Vaara is the tamper-evident runtime evidence layer for AI systems. It turns every action an agent takes into a record an outside party can verify, without trusting you. EU AI Act compliance, and any other case where you have to prove what an agent actually did.

Open source. No SaaS. No telemetry. No signup.

anyone can check a record keyless

$ vaara verify-record someone-elses-record.json

  schema             ok    well-formed SEP-2828 execution record
  result commitment  ok    projectionDigest == sha256(projection)
  verdict            CONFORMS

no signing key, no access to the system that produced it

What's shipped

Check any record yourself: vaara verify-record tests any JSON against the published SEP-2828 format, including a record Vaara never produced. Keyless, so it needs no signing key and no access to the system that made it.
One evidence bundle, one verdict: vaara verify-bundle runs six independent checks and prints a single pass or fail, fail-closed on authenticity. vaara build-bundle is the issuer side of the same file.
Hash-chained, tamper-evident audit trail (SHA-256, optional Ed25519, optional post-quantum ML-DSA-65). An auditor verifies it offline with a public key.
External time anchor: the chain head is anchored to an RFC 3161 / eIDAS qualified timestamp, so a record cannot be backdated against a clock you do not control.
One-command regulator package: vaara trail export-article12 writes the signed trail, per-article EU AI Act evidence, and the time anchor as Article 19 existence-in-time, in one file an authority checks offline.
Policy gating on every tool call: allow, block, or escalate each agent action against your own policy before it runs.
SEP-2828, the Model Context Protocol server-side execution-record proposal, authored by Vaara. An independent developer reproduced the full conformance suite from a clean checkout with no shared code.
Transparent MCP proxy in front of one or more upstream servers, with native hooks for LangChain, CrewAI, and the OpenAI Agents SDK. Per-tenant policy. TypeScript client on npm. Claude Code plugin in the same repo.
Distribution-free conformal coverage on each runtime risk score, checkable by an auditor independently of the input distribution.
SLSA Build Level 3 provenance and Sigstore-signed releases on every publish; continuous fuzzing on the decoder, audit, and policy loader.

Adoption (live)

- PyPI downloads, last 30 days
- PyPI downloads, last 7 days
- npm downloads, last 7 days (@vaara/client)

Acknowledged by

IMDA Model AI Governance Framework for Agentic AI v1.5 (Singapore, 20 May 2026), industry contributors
AMD developer testimonial (May 2026)
OpenSSF Best Practices Project 12612

Where

codegithub.com/vaaraio/vaara pypipypi.org/project/vaara npm@vaara/client mcp registryio.github.vaaraio/vaara standardSEP-2828 complianceCOMPLIANCE.md