GATEFRAME
Enterprise Command Center
No access code?
shankar@gateframe.io
Command Overview ● API LIVE DIFC REG 10 USPTO 64/067,547
JULY 21, 2026 — REGULATORY EVENT
Federal ECOA disparate-impact ends. §1002.9 adverse-action accuracy survives. NJ N.J.A.C. 13:16 adds private-party standing. Earnest AOD ¶71 mandates algorithmic oversight teams. GateFrame DPR is the per-decision signed evidence record required.
DPRs Sealed
All time · live from API
Sealed Today
Last 24 hours
Chain Integrity
100%
0 integrity failures
Pending Actions
7
Complete before 7AM Dubai
DIFC Regulation 10
● IN FORCE
January 1, 2026 · UAE / DIFC jurisdiction
EU AI Act Article 12
⏱ 77 DAYS
August 2, 2026 · High-risk AI enforcement
Colorado SB26-189
⏱ JAN 1, 2027
Passed May 9, 2026 · Replaces SB24-205
CFPB / ECOA Reg B
● ACTIVE
§1002.9 · AI adverse action notices
CBUAE AI Guidance
● ACTIVE
February 2026 · UAE banking AI
BaFin DORA
● IN FORCE
January 17, 2025 · EU ICT risk
⚖️
USPTO Provisional Patent · Application No. 64/067,547
Priority Date: May 16, 2026 · 33 Claims · Micro-Entity · Non-Provisional Deadline: May 16, 2027 · Covers: DPR chain architecture, dual key custody, Behavioral Corpus Contribution Protocol, Agent Passport + IPR + Sentinel + DPR Trust Stack
01 · DEMO
Live DPR Demo
Generate a signed, verified Decision Provenance Record. CFPB Form C-1. Ed25519 signature. Live API.
→ Run Demo
02 · INTEGRITY
Tamper-Proof Chain
Show hash-chain integrity. Tamper any field and watch the entire chain invalidate.
→ Show Chain
03 · VERIFY
Independent Verification
Paste any DPR JSON. Verify without trusting GateFrame. Examiner-grade output.
→ Verify Record
04 · EXPORT
Evidence Pack Generator
Generate a printable evidence pack for CFPB, DFSA, or OCC examiners. Formatted for submission.
→ Generate Pack
05 · INTELLIGENCE
CFPB Enforcement Database
14 enforcement actions mapped to their evidence gap. $847M in penalties. What GateFrame would have produced.
→ View Database
06 · REFERENCE
DPR Specification v0.1
Technical specification. Apache 2.0. Priority Date April 22, 2026. Referenced in patent claims.
→ Read Spec
GateFrame Evidence Infrastructure · Production
API Live
12 Endpoints
API Docs ↗
Live API Demo

Prove what AI did.

Select a scenario. Hit generate. Watch GateFrame produce a cryptographically signed, examiner-ready Decision Provenance Record — live, against the production API, in under 200ms.

Input · SHAP Values + Context
ECOA / REG B
Principal Adverse Factors
01
VALIDATE
SHAP → Reg B
02
SIGN
Ed25519 + Merkle
03
EVIDENCE
5 artifacts
Raw JSON Payload editable — try your own SHAP values
Ready — select a scenario and generate.
Output · Decision Provenance Record
DPR ID: —
Awaiting generation
Ed25519 + SHA-256 + CFPB Form C-1
Pipeline ms
Reg B Reasons
Signature Chars
5
Evidence Artifacts
GateFrame · API Docs · shankar@gateframe.io · Strictly Confidential · © 2026 GateFrame Inc.
Ed25519 · SHA-256 Binary Merkle Tree · DPR Spec v0.1
GateFrame
Tamper Proof Demonstration · Live API
Cryptographic Integrity
Live Proof · Production API

Can you change what the AI decided?
Watch what happens.

GateFrame signs every AI decision with Ed25519 at the moment it's made. Try changing any field below — the decision, the reason code, the timestamp. The verification will fail. Every time. Cryptographically.

Step 1 — Signed Decision Record
NOT YET SIGNED
Click "Generate & Sign" to create a
cryptographically signed decision record
Step 3 — Verify Cryptographic Integrity
AWAITING
Generate a signed record first,
then verify its integrity here
01 — Ed25519 SIGNING
Signed at the moment of decision
Every decision record is signed with an Ed25519 private key the moment it's created. The signature is computed over the canonical JSON — every field, in sorted order, with no whitespace.
02 — SHA-256 HASH CHAIN
Every record links to the previous
Each record includes the SHA-256 hash of the previous record. Changing any record breaks every subsequent link — the entire chain invalidates, not just the tampered record.
03 — INDEPENDENT VERIFICATION
No trust in GateFrame required
The verifying public key is published at /agentseal/health. Any party — a regulator, an auditor, a counterparty — can verify any record offline without calling GateFrame's servers.
GateFrame
Independent Verification Portal
Public Verifier
Examiner-Grade
Live Demo ↗ API Docs ↗
Independent Cryptographic Verifier

Did this AI record hold?

Paste any GateFrame Decision Provenance Record. This portal independently verifies cryptographic integrity — no trust in GateFrame's servers required. Green means the record is untampered. Red means it was modified after signing.

01 — INDEPENDENT
No vendor trust required
Verification runs against the public Ed25519 key. GateFrame cannot alter a signed record retroactively.
02 — CRYPTOGRAPHIC
SHA-256 + Ed25519
Every DPR is hash-chained and signed. Any modification — even one byte — produces a different hash and breaks the signature.
03 — EXAMINER-FORMAT
Reg B §1002.9 aligned
The verification output maps directly to what OCC, CFPB, and state AG examiners require as defensible AI audit evidence.
Verification Input
PRODUCTION · /agentseal/verify + /sign hash check
Paste the full signed DPR JSON (from /sign or /evidence-pack output) JSON · signed_dpr field
Paste the EvidenceChain JSON (from AgentSeal /agentseal/verify input format) JSON · chain_id + records[]
Record Hash (SHA-256, 64-char hex)
Ed25519 Signature (128-char hex)
Public Key (optional — uses GateFrame's published key if empty)
Paste a DPR record and click Verify to check cryptographic integrity.
For Examiners — How to Read This Output
A green "Integrity Verified" result means the SHA-256 hash of the record content matches the hash that was signed with Ed25519 at decision time. No modification — to reason codes, model ID, applicant ID, timestamp, or any other field — is possible without breaking this verification. The verifying public key is published at gateframe-verification.netlify.app/?id=public-key and registered with GateFrame's independent trust anchor. This constitutes tamper-evident, independently verifiable AI decision evidence under US Treasury AI RMF Control 4.2, Reg B §1002.9, and DORA Article 8(1).
GateFrame
Evidence Pack Generator · Examiner-Format Output
Regulatory Grade

The document your examiner receives

Generate a formatted, printable evidence pack — the same document you hand to a CFPB, DFSA, or OCC examiner.

Select Scenario → Generate Evidence Pack
GateFrame
AI Enforcement Intelligence
Live Demo ↗
Research Tool
AI Enforcement Gap Database · Updated May 2026

Every CFPB AI enforcement action.
Every evidence gap that caused the penalty.
What GateFrame would have produced.

This is not a product brochure. It is a research tool. Compliance officers, model risk teams, and general counsel use it to understand their specific enforcement exposure before an examiner arrives.

14
Enforcement actions mapped
$847M
Total penalties in database
100%
Involved missing evidence
229 days
To Colorado SB26-189 effective date
Filter:
Enforcement Exposure Calculator
AI Use Case
Monthly AI Decisions
Jurisdiction
Massachusetts Attorney General · ECOA
EARNEST OPERATIONS LLC · AOD ¶71 · JULY 10, 2025
$2.5M MA AG settlement. Violation: inaccurate AI adverse-action notices failing to state specific reasons. AOD ¶71 mandates an internal algorithmic oversight team with appointed chairperson responsible for fair-lending testing, model inventories, documentation, and bias-concern response. GateFrame DPR is the evidence artifact that team produces.
Earnest Operations LLC — $2.5M Settlement
$2.5M
July 10, 2025
ECOA AI Model Adverse Action Model Risk
What Happened
Earnest used AI models for student loan underwriting that were trained in part on human loan officer decisions — inheriting and potentially amplifying existing biases. The Massachusetts AG found Earnest failed to test AI models for disparate impact and could not produce documentation showing the models' adverse action reasons were specific, accurate, and model-grounded.
⚠ Evidence Gap
No signed, timestamped record linking the model's SHAP output to the specific adverse action reasons issued to applicants. The model operator and lender were different entities with no documented delegation chain.
✓ GateFrame would have produced
A signed DPR for each decision: SHAP values → Reg B reason codes → Ed25519 signature. The delegation chain (model operator ≠ lender) documented in every record. Every adverse action notice linked to a cryptographically verified model output.
CFPB + DOJ · Fair Lending
Bank of America — $12M Settlement (AI-related component)
$12M
October 2023
ECOA Model Risk
What Happened
BofA's automated underwriting system produced discriminatory outcomes in mortgage applications. The CFPB found the bank could not demonstrate the specific factors driving automated denials, and lacked documentation connecting model scores to the adverse action notices issued to applicants.
⚠ Evidence Gap
Automated decision trail was logs inside the model vendor's system — not independently verifiable. No documentation of which model version authorized specific decisions or who in the institution authorized that version.
✓ GateFrame would have produced
Signed authority chain: model version → authorized_by (CRO) → authorized_at. Each adverse action linked to a specific model version, verifiable independently of the vendor's logs.
Securities Class Action · NDCA · Active May 2026
Upstart Holdings — Model 22 Securities Lawsuits (Active)
Active
Filed April 7, 2026
AI Model Model Risk
What Happened
Multiple securities class action lawsuits filed May 2026 allege Upstart misrepresented Model 22's performance. The central evidentiary dispute: whether Model 22 behaved consistently with what executives claimed, and whether that behavior can be reconstructed from the AI's actual decision records.
⚠ Evidence Gap
No signed, timestamped record of what Model 22 decided for each application and why. Dispute is about whether the model's behavior can be reconstructed — without a signed audit trail, it's a he-said-she-said between executives and evidence.
✓ GateFrame would have produced
A hash-chained audit trail of every Model 22 decision — SHAP values, decision, confidence score, model version, timestamp. Any party (plaintiff's counsel, court, examiner) could verify that the signed record matches the claimed behavior.
Northern District of California · Active
Mobley v. Workday — AI Hiring Discrimination (Active Discovery)
Active
Filed 2023, Discovery 2026
AI Model Adverse Action Model Risk
What Happened
Plaintiff alleges Workday's AI hiring tool discriminated based on race, age, and disability. Court ruled AI vendors can face direct discrimination liability under an "agent" theory. Case is in active discovery as of May 2026 — the central question is reconstruction of what Workday's AI actually did to applicants.
⚠ Evidence Gap
No signed, per-applicant record of what the AI scored and why. Discovery is attempting to reconstruct AI behavior from system logs that were not designed for legal evidentiary purposes.
✓ GateFrame would have produced
A signed AgentAction record for every hiring AI decision — feature weights, decision, reasoning, model version, authorized_by. Any plaintiff or defendant could independently verify the record without trusting Workday's servers.
Colorado Attorney General · Pending
Colorado SB26-189 SB26-189 — First Enforcement Class (67 Days)
$20K/violation
Effective January 1, 2027
AI Model Adverse Action
What Will Happen
Colorado's AI Act enforcement begins January 1, 2027. Any deployer of a high-risk AI system (credit, insurance, employment, housing) must maintain 3-year documentation of AI decisions on demand from the AG. $20,000 per violation. AG-only enforcement — no private right of action.
⚠ Evidence Gap (Prospective)
Most Colorado deployers using AI for credit or insurance underwriting have no documentation trail that meets the "on demand" requirement. Logs are not documentation. Logs inside the model vendor's system are not independently verifiable.
✓ GateFrame produces (right now)
Signed DPRs with 3-year retrievability via the DPR Registry. Colorado-specific reason code schema. One import change instruments any existing AI workflow before June 30.
CFPB Guidance · Regulatory Framework
CFPB Circular 2022-03 — Black Box AI Adverse Action
Framework
September 2023
ECOA AI Model Adverse Action
What the CFPB Said
CFPB Circular 2022-03 explicitly stated that adverse action notice requirements apply to all credit decisions including those made by "complex algorithms or AI." Creditors cannot use model complexity as an excuse for providing vague or boilerplate reasons. "The model said so" is not a specific reason.
⚠ The Structural Gap
SHAP explainability tools produce feature importance values. Converting those values to specific Reg B reason codes — automatically, consistently, and with a verifiable audit trail — has been a manual process at every lender. Manual = inconsistent = enforcement exposure.
✓ GateFrame automates this
POST /validate/ maps SHAP values → Reg B reason codes in sub-200ms. The mapping is signed alongside the decision. Every adverse action notice is backed by a cryptographic record of the exact SHAP values that produced it.
You now know your exposure. Here is the documentation infrastructure.
GateFrame produces signed, examiner-ready evidence records at the moment of AI decision. One API call. No infrastructure changes.
Live Demo → Request Pilot →
GateFrame
DPR Specification · v0.1
v0.1 · Apache 2.0

Decision Provenance Record
Specification v0.1

StatusProduction
LicenseApache 2.0 (spec only)
AuthorGateFrame Inc.
Priority DateApril 22, 2026
Reference Impl.Live API

Abstract

This specification defines two interoperable data structures for cryptographically verifiable AI decision evidence: the Decision Provenance Record (DPR v0.1) — a signed, tamper-evident record of a single AI-driven consequential decision — and the EvidenceChain v1 — a hash-linked, append-only sequence of agent action records.

These structures satisfy the evidentiary requirements of ECOA / Regulation B §1002.9, US Treasury AI Risk Management Framework (March 2026), DORA Article 8(1), EU AI Act Article 12, Colorado SB26-189 SB26-189 §6, and DIFC Regulation 10.

For counsel and examiners: A GateFrame DPR is not a log file. It is a signed record — produced at the exact moment of decision, cryptographically sealed, tamper-evident by construction. Any modification to any field after signing is cryptographically detectable. Verification is independent: the examiner calls GET /dpr/{id}/verify without trusting GateFrame's servers.

Priority Date
April 22, 2026
DPR v0.1 · EvidenceChain v1 · GateFrame Inc. · Apache 2.0
A2A Extension Proposal drafted · MCP SEP drafted

1. Cryptographic Primitives

Algorithms

All signatures use Ed25519 (RFC 8032). All hashes use SHA-256 (FIPS 180-4). All hash chains use binary Merkle tree construction. All binary encodings use lowercase hexadecimal.

Canonical Serialization

Before signing or hashing, a record MUST be serialized as UTF-8 encoded JSON with keys sorted lexicographically, no whitespace, and these fields excluded: signature, record_hash, merkle_position.

canonical = json.dumps(
    {k: v for k, v in record.items()
     if k not in ("signature", "record_hash", "merkle_position")},
    sort_keys=True,
    separators=(",", ":"),
    default=str
).encode("utf-8")

Record Hash

record_hash = SHA-256(canonical_bytes).hex()  # 64-char hex string

Signature

signature = Ed25519_Sign(private_key, bytes.fromhex(record_hash)).hex()  # 128-char hex

Chain Link

First record: prev_hash = null. Subsequent records: prev_hash = record_hash of previous record.

2. Decision Provenance Record (DPR v0.1)

Schema

FieldTypeDescription
decision_idstring (UUID v4)Unique identifier for this decision record
dpr_version"0.1"Specification version. Embedded in every record.
created_atISO 8601 UTCTimestamp at moment of decision, not post-hoc
decisiondeny | approve | approve_with_conditions | referThe AI decision
decision_confidencefloat [0,1]Model confidence score
model_idstringIdentifier of the AI model that produced the decision
model_versionstringModel version at time of decision
algorithm_typestringAlgorithm family (e.g. GradientBoostedTree)
authorized_bystringRole or identifier who authorized the model deployment
authorized_atISO 8601 UTCWhen the model deployment was authorized
policy_versionstringVersion of the reason code library applied
model_operator_idstringIdentifier of the model operator (may differ from lender)
executing_institution_idstringInstitution that issued the adverse action
delegation_presentbooleanTrue when model operator ≠ executing institution
adverse_action_reasonsarrayRanked Reg B reason codes (see §2.2)
application_idstringApplicant's application reference
input_hashSHA-256 hexHash of the input SHAP values and applicant context
reg_b_compliantbooleanWhether reason codes satisfy §1002.9(b)(2)
record_hashSHA-256 hex (64 chars)Hash of the canonical DPR content
signatureEd25519 hex (128 chars)Signature over record_hash bytes

Adverse Action Reason Object

FieldTypeDescription
rankinteger 1–4Ranking by SHAP weight (1 = highest adverse impact)
reg_b_codestringOfficial Reg B Appendix C reason code number
gateframe_code_idstring (GF-XXX)GateFrame internal code identifier
consumer_textstringRequired consumer-facing reason text (§1002.9(b)(2))
examiner_descriptionstringTechnical description for examiner review
reg_b_citationstringFull regulatory citation
shap_featurestringSHAP feature name that mapped to this reason code
shap_weightfloatSHAP feature importance weight

3. EvidenceChain v1

An EvidenceChain is an ordered, hash-linked sequence of AgentAction records. Each record includes the SHA-256 hash of the previous record, creating a chain where tampering with any record invalidates every subsequent record.

Chain Verification

For each record at index i, a verifier MUST assert:

  1. Hash integrity: SHA-256(canonical(record)) == record.record_hash
  2. Chain link: if i > 0, then record.prev_hash == records[i-1].record_hash
  3. Signature: Ed25519_Verify(public_key, record.record_hash, record.signature) == True

The chain is valid if and only if all three assertions pass for every record.

4. Regulatory Mapping

FrameworkKey DPR FieldsRequirement Satisfied
ECOA / Reg Badverse_action_reasons, authorized_by, delegation_present§1002.9(b)(2) specific reason codes, authority chain
US Treasury AI RMFrecord_hash, signature, model_idControl 4.2 — tamper-evident AI decision records
DORA Art. 8(1)prev_hash, chain verification, authorized_byICT risk documentation, independent verifiability
EU AI Act Art. 12dpr_version, created_at, model_idHigh-risk AI system record-keeping
Colorado SB26-189adverse_action_reasons, decision, reg_b_compliantAlgorithmic decision disclosure
DIFC Reg 10Full DPR + chain verification endpointAI governance documentation for DFSA examination

5. Verification Protocol

Online Verification (Recommended for Examiners)

Two endpoints available. Use the DPR registry for individual decisions; use the chain endpoint for ExaminerPack bundles.

GET https://gateframe-api.netlify.app/dpr/{decision_id}/verify

Response:
{
  "valid": true,
  "hash_verified": true,
  "signature_present": true,
  "decision_id": "...",
  "record_hash": "...",
  "regulatory_basis": ["US Treasury AI RMF Control 4.2", "Reg B §1002.9", "DORA Art. 8(1)"]
}

Chain verification (ExaminerPack)

POST https://gateframe-api.netlify.app/agentseal/chain/verify · /sign/batch
X-API-Key: gf-demo-key-2026
Content-Type: application/json

{ "chain_export": <ExaminerPack JSON from export.py or /evidence-pack> }

Response:
{
  "valid": true,
  "action_count": 3,
  "verified_at": "2026-04-24T10:00:00Z",
  "broken_at": null,
  "signer_key_fingerprint": "a3f9c2e1b4d80012",
  "chain_hash_root": "e3b0c44298fc1c14...",
  "verification_log": [
    {"seq": 0, "hash_valid": true, "sig_valid": true, "link_valid": true},
    {"seq": 1, "hash_valid": true, "sig_valid": true, "link_valid": true},
    {"seq": 2, "hash_valid": true, "sig_valid": true, "link_valid": true}
  ]
}

Offline Verification (No GateFrame Server Trust Required)

Obtain the public key from GET /agentseal/health. Then:

1. Reconstruct canonical JSON (sort keys, no whitespace, exclude signature/record_hash)
2. derived_hash = SHA-256(canonical_bytes).hex()
3. Assert derived_hash == record.record_hash
4. Assert Ed25519_Verify(public_key, bytes.fromhex(record_hash), bytes.fromhex(signature))

Trust model: GateFrame is the notary, not the author. The institution's General Counsel authors the reason code library. GateFrame signs the application of that library to a specific decision. Liability for the reason text remains with counsel — GateFrame provides the signing infrastructure and independent verifiability.

6. API Authentication

Authentication Scheme

All API endpoints (except /, /health, /agentseal/health) require an X-API-Key header.

curl -H "X-API-Key: gf-demo-key-2026" \
     https://gateframe-api.netlify.app/validate/
Key TypeAccessRate Limit
Demo key: gf-demo-key-2026All endpoints, evaluation only100 req/day per IP
Pilot key (per institution)Full access, audit loggingNegotiated per pilot SLA

Pilot keys: contact shankar@gateframe.io. Keys are institution-scoped and logged for audit purposes.

7. Security & Data Handling

Data Processing

  • SHAP values and decision records are processed in AWS Lambda (us-east-1). No data is retained beyond the request unless explicitly stored via POST /dpr/.
  • DPR records stored via the registry endpoint are persisted in SQLite on the Lambda instance. Records are not transmitted to third parties.
  • No PII is required by any GateFrame endpoint. Application IDs are client-generated references; GateFrame does not process applicant personal data.
  • The Ed25519 signing key is stored as an encrypted environment variable in AWS Lambda. It is never logged or transmitted.

Uptime & SLA (Pilot)

  • Target availability: 99.5% during pilot period
  • Response time: Sub-200ms for all signing operations (p95)
  • Support: Email response within 24 business hours during pilot
  • Production SLA: Negotiated per enterprise contract. SOC 2 Type I in progress (Month 2).

Database: PostgreSQL on AWS RDS: The current DPR registry uses SQLite in /tmp — ephemeral storage that resets on cold starts. For production pilots, DPR persistence will be migrated to a managed PostgreSQL instance. This migration is scheduled for Month 2 of the funded sprint.

8. Reference Implementation

ResourceURL
Live APIgateframe-api.netlify.app/docs
SDKpip install agentseal
Tamper proof demogateframe-control-tower.netlify.app
Evidence pack previewgateframe-control-tower.netlify.app
Verification portalgateframe-verification.netlify.app
Chain verify endpointPOST https://gateframe-api.netlify.app/agentseal/chain/verify · /sign/batch — accepts full ExaminerPack JSON, returns per-record verification log
Spec (this page)dpr-spec.netlify.app

9. Conformance

An implementation is conformant with this specification if:

  1. Records produced by the implementation pass the verification protocol in §5
  2. The canonical serialization in §1 is followed exactly
  3. The dpr_version field is present and set to "0.1" in every record
  4. Every record includes record_hash (SHA-256, 64-char hex) and signature (Ed25519, 128-char hex)

GateFrame Inc. · shankar@gateframe.io · gateframe.io
Apache 2.0 License — specification only. Reference implementation is proprietary.
Priority date: April 22, 2026 · Version: DPR v0.1 · EvidenceChain v1

Three frameworks. One standard. Zero new infrastructure.
pip install agentseal-gateframe  ·  Ed25519 + SHA-256 + Merkle chain  ·  EU AI Act Art. 12 per-action granularity
$
pip install agentseal-gateframe
PyPI · Apache 2.0 · patent pending 64/067,547
🔗 LangChain / LangGraph
🤖 AutoGen v0.4
👥 CrewAI
INTEGRATION (3 LINES)
# Install once
pip install agentseal-gateframe langchain-core

# 3 lines in your agent
from agentseal.integrations.langchain_callback import AgentSealCallback
cb = AgentSealCallback(tenant_id="your-firm", api_key="gf-key")
agent = AgentExecutor(agent=agent, tools=tools, callbacks=[cb])
WHAT GETS SIGNED (4 HOOKS)
on_agent_action
Agent DECIDES to invoke a tool — the reasoning step. Legally material under EU AI Act Art. 12.
on_tool_end
Tool RETURNS a result — the execution record. Hash of output preserved.
on_chain_end
LCEL chain / LangGraph node exits. Critical for multi-agent supervisor patterns.
on_agent_finish
Agent produces FINAL output — seals the evidence chain for this session.
WHY 4 HOOKS MATTER: on_tool_end alone produces 5 records for a 10-step workflow. on_agent_action + on_chain_end + on_agent_finish completes the reasoning trace. EU AI Act Article 12 requires the complete decision trace — not just tool outputs. Without on_agent_action, every LangGraph workflow is legally insufficient.
EVIDENCE OUTPUT — WHAT EVERY DPR CONTAINS
🔐
Ed25519 SIGNED
Every record cryptographically signed at moment of action
HASH-CHAINED
SHA-256 chain links every record to previous — tamper breaks chain
📋
CFPB FORM C-1
SHAP values → Reg B reason codes → examiner-ready output
INDEPENDENTLY VERIFIABLE
No GateFrame required. Public key + Ed25519 verify offline.
Embed compliance status in any dashboard. Zero dependencies.
3 lines of HTML · CCO sees it → "can we expand this?" → $25K pilot conversation · Revenue flywheel with zero cold outreach
LIVE WIDGET
GateFrame
247
Signed DPRs
2m ago
Last Signed
Chain Live
Last DPR ID
dbbe7f86-e214-4711-...
⚠ Colorado SB26-189 · Jan 1, 2027
Est. exposure without GateFrame: $4,940,000
Live Demo →
Request Pilot
EMBED CODE — 3 LINES
<!-- Step 1: container -->
<div id="gateframe-widget"></div>

<!-- Step 2: embed script -->
<script src="https://gateframe-api.netlify.app/widget.js"
        data-key="YOUR_API_KEY"
        data-lender-id="your-institution">
</script>
data-theme
"dark" (default)
"light"
data-compact
"true" for nav bars
sidebar embed
data-refresh
Auto-refresh seconds
default: 60
DISTRIBUTION FLYWHEEL — NO COLD OUTREACH REQUIRED
Widget embedded (free)
CCO sees DPR count daily
Asks "can we expand this?"
$25K pilot conversation
$150K ARR contract
SERIES A COMPARABLE — AXIOM MATH · MARCH 2026
$200M Series A · $1.6B+ pre-money · Menlo Ventures · Zero ARR disclosed. Axiom Math is UPSTREAM of decisions (formal verification that AI code is correct). GateFrame is DOWNSTREAM — the signed receipt of what decisions were actually made. Every Axiom Math-verified system needs GateFrame DPR. They are complements. Infrastructure primitive multiple confirmed: market pays for verified-AI primitives at $1.6B before revenue.
FAR 6.302-1 DESTINATION · CHAINALYSIS PATTERN
Chainalysis IRS contract: $34,432,673 sole-source (March 30, 2026). FAR 6.302-1 justification: "not offered by any competitors, in any form." GateFrame replicates this via CFPB examiner normalisation on DPR format. First examiner citation → "only one responsible source" justification fires. US Treasury FS-AI RMF (Feb 2026): 230 control objectives requiring examiner-ready AI decision artifacts — active NOW.
Standards & Proof Points — Series A Tracker
4 GREEN proof points → Series A trigger · WitnessAI raised ~$85M total without these
SERIES A PROOF POINT TRACKER
🟢 GREEN
MCP SEP Filed
PR to modelcontextprotocol/seps/ — tamper-evident tool-call receipts. Investor-verifiable in 30 seconds by URL.
Day 1 action
🟡 AMBER
DFSA ITL Submitted
Innovation Testing Licence pre-application. 4-8 weeks to IPA → DIFC pilot LOI in 60-90 days. IPA = GREEN.
Day 3 action
🔴 RED
First Paid Pilot ($25K+)
Emirates NBD email sent 7AM May 18. Meeting = AMBER. Signed contract = GREEN. This is the unlock.
Day 1 priority
🔴 RED
Regulator DPR Acknowledgment
DFSA Thematic Assessment references DPR format in examination finding. Cite in Series A deck. Moat complete.
Day 90 target
🟡 AMBER
SOC 2 Type I In Audit
Sprinto $15K → removes #1 enterprise procurement blocker. Unlocks $150K contracts from $25K pilots.
Day 1 — $15K
9-VERTICAL EXPANSION SEQUENCE
NOW · V1
AI Lending / ECOA
$1.42B market · Earnest consent order active · 23 AG coalition · $80–300K ACV
NOW · V2
Insurance AI
Munich Re HSB March 2026 · Claims reconstruction · $50–500/investigation · No procurement
MONTH 2–6 · V5
DIFC / UAE Sovereign AI
DFSA ITL · G42/Mubadala network · $25K pilot → $75–200K annual · Founder home market
MONTH 2–6 · V3
EU AI Act High-Risk
77 days to enforcement · Art. 12 tamper-evident logs · Freshfields advisory route · €80–400K ACV
MONTH 6–9 · V4
EU PLD
Dec 9, 2026 · Presumed defective without evidence · Strict liability · Law firm advisory route
MONTH 6–9 · V6
MCP / Agentic Economy
SEP-0012 filed · Every Claude deployment · 1% KYAPay × $0.50/DPR = $2.5M MRR
MONTH 9–12 · V7
Healthcare / FDA SaMD
HIPAA + FDA SaMD · $100–500K ACV · ANCHOR-triggered · DPR v0.2
MONTH 9–12 · V8
HR / Employment AI
Colorado SB26-189 · EEOC · EU AI Act Annex III · $40–150K ACV per platform
YEAR 2 · V9
Industrial AI / EU Annex III
Siemens, ABB, Schneider · Aug 2 2026 · DORA ICT risk field · $100–400K ACV
$2.7M
Month 12 ARR
11 contracts · 4 verticals · 3 jurisdictions
$300M
Series A Pre-Money
Infrastructure multiple · Not ARR multiple
$8.6B
Chainalysis Target
$34.4M sole-source contract · FBI/IRS · Sole standard
Sentinel Console — Live Evidence Chain
Real decisions · Real cryptographic signatures · Real policy enforcement · Powered by gateframe-api.netlify.app
Select a scenario to run
Emirates NBD · Lending Underwriter Agent
Select Path A or Path B to run a live scenario
Click "Path A" or "Path B" above to run a live demo scenario
L
Lending Underwriter Agent
Principal Head of Retail Credit
Framework LangChain
Trust Score 98.2
Max Loan AED 500,000
Status ● ACTIVE
IPR Chain
Awaiting scenario run...
COMPETITIVE BRIEF · MAY 2026 · GATEFRAME INC.
Security Monitoring Is Not Legal Evidence
Why your AI audit tool will fail a CFPB examination
Every enterprise AI governance vendor claims "auditor-ready" or "regulator-ready" evidence. None will help you pass a CFPB examination. A CFPB examiner does not ask whether your AI was governed — they ask for a specific statement of principal reasons for the adverse action, derived from factors actually scored by the model, in ECOA Regulation B §1002.9 format. These are categorically different questions.
SECURITY MONITORING
WitnessAI · Geordie · Noma · OpenBox AI
Answers: "Did my AI agent behave within policy?" Observes runtime behavior, enforces policies, detects anomalies. Essential for security ops. Irrelevant to a CFPB examiner.
WitnessAI · $85M+
Runtime defense + agent discovery. $58M Series B Jan 2026. No examiner-format ECOA output confirmed. May 2026 blog references Reg B — awareness is not production.
OpenBox AI · $5M · March 2026
ECDSA P-256 via AWS KMS. Session-level Merkle roots — one cert per session, not per decision. No ECOA output. No SHAP mapping. No CFPB Form C-1. Proves governance, not legal compliance.
Geordie AI · RSAC 2026 Winner
Behavioral observability and real-time mitigations. CISO buyer, not CCO. No ECOA adverse action output. $6.5M seed + $5M post-RSA follow-on.
AgentTraceHQ — Their Own Words
"The hash chain verification feature does not constitute a legal guarantee or certification of data integrity. You are responsible for evaluating whether the Service meets your specific regulatory and compliance requirements."
— AgentTraceHQ ToS, Section 7, March 6, 2026
LEGAL EVIDENCE PRODUCTION
GateFrame — The Only Production API
Answers: "Can I prove to a CFPB examiner exactly what reason my AI used to deny this application?" Tamper-evident, cryptographically signed, examiner-verified at the moment of decision.
Ed25519 · DECISION-LEVEL SIGNING
Every individual AI decision signed at moment of action — not session-level. The legally material unit is the decision, not the session.
27 ECOA CODES · 220 SHAP MAPPINGS
SHAP values mapped to Reg B reason codes, output as CFPB Form C-1. Examiner-ready. No competitor produces this format.
DUAL-SIGNATURE · INDEPENDENTLY VERIFIABLE
Decision-holder + independent verifier both sign. Eliminates the hearsay problem that makes centrally-controlled logs inadmissible without a business records foundation.
DESIGNED TO BE THE LEGAL GUARANTEE
"GateFrame DPR is designed specifically to be that legal guarantee — the architecture AgentTraceHQ cannot offer and will not remove from their Terms of Service."
CFPB EXAMINATION REQUIREMENTS — TECHNICAL GAP TABLE
Requirement GateFrame OpenBox WitnessAI AgentTraceHQ
CFPB Form C-1 adverse action output
SHAP → Reg B reason codes (220 mappings)
Per-decision signing (not session-level)
Ed25519 (not ECDSA P-256)
Independently verifiable without operator
Legal guarantee (per vendor ToS) DESIGNED FOR THIS Not stated Not stated "does not constitute a legal guarantee"
STANDARDS LANDSCAPE — MAY 2026
VERIDIC Inc — IETF Draft
draft-emirdag-scitt-ai-agent-execution-00 (April 2026). SCITT profile for AI agent evidence. ECDSA P-256, session-level, zero ECOA output. Expires October 15, 2026. GateFrame: co-authoring financial-services profile + Ed25519 + ECOA layer.
FIDO Alliance Agentic WG (April 28, 2026)
Google + Mastercard + 250 members. Agentic Authentication standard. GateFrame positions DPR as complementary to FIDO (authentication layer) and primary at evidence-custody layer.
GateFrame is the only participant in this space with a commercial product, live API, PyPI SDK, and US patent.
VERDICT — CONFIRMED UNCONTESTED · MAY 2026
GateFrame DPR is the only production API that produces: Ed25519-signed, SHA-256 Merkle-chained, independently verifiable, ECOA Regulation B formatted, CFPB Form C-1 compliant, SHAP-mapped adverse action records at the moment of each AI decision.
That is not a product feature. It is a legal instrument. No competitor has shipped this.
gateframe-api.netlify.app
USPTO 64/067,547
DPR Spec v0.1 Apache 2.0
pip install agentseal-gateframe