Vaara

Vaara is the tamper-evident runtime evidence layer for AI systems. It turns every action an agent takes into a record an outside party can verify without trusting you, then binds that record to the machine's own TPM 2.0 + IMA attestation. EU AI Act compliance, and any other case where you have to prove what an agent actually did.

Open source. No SaaS. No telemetry. No signup.

anyone can check a record keyless
$ vaara verify-record someone-elses-record.json

conformance: CONFORMS
  [pass] required  alg_supported
  [pass] required  signature_hex
  [pass] required  result_commitment_self_consistent
                   projectionDigest == sha256 over the projection bytes
  ... 13 more checks, all pass

no signing key, no access to the system that produced it

What's shipped

Adoption (live)

Acknowledged by

Where