Built on Midnight · Hackathon submission, May 2026

Cryptographic receipts for AI outputs.

Sign an output policy once. Every AI call afterward mints a zero-knowledge receipt proving the response satisfied that policy — without revealing the response itself. You control selective disclosure for audits, regulators, or court.

Sign a policy Try the demo Verify an audit link

The triple-bind every AI deployment hits

EU AI Act

High-risk AI mandates per-inference audit logs that an independent party can verify. Self-attested logs don’t qualify.

GDPR + HIPAA

Audit trails cannot leak PII or session content. Hashes and ZK proofs on-chain; plaintext stays with the user.

Fed Rules 902(14)

US courts treat cryptographically signed records as self-authenticating. Centralised logs require forensic experts.

Plain text logs satisfy none of these. ZK proofs satisfy all three.

How it fits together

React UI + Lace wallet

User Layer

· Policy dashboard
· Receipt list
· Reveal flow

TypeScript

Client SDK

· LLM proxy
· Risk extractor
· Witness builder
· AES-GCM encryption

Compact contract

Midnight

· Policy registry
· Receipt registry
· Selective reveal
· ZK verifier

Policy library

Each primitive is its own auditable circuit. Add more by writing a new Compact policy + a deterministic feature extractor.

Live

NumericThreshold

Constrain a deterministic risk score to stay at or below a threshold. Today: financial-advice risk.

risk_score ≤ 50

Live

KeywordAbsence

AI output must not contain any keyword in a list. PII redaction, jailbreak detection, brand-safe replies.

response ∩ [“SSN”, “bitcoin”] = ∅

Phase 6

ScopeMembership

AI output must stay on a configured topic. Classifier-based; Phase 6.

topic ∈ { finance, support }

WITNESS

Dashboard Verify GitHub

Built on Midnight · Hackathon submission, May 2026

Cryptographic receipts for AI outputs.

Sign a policy Try the demo Verify an audit link

The triple-bind every AI deployment hits

EU AI Act

High-risk AI mandates per-inference audit logs that an independent party can verify. Self-attested logs don’t qualify.

GDPR + HIPAA

Audit trails cannot leak PII or session content. Hashes and ZK proofs on-chain; plaintext stays with the user.

Fed Rules 902(14)

US courts treat cryptographically signed records as self-authenticating. Centralised logs require forensic experts.

Plain text logs satisfy none of these. ZK proofs satisfy all three.

How it fits together

React UI + Lace wallet

User Layer

· Policy dashboard
· Receipt list
· Reveal flow

TypeScript

Client SDK

· LLM proxy
· Risk extractor
· Witness builder
· AES-GCM encryption

Compact contract

Midnight

· Policy registry
· Receipt registry
· Selective reveal
· ZK verifier

Policy library

Each primitive is its own auditable circuit. Add more by writing a new Compact policy + a deterministic feature extractor.

Live

NumericThreshold

Constrain a deterministic risk score to stay at or below a threshold. Today: financial-advice risk.

risk_score ≤ 50

Live

KeywordAbsence

AI output must not contain any keyword in a list. PII redaction, jailbreak detection, brand-safe replies.

response ∩ [“SSN”, “bitcoin”] = ∅

Phase 6

ScopeMembership

AI output must stay on a configured topic. Classifier-based; Phase 6.

topic ∈ { finance, support }