Act. Sign. Anchor. Verify it yourself.

Every action an AI takes is sealed into a Stoa receipt: what it was, when it happened, and a fingerprint of what went in and out. The page leads with a live falsification demo. The receipt's ES256 signature is rendered character by character, and tampering with a single character flips the verifier badge from Verified to Invalid and breaks the proof. It all runs client side, with no network call, because that is the whole point: you do not have to trust Vext to check the work.

The flow is four moves, all in the open. First, the AI acts: Theron sends an email, runs a query, or moves a record. Second, the receipt is sealed: a compact record of the action, the time, and a fingerprint of inputs and outputs, stamped with an ES256 signature (JWS). Third, every receipt is anchored: once a day, every receipt rolls up into a single published fingerprint, a daily Merkle root, after which no one can add, delete, back-date, or swap one. Fourth, anyone checks it offline by running the open-source verifier against any receipt.

A receipt stores no content, only fingerprints: the action named plainly, the exact time to the second in UTC, an input fingerprint of everything that went in, an output fingerprint of what came out, and the cryptographic seal. Change either fingerprint and it stops matching; the signature breaks the instant anything is altered. The verifier is run with npx @vextlabs/stoa-verifier, is Apache-2.0 licensed with zero dependencies, and checks signature and anchor locally with no Vext account and no call home. Theron Pro is $20 per month when you are ready; the open verifier is free forever.

How does the in-browser tamper demo work?

The receipt's ES256 signature is shown character by character. Click any character, or press Tamper with it, and one character flips. The verifier badge swaps from Verified to Invalid and the signature plus Merkle proof fail. It all happens client side with no network call. Restore original resets it.

What is actually stored in a Stoa receipt?

Only fingerprints, never the content. A receipt records the action named plainly, the exact time to the second in UTC, an input fingerprint of everything that went in, an output fingerprint of what came out, and an ES256 signature. Change any fingerprint and the seal stops matching.

How do I verify a receipt myself?

Run the open-source verifier with npx @vextlabs/stoa-verifier against any receipt. Signature and anchor check locally. There is no Vext account, no call home, and no trust required. The verifier is Apache-2.0 licensed with zero dependencies.

What does the daily Merkle root anchor do?

Once a day, every receipt rolls up into a single published fingerprint, the daily Merkle root. After a receipt is anchored, no one can add, delete, back-date, or swap one without the verification failing.