CarnacPrompt™ · Proof Inside · born labeled
Proof, inside the window.
Your product has a prompt window: a chat box, a voice command, a "book it for me" button. CarnacPrompt™ puts a signed, third-party receipt on every answer it gives, believable precisely because it is not yours.
The live window
Type any question the way one of your users would, then sign it. This calls the live signing core over the network and shows the real ML-DSA-65 signature it returns.
Ask the window
The live core signs the request text and returns a real receipt. The model answer is not called here. First call can take up to a minute while the free demo core wakes.
The receipt born with it
The injection console
A labeled prompt carries who asked, which model, and what rules. Flip the switch to see what happens when someone tries to slip an answer in without a label.
Unlabeled traffic is never refused. It still gets a receipt, floored honestly, so a mismatch is a condition you can see, never a silent verdict.
The cost curve
Signing is cheap and the answer never waits. The heavy proof only runs when the stakes call for it, so most windows pay close to nothing per prompt.
How you wire it
Scroll code →
Carnac.init({ key: "int_9f2a...", origin: "booking-app" }) // one line, once
The other half of the pair. Proof Inside labels the answer where it is born. Carnac Gateway™ countersigns it where it arrives. Together, disputes about "what was sent vs. what was served" simply end.
Proof at the Door →