled in.
LLM Inference · attestation fields
Three places that need a receipt right now.
EU AI Act Article 50 evidence
The training_region and rights_class fields are exactly what an Article 50 conformity package asks for. The receipt is the evidence. Nobody has to reconstruct anything after the fact.
Regulated industry inference
Healthcare and legal callers need to prove that personal data was redacted before any tokens were sent. That redaction gets signed by the operator and put in the envelope before the call comes back.
Sovereign-region routing
When a contract requires EU-only compute, the receipt proves the call ran in the EU. The region gets signed. It's not just a setting on a page that says trust us.
One endpoint, one envelope, and Hive never sits in your inference path.
An LLM inference operator adopts hive-vcr-1 by attaching the receipt envelope to the response and publishing a verification key. Hive's signature rides alongside, it never blocks the critical path. If Hive ever went away, the operator's receipts would still check out against the operator's own key.