Components
This page describes each infrastructure component in an Enterprise Hybrid deployment, its role, and its resource requirements.
Your Infrastructure Components
SDK Library
The Veriproof SDK is a library embedded in your AI application. It intercepts model calls and tool invocations to record session data locally.
| Attribute | Details |
|---|---|
| Type | In-process library (not a sidecar or agent) |
| Languages | .NET, Python, TypeScript |
| Mode config | DeploymentMode.EnterpriseHybrid in VeriproofRestOptions |
| Outbound | Writes to your PostgreSQL DB + your Azure Key Vault |
| External calls | HTTPS to api.veriproof.app/v1/enterprise/commitments only |
The SDK does not spawn background processes or maintain persistent connections. Each session commits its hash synchronously at finalization time.
PostgreSQL Database
The primary data store for session data, governance scores, audit logs, and user accounts.
| Attribute | Details |
|---|---|
| Type | PostgreSQL 15 or later |
| Deployment | Your Azure Database for PostgreSQL Flexible Server, or self-managed |
| Min compute | 4 vCPU, 16 GB RAM for production workloads |
| Storage | Size varies by session volume; plan for ~2 KB/session |
| Extensions required | uuid-ossp, pgcrypto |
| Encryption at rest | Enable Azure Disk Encryption or equivalent |
| Backups | Enable point-in-time restore (minimum 7-day window) |
The database schema is applied via Veriproof’s idempotent migration scripts, run as part of the deployment process.
Azure Key Vault
Stores the pepper key (HKDF master secret) and per-data-subject encryption salts.
| Attribute | Details |
|---|---|
| Type | Azure Key Vault (Standard or Premium SKU) |
| Access | Managed Identity from your application and portal |
| Required permissions | get, set, delete on secrets |
| High availability | Azure Key Vault is zone-redundant by default |
| Soft delete | Enable soft delete and purge protection |
Enable purge protection on your Key Vault. This prevents pepper keys and salts from being permanently deleted within a 90-day purge protection period, protecting against accidental or malicious destruction of encrypted data.
Self-Hosted Customer Portal
The Veriproof Customer Portal frontend and backend Function App, deployed in your Azure subscription.
| Component | Deployment target | Notes |
|---|---|---|
| Frontend (React SPA) | Azure Static Web Apps or Nginx | Served as static assets with signed deployment-config.json |
| Customer Functions API | Azure Functions (Isolated) | .NET 10 isolated worker process |
| Ingest Functions API | Azure Functions (Isolated) | Handles SDK session commits |
Resource requirements for the Function Apps:
| Attribute | Minimum | Recommended |
|---|---|---|
| Plan | Consumption or Flex | Premium EP1 (for VNet support) |
| Memory | 512 MB | 1.5 GB |
| Timeout | 230 sec (default) | 600 sec (for large exports) |
Veriproof Cloud Components
These components are operated by Veriproof and require no configuration from you.
Enterprise Commitment API
Receives 32-byte hashes and timestamps from hybrid-mode SDK instances. Stores them in the commitment queue for batch anchoring to Solana.
- Endpoint:
POST /v1/enterprise/commitments - Authentication: Your enterprise API key (
vp_enterprise_...) - Payload size: 48 bytes per session (32-byte hash + 8-byte timestamp + 8-byte session ID)
- Rate limit: 1,000 commitments/second (burst); contact support for higher limits
Blockchain Worker
A scheduled function that batches pending commitment hashes into a Merkle tree, constructs a commitments_mtree Solana instruction, and submits a transaction. Runs every 60 seconds.
Solana Blockchain
The commitment Merkle tree root is written as data in a Solana transaction on mainnet. This transaction is permanent and publicly verifiable. Veriproof uses the CMT (commitment) program for all anchor transactions.
Dependency Graph
Your AI Application
│
│ (in-process)
▼
SDK Library
│
┌────┴────┐
▼ ▼
Your DB Your Key Vault
▲ ▲
│ │
└────┬────┘
│ (hash only)
▼
Enterprise Commitment API (Veriproof)
│
▼
Blockchain Worker (Veriproof)
│
▼
Solana MainnetThe self-hosted portal reads from Your DB and communicates with Enterprise Commitment API only for commitment status queries (not for session data).
Optional Components
OTel Collector
If you have an OpenTelemetry Collector deployed in your environment, the Veriproof SDK and portal can export traces, metrics, and logs to it. This integrates governance and session quality signals with your existing observability stack (Grafana, Prometheus, Datadog, etc.).
Configure via POST /v1/otel/export settings in the portal.
Notification Relay
For Slack and Teams alert notifications from a self-hosted portal, the portal’s notification channel webhooks call Microsoft Teams Incoming Webhook URLs or Slack web APIs directly from your infrastructure — no Veriproof relay is involved.
External Audit Access
The CustomerAuditor access system (/v1/auditoraccess) allows external auditors to be granted time-limited, scoped access to specific audit engagements directly in your self-hosted portal. No data is transmitted to Veriproof for this purpose.