version 1.0.0 · stable support boundary

Generally available. Deliberately local-first.

Certiv 1.0 is supported for local receipt workflows, deterministic evidence, a static public site, a read-only self-hosted API, and operator-managed verifier infrastructure. This page controls when a cached page or older design document sounds broader.

supported in 1.0

Production surfaces

  • Stable local CLI for manifest validation, pack, check, evidence, and local registry operations
  • Dual workspace runs with bounded output and fail-closed deterministic comparison
  • Strict hash-pinned receipt schemas and a separate standard-library validation kernel
  • Deterministic local archives, exact-byte evidence packets, and trusted Lean 4 or Coq checker IDs
  • Durable local CAS, serialized ledger, bounded self-hashed checkpoints, operator-signed head responses, read-only API, and fail-closed verifier worker
public instance

Read-only by design

  • Certiv.org serves static documentation, schemas, downloads, and a worked example
  • The public API and website do not accept uploads or confidential artifacts
  • Managed private custody, encryption, escrow, accounts, billing, and subscriptions are not offered
  • Verifier execution is operator-managed and is not a managed certiv.org service
  • No scientific, legal, safety, novelty, provenance, or priority certification is offered
operator contract

Production obligations

  • Deploy only hash-locked dependencies and digest-pinned images from a reviewed release
  • Initialize and back up the node key offline; retain operator-signed ledger head responses outside the host
  • Gate traffic on /api/v1/ready and alert on ledger, key, storage, or worker failures
  • Use a dedicated unprivileged verifier host with gVisor for third-party executable work
  • Exercise backup, restore, rollback, incident response, privacy retention, and key recovery
Brand and package identity remain explicit.

Certiv is the owner-authorized brand used by this project. The project distribution is certiv-receipts; the bare certiv namespace on PyPI currently resolves to a separate distribution and must not be substituted. Apache-2.0 grants no trademark rights, and this release makes no representation about application, registration, or legal clearance status.

Inspect the worked example, read the receipt semantics, review the claim evidence, or inspect the security boundary.