μαρτυρία / mar·tu·ría / n. ancient greek — witness, testimony, the act of bearing record
The EU AI Act demands automatic logging that can't be altered after the fact, and human oversight you can prove. Marturia produces the receipts — Ed25519-signed, hash-chained, Merkle-anchored, witness-cosigned — with an offline open-source verifier on PyPI so auditors don't depend on us to verify our work.
Every agent action becomes a span; every span gets a signed receipt; every receipt rolls into a Merkle root your auditors' instances cosign. No third-party SaaS in the trust chain — everything self-hosted, in-house cryptography.
Per-tenant Ed25519 signing keys, HKDF-derived from a master KEK. SHA-256 hash chaining across receipts. Modify any event and every subsequent receipt is invalid — verifiers detect it on the next walk.
Your customers and auditors run their own Marturia instances and cosign your Merkle roots. Sigstore/Rekor pattern, productized. A compromised operator alone can't rewrite history; quorum forgery requires colluding with every cosigner.
/api/marturia/gl/invoice/1234 returns every span, every agent action, every retry that ever touched that object. The customer-support and dispute-resolution view no other observability tool has.
SSE-streamed spans, virtualized viewport. 200k events on screen without dropping a frame.
Sentry-style fingerprinting with PII redaction baked in at the exporter.
Per customer, per feature, per model. Stop arguing about the bill with finance.
Trace any agent run end-to-end. Span tree + tool calls + token usage on one page.
Walk an agent decision through to a human override, watch the chain commit, and then tamper with any receipt. The verifier — the same wheel you'll pip install — catches the break in real time, the way it would in a regulator's hands.
$ pip install marturia-verify Successfully installed marturia-verify-0.4.2 $ marturia-verify --help marturia-verify chain --id=<path> walk and verify a receipt chain marturia-verify roots --since=<ts> list Merkle roots cosigned in window Ready. Run the scenario above to produce a chain to verify.
Marturia accepts OTLP on the wire, so existing OTel SDKs Just Work. Point the HTTP exporter at your project's ingest endpoint, set your project key, and every span you record is signed and chained automatically.
MARTURIA_KEY in the environment. One key per project, rotatable.
marturia.dev/api/v1/traces — TLS terminated, OTLP/HTTP, project key in the header.
pip install marturia-verify from your auditor's laptop.
# pip install opentelemetry-exporter-otlp-proto-http from opentelemetry import trace from opentelemetry.sdk.trace import TracerProvider from opentelemetry.sdk.trace.export import BatchSpanProcessor from opentelemetry.exporter.otlp.proto.http.trace_exporter \ import OTLPSpanExporter provider = TracerProvider() exporter = OTLPSpanExporter( endpoint="https://marturia.dev/api/v1/traces", headers={"X-Marturia-Key": os.environ["MARTURIA_KEY"]}, ) provider.add_span_processor(BatchSpanProcessor(exporter)) trace.set_tracer_provider(provider) # That's it. Every span is signed + chained on ingest.
Most AI governance products produce documentation. Marturia produces cryptographic evidence: tamper-evident receipts of every agent decision, every human override, every rejected action. The kind of artifact a regulator under the EU AI Act, an ISO 42001 auditor, or an insurance underwriter can actually verify.
Every agent action becomes a span and every span produces a signed receipt with its complete inputs, outputs, model version, and tool calls. Article 12 demands automatic recording of events that can't be altered after the fact — hash-chained Ed25519 signatures are exactly that.
Article 14 isn't satisfied by routing decisions to a human; you have to prove what a human reviewed and why they overrode the model. Marturia records the human-in-loop step as a receipt of its own, chained to the agent decision it overrode. Independently verifiable, defensible in a regulatory probe.
ISO/IEC 42001 certification audits require objective evidence that your AI Management System actually does what your policy says it does. Marturia receipts plug straight in as Annex A.6 evidence: data audit trails, decision logging, post-incident traceability — all dated, signed, and witness-cosigned.
Maps to GOVERN, MAP, MEASURE, and MANAGE function evidence with one export.
Satisfies CC7.2 and 45 CFR § 164.312(b) audit-log requirements out of the box.
For AI-liability underwriting — receipts that hold up at the carrier and in court.
Logging schema designed against the prEN 18229-1 logging draft, ready when it lands.
pip install marturia-verify gives any auditor a standalone wheel.
They can verify our receipts without Marturia's servers, without a blockchain, without trusting us.
If we vanish tomorrow, your evidence still holds in court. Most cryptographic-audit-trail competitors require their infrastructure or a public blockchain to verify a receipt. We don't.
The free tier exists so devs can start sending spans the same evening. Paid tiers gate the cryptographic features — you only need them when you have a customer asking you to prove something. The Audit tier exists for the EU AI Act / ISO 42001 buyer comparing us to Credo AI, OneTrust, and GuardianChain — at roughly a quarter of their price.
marturia-verifySelf-hosted on your VPC or air-gapped. Dedicated witness cosigners. Custom SLA + 24/7 support. Custom retention & audit-report formats.
The product is live. The dashboard, OTLP ingest, signed receipts, public verifier, and the marturia-verify Python package on PyPI all work end-to-end. We're running invite-only while we onboard the first wave of design partners and finish wiring billing, key ceremony, and isolated production hosting.