Response Integrity
Every LLM response in the Veridex agent runtime is sealed with an HMAC chain-of-custody signature. This provides cryptographic proof that model outputs haven't been modified between the provider and your application.
Threat Model
| Threat | Mitigation |
|---|---|
| Man-in-the-middle modifying LLM responses | HMAC seal verification detects tampering |
| Proxy or middleware injecting content | Raw response hash comparison reveals modifications |
| Disputed agent behavior | Sealed response envelopes provide non-repudiable evidence |
| Audit trail integrity | Content-hashed traces with embedded seals |
Seal Algorithm
- Key Derivation: HKDF-SHA256 with API key as IKM, salt
"veridex-response-seal-v1", info"hmac-signing-key" - Signing: HMAC-SHA256 over the raw response bytes
- Hashing: SHA-256 of raw response bytes for fingerprinting
Verification
import { verifyResponseSeal } from '@veridex/agents';
const isValid = verifyResponseSeal(
envelope.chainOfCustodySeal,
rawResponseBytes,
apiKeyBytes,
);Limitations
- Seals verify integrity from the Veridex runtime, not from the model provider's infrastructure
- API key rotation requires re-deriving signing keys
- Streaming responses are sealed after assembly (not per-chunk)
The Provider Response Signing Initiative proposes a future where model providers cryptographically sign responses at origin.
Related
- Guide: Agent Integrity — Full walkthrough
- Agents Framework — ResponseSeal API
- Governance: Traces — Audit trail with seals