Proofs & Certificates · Live

Cryptographically verifiable. Externally checkable.

A governance decision is only as useful as your ability to prove it later. Sgraal issues four artifacts you can hand to an auditor, a counterparty, or your future self — each cryptographically signed, each verifiable without taking Sgraal's word for it.

The four artifacts

1 · MVMem Certificate

POST /v1/certify/mvmem

Proves: that a minimised memory subset preserves the original decision — the evidence behind a data-minimization claim (see /docs/mvmem).

Verify: the certificate is a Verifiable Credential; check it with POST /v1/certify/verify, which recomputes the signature in constant time and reports validity + expiry.

2 · Convergence Proof PDF

POST /v1/proofs/convergence

Demonstrates: that under Sgraal's assumed worst-case heal-decay model, an agent's healing trajectory is Lyapunov-stable — a Lyapunov-stability analysis rendered as a multi-page PDF with the analytical argument, a visualisation, methodology, and a signature block. It demonstrates the assumed model's behaviour; it is not an empirical guarantee about a specific production run.

Verify: the PDF carries a signing-key fingerprint in its signature block, and the response headers (X-Sgraal-Asymptotic-Stable, X-Sgraal-Monotonic-Decreasing) restate the result. It is designed to drop into an FDA-style or internal-audit dossier.

3 · W3C Verifiable Credential

POST /v1/certify

Proves: that a specific memory state passed preflight (USE_MEMORY / WARN) at a point in time, bound to the agent and domain.

Verify: a standards-shaped W3C VC with a SgraalProof2026 proof; POST /v1/certify/verify recomputes the proof value and also checks the revocation list (below).

4 · Audit-log hash chain

GET /v1/audit-log/chain-verify

Proves: that your decision history has not been altered — each audit entry is chained to the previous by hash, so any insertion, deletion, or edit breaks the chain.

Verify: GET /v1/audit-log/chain-verify walks the chain and reports the first break, if any. Tamper-evidence is a property of the structure, not a promise.

A credential, up close

Issuing a credential runs a preflight first; on USE_MEMORY / WARN it returns a signed VC. Illustrative values shown.

{
  "certified": true,
  "credential": {
    "@context": ["https://www.w3.org/2018/credentials/v1"],
    "type": ["VerifiableCredential", "SgraalMemoryCredential"],
    "issuer": "https://api.sgraal.com",
    "issuanceDate": "2026-05-24T09:12:04Z",
    "credentialSubject": {
      "agent_id": "support-bot-7",
      "decision": "USE_MEMORY",
      "omega": 18,
      "scope": "memory-state",
      "proof_hash": "sha256:9b8d...77c2",
      "valid_for_seconds": 86400,
      "domain": "customer_support"
    },
    "proof": {
      "type": "SgraalProof2026",
      "created": "2026-05-24T09:12:04Z",
      "verificationMethod": "https://api.sgraal.com/.well-known/sgraal.json",
      "proofValue": "..."
    }
  }
}

On ASK_USER / BLOCK the endpoint returns { "certified": false, "reason": "...", "decision": "...", "omega": ... } — a state is only certifiable if it actually passed.

Get a sample

Issue and verify a credential, or download a convergence proof, against the live API:

# Issue a credential
curl -sS https://api.sgraal.com/v1/certify \
  -H "Authorization: Bearer $SGRAAL_API_KEY" \
  -H "Content-Type: application/json" -d @memory.json

# Download a convergence proof PDF
curl -sS https://api.sgraal.com/v1/proofs/convergence \
  -H "Authorization: Bearer $SGRAAL_API_KEY" \
  -H "Content-Type: application/json" -d @memory.json \
  -o convergence_proof.pdf

Revocation

A credential can outlive its truth — an agent is decommissioned, a state is superseded. Each tenant keeps a revocation list, and verification checks it automatically.

GET /v1/credentials/revocation-list

{
  "credential_ids": ["cred_a1b2", "cred_c3d4"],
  "count": 2,
  "truncated": false
}

A revoked credential fails POST /v1/certify/verify even if its signature is otherwise valid — revocation is a first-class part of the verify path, not an afterthought.

What this does not replace

A third-party accreditation

These artifacts prove what Sgraal computed and that it has not been tampered with. They are not an external accreditation of Sgraal itself — Sgraal itself holds no third-party accreditation. See the threat model for the honest framing.

A guarantee of the underlying action

A credential attests that a memory state passed preflight. Whether the action the agent then took was correct depends on factors outside the memory layer. The proof bounds memory risk; it does not underwrite outcomes.

Versioning

Last reviewed: 2026-05-24. Status: Live · doc-only (endpoints in production).

Related: /docs/mvmem · /docs/vaccination · /security · /docs/api