Verify a Lucairn certificate.
No account required.
Paste a certificate URL, a request_id, or the full JSON. We render the chain — sanitizer manifest, bridge claim, sandbox isolation, witness signature, TSA timestamp, Rekor inclusion proof — so you can check it yourself, without trusting us.
Paste anything that
identifies the cert.
We accept a Lucairn gateway URL, a bare request_id, or a pasted cert JSON. The summary view is free-tier and public; full JSON is Pro+ and requires the cert owner's tier — when that's the case, we surface the public summary view instead.
What the chain
actually proves.
Each section in the result is an independent layer of evidence. You don't have to trust Lucairn for any of them — the cryptography and the public anchors do the work.
Which PII layers ran (Presidio + ensemble + L3 LLM-shield), how many redactions, what types. The hash of this manifest is signed; tampering invalidates the witness signature.
The ID Bridge's signed statement that pseudonyms were issued and the canonical payload is what was actually sent into Sandbox B. Holds the org_id, but never the underlying identity record.
Result of the runtime invariant check that Sandbox A (identity) and Sandbox B (inference) never shared state on this request. The TLA+ specification of the invariant is shared with evaluating customers under NDA during private preview.
Ed25519 signature over the canonical JSON of the receipt. The witness key is generated and held in the customer's zone — Lucairn never sees it. Forgery requires the customer's key.
RFC 3161 trusted-timestamp authority binds the receipt hash to a specific moment. Sigstore Rekor commits the entry to a public append-only Merkle log. Replay an inclusion proof against the public log to confirm the timestamp without contacting Lucairn.
Every request you route through Lucairn
gets one of these.
Free tier mints public summaries on every response. No setup beyond your API key. Pro+ adds full JSON, Rekor inclusion checks, and audit-log retention policy controls.