Every token call leaves a receipt. Every region claim is signed.
An LLM merchant on the Visa CLI mints one hive-vcr-1 receipt per call. Region, hardware class, training-region posture, and prompt-redaction class are co-signed by the operator before any tokens flow back.
The fields the operator co-signs before this call returns.
Every field below is co-signed by the operator with ML-DSA-65 and countersigned by Hive. Absence is not a default. Absence is a verification failure. The merchant cannot return the call's result without the receipt; the receipt cannot exist without these fields.
LLM Inference · attestation fields
Three places this category needs a receipt yesterday.
EU AI Act Article 50 evidence
The training_region and rights_class fields are exactly what an Article 50 conformity package asks for. The evidence is the receipt itself; nothing has to be reconstructed.
Regulated industry inference
Healthcare and legal callers need to prove that PII was redacted before tokens were sent. Redaction class is in the envelope, signed by the operator, before the call returns.
Sovereign-region routing
When a contract requires EU-only compute, the receipt proves the call ran in the EU. Region is co-signed, not promised by a settings page.
One endpoint. One envelope. No Hive dependency in your inference path.
A llm inference operator adopts hive-vcr-1 by appending the receipt envelope to the response and exposing a public verification key. Hive's countersignature is a sidecar; it does not sit on the critical path. If Hive disappears, the operator's receipts remain verifiable against the operator's own key.