NEW RESEARCH: Your Sandbox Is Made of Glass
Read
Deterministic Replay · Immutable Audit Logs
Same prompt, same seed, same model — same answer, bit-for-bit, months later. Every AI action gets an immutable receipt you can replay, not just read.
DLIR · deterministic_inference_receipts
SIGNED
model_digest
3f9a…c7e1
seed
0
input_digest
a14b…0d9f
output_digest
e8d2…41aa
policy_hash
9c01…b7d4
kernel_fp
batch_invariant
✓ bit_exact
Frontier models win a single call. We win the thousandth.
Production is the thousandth call of the same workflow. Accuracy is rented — it resets every model swap. Precision is owned: bit-stable, testable, and yours.
The Difference
An ordinary log
You can sign a log, but you cannot re-execute it. When an auditor, regulator, or reinsurer asks “is this the same answer the customer saw?” the only honest reply is a shrug. A non-reproducible answer is a claim, not evidence.
A Trinitite receipt
Each decision re-executes on a determinism-fixed kernel and returns the identical output — or signs the fact that it diverged. That is the line between something you file and something you can defend.
What Gets Signed
A Deterministic LLM Inference Receipt (DLIR) embeds enough to re-execute the decision. Each receipt links to the one before it, append-only — change a single entry and every signature after it breaks.
call
receipt
chain
anchor
model_digest
The exact merged-LoRA weight hash that produced the answer.
seed
The RNG seed the call ran with — default 0, recorded every time.
input_digest
Canonical-JSON hash of the prompt and full context window.
output_digest
Canonical-JSON hash of the response bytes the model returned.
policy_hash
The active Guardian rubric in force at the moment of the decision.
kernel_fp
The batch-invariant kernel fingerprint that makes the result reproducible.
Hash chains prove order, not time. Each chain root is anchored to clocks outside Trinitite — an RFC 3161 timestamp authority and the Sigstore Rekor transparency log — so not even Trinitite can backdate an entry.
Every Replay Has a Verdict
bit_exact
Hashes match. The decision reproduces byte-for-byte. Closed.
semantic_only
Same meaning, different bytes — surfaced as a finding.
divergent
A different answer. Raised as high-severity.
original_missing
Original not found — a chain break, flagged at once.
The No-Drift Warranty
We're confident enough in our determinism to contract for it. Every call — free tier included — is warrantied against kernel drift. Hold a receipt; verify it later. If the kernel fingerprint no longer matches, the claim opens automatically and the payout routes through a captive carrier. Not a service-level promise. A contract.
Free
$500
Service credit
Pro
$5,000
Credit + engineering time
Mid-market
$25,000
+ cash (capped)
Enterprise
$50,000+
+ indemnity option
We warrant your bytes won't move — not that they were the right answer to begin with. The first is precision. The second is accuracy. Production runs on precision.
Every signed report ships with a QR code and a short URL into the public verifier. The recipient scans, fetches the public keys from the published JWKS, checks the signature, and walks the chain back to the GPU kernel attestation — with no login, no NDA, no integration. See the auditor workflow and the ledger.
It is the same proof behind model risk management (SR 11-7) and MCP governance: one deterministic kernel, one signed receipt, re-verifiable by whoever asks.
The same receipt is the proof underneath AI guardrails, prompt injection defense, LLM observability, and EU AI Act compliance. New to the vocabulary? Start with the AI governance glossary.
FAQ
Deterministic replay is the ability to re-run a past AI agent decision and reproduce the same output bytes. GPU inference is non-deterministic by default — floating-point reductions re-order across batches and CUDA streams — so the same prompt can drift silently. Trinitite runs a determinism-fixed SGLang kernel, so the same prompt, seed, and weights reproduce the same response, bit-for-bit, months later.
Every governed call writes a signed, hash-chained DLIR receipt — model digest, seed, input and output hashes, and the policy in force. The receipts form an append-only chain, so changing one entry breaks every signature after it. Each chain root is anchored to an RFC 3161 timestamp authority and the Sigstore Rekor transparency log, so not even Trinitite can backdate an entry.
Yes. They land on the public verifier with one receipt, fetch the public keys from the published JWKS, check the signature, and walk the chain back to the GPU kernel attestation — no login, no NDA. The cryptography is the only path of trust; there is no operator override.
Every call — free tier included — is warrantied against kernel drift. If you hold a receipt and later verify it against the live cluster and the kernel fingerprint no longer matches, the claim opens automatically and the payout routes through a captive carrier. We warrant your bytes won’t move; per-event caps scale from $500 (free) to $50,000+ (enterprise).
Bring one workflow. We'll reproduce a logged AI decision bit-for-bit, then hand you the receipt chain to verify yourself.
Trinitite
AI governance that catches mistakes, proves compliance, and shows the board what it saved—in dollars.
Trinitite is built by Fiscus Flows, Inc.
Product
Solutions
© 2026 Fiscus Flows, Inc. · All rights reserved
Accessibility
The Guardian Standard™