HERMAUDE.
Two minds witness.
One receipt proves.
A provenance protocol for AI output. Two independent models — one open-weight, one closed-weight — witness every prompt. Each response carries a canonical SHA-256 hash, optionally sealed on Solana. Anyone can verify.
01 Abstract
HERMAUDE is a protocol for AI output provenance. Today, an AI model can produce confident text that looks indistinguishable from careful reasoning — but there is no built-in way to attest to what was said, by which model, against which prompt, at what time.
HERMAUDE solves this by running every prompt through two independent witnesses — Hermes (an open-weight model from Nous Research) and Claude (a closed-weight model from Anthropic). Their responses are bundled with a canonical hash, stored as a receipt, and optionally sealed on Solana.
The result is a portable, verifiable, tamper-evident record of every AI output: two witnesses, one receipt, one truth.
02 The problem
AI is being deployed at scale across high-stakes domains:
- Legal contracts use AI to draft, summarize, and review clauses
- Medical notes are partially written by AI scribes
- Research papers cite AI-generated literature reviews
- Crypto trading desks act on AI-generated theses
None of this output carries provenance. There is no receipt. No second opinion. No timestamped record. If a model hallucinates a clause, mis-summarizes a study, or fabricates a citation, the harm is real — but the trail is gone.
HERMAUDE removes this asymmetry. It does not promise that AI is always right. It promises that whatever the AI said, someone else also saw it say something — and the record is signed.
03 How HERMAUDE works
Every HERMAUDE receipt is generated in four steps:
Both witnesses run independently — there is no relay between them. Hermes does not see Claude's response. Claude does not see Hermes'. They are not given knowledge that they are being watched. This is essential: the value of two witnesses comes from their independence.
04 The receipt
Every receipt is a JSON object with a stable canonical form. Once the receipt is built, it is serialized into canonical UTF-8 JSON and SHA-256 hashed. The hash is the receipt's identity.
{
"id": "HMAUDE-2026-0514ABCDEF",
"version": "1.0",
"createdAt": "2026-05-14T15:00:00.000Z",
"prompt": "Should AI agents trade crypto autonomously?",
"promptHash": "dfd995e78bb65fa6...",
"witnesses": {
"a": {
"role": "hermes",
"response": {
"model": "nousresearch/hermes-4-405b",
"output": "...",
"tokensIn": 74,
"tokensOut": 81,
"latencyMs": 1860
}
},
"b": {
"role": "claude",
"response": {
"model": "claude-haiku-4-5",
"output": "...",
"tokensIn": 64,
"tokensOut": 77,
"latencyMs": 942
}
}
},
"consensus": {
"score": 44,
"verdict": "disputed",
"breakdown": {
"jaccard": 0.22,
"cosine": 0.27,
"lengthRatio": 0.98,
"structural": 1.0
}
},
"hash": "eff0ba50dc894faba4cceb7d697d6346..."
}A receipt is portable. A receipt is signed. A receipt cannot be edited without changing the hash.
05 Consensus algorithm
HERMAUDE computes a 0-100 consensus score using four lexical and structural signals:
| Signal | What it measures | Weight |
|---|---|---|
| Jaccard | Vocabulary overlap (shared content words / union) | 30% |
| Cosine | TF-IDF cosine similarity (semantic vector closeness) | 40% |
| Length ratio | How similarly long the two outputs are | 15% |
| Structural | Match in numbered lists, bullets, code blocks, etc. | 15% |
The score is mapped to a verdict:
verified— score ≥ 75 — both witnesses substantially agreedpartial— score 45–74 — material overlap, some divergencedisputed— score < 45 — independent reasoning produced different conclusions
Future versions will add an optional semantic-embedding consensus signal weighted alongside the lexical signals.
06 Solana mint
Every receipt is identified by its SHA-256 hash. By default, this hash is stored in the HERMAUDE vault (Supabase, indexed for public retrieval). $HMAUDE holders unlock an additional capability: on-chain minting.
On-chain minting uses an Anchor program deployed to Solana. The hash is written into a program-derived account (PDA) along with a consensus score, timestamp, and receipt ID. Once written, the receipt is immutable, globally retrievable, and cryptographically inseparable from Solana's history.
Mint cost: ~0.001 SOL per receipt. Subsidized by the operations wallet, funded by $HMAUDE trading fees.
// Anchor instruction
pub fn mint_receipt(
ctx: Context<MintReceipt>,
hash: [u8; 32],
score: u8,
timestamp: i64,
receipt_id: String,
) -> Result<()>The PDA seed is [b"receipt", hash[..32]], making receipt addresses deterministic from the hash itself. Any verifier can independently derive the PDA, read the on-chain account, and confirm the receipt was sealed at a specific Solana slot.
07 $HMAUDE token
$HMAUDE is a fair-launch token on Solana via pump.fun. 1 billion supply, zero allocation to team or VC, no presale. Every $HMAUDE is bought from the open market.
| Parameter | Value |
|---|---|
| Symbol | $HMAUDE |
| Network | Solana (SPL Token) |
| Supply | 1,000,000,000 (fixed, non-mintable) |
| Launch | pump.fun · 14 May 2026 · 15:00 UTC |
| Allocation | 100% public via bonding curve |
| Trading fees | Route to operations wallet (transparent on-chain) |
The operations wallet is multisig-controlled and funds:
- Hermes infrastructure (OpenRouter API costs initially; self-hosted GPU in Phase 2)
- Claude API costs (Anthropic)
- Solana mint fees for holder receipts
- Continued protocol development
$HMAUDE is a utility token. It gates access to higher receipt tiers (see §08). It does not represent equity in any entity, revenue share, dividend, or claim on protocol assets.
08 Tier benefits
HERMAUDE has three tiers, gated by $HMAUDE balance:
| Tier | Required | Benefits |
|---|---|---|
| Free | 0 $HMAUDE | 1 receipt / 24h · vault-stored hash · public viewer · watermarked share card |
| Holder · Tier 1 | ≥ 100K $HMAUDE | Unlimited receipts · on-chain Solana mint · custom branding · bulk API · confidence band controls |
| Holder · Tier 2 | ≥ 1M $HMAUDE | All Tier 1 + white-label verifier widget · embed SDK · custom witness config · priority queue |
Tier is computed from the holder's connected Solana wallet at the time of generation. Verification is read-only — HERMAUDE never spends, transfers, or interacts with holder wallets.
09 Use cases
1. Contract review.
Legal teams paste a clause into HERMAUDE and get a sealed receipt of two independent AI interpretations. If the contract is later disputed, the receipt is documentary evidence that two AI agreed (or didn't) on what the clause meant at signing time.
2. Medical AI scribes.
A doctor's AI-generated note can be passed through HERMAUDE before being added to the patient record. The hash is logged alongside the note; if the patient or insurer ever queries it, the original AI output is retrievable and verifiable.
3. Research provenance.
Citing an AI summary of a paper is currently impossible to verify. HERMAUDE produces a receipt for the summary, which can be cited like a primary source — HMAUDE-2026-XXXX — and anyone can later retrieve the exact two-witness output.
4. Trading thesis logs.
Crypto and quant desks generate trade theses with AI. HERMAUDE logs each thesis as a receipt before the trade is executed, providing post-hoc audit trail that the rationale was hashed before the outcome was known.
5. Journalism & op-ed sourcing.
Reporters using AI to draft, summarize, or fact-check can publish HERMAUDE receipts alongside articles — proof that the AI was consulted, what it actually said, and where the writer departed from it.
6. Customer-facing AI compliance.
Companies running AI customer support can include a HERMAUDE hash in every transcript. This becomes audit material for regulators concerned with biased, hallucinated, or inconsistent AI responses.
10 Roadmap
Phase 1 — Genesis (May 2026, NOW)
- Devnet preview live with waitlist gating (1 receipt / 24h free)
- $HMAUDE fair launch on pump.fun · 14 May 2026 15:00 UTC
- Anchor program deployed to Solana mainnet
- Token-gated tier system live
Phase 2 — Verification (Jun-Aug 2026)
- Public receipt viewer page (hermaude.xyz/r/[hash])
- Open-source verification SDK (TypeScript + Rust)
- Self-hosted Hermes inference (cost optimization)
- Semantic consensus signal (embedding-based)
- Holder dashboard (full receipt history, search, export)
Phase 3 — Expansion (Q3-Q4 2026)
- Third witness option (configurable: GPT, Gemini, Mistral, etc.)
- API for institutional clients (auth, SLA, dedicated queue)
- White-label embed widget
- Cross-chain settlement (Ethereum, Base)
Phase 4 — Sovereignty (2027+)
- Fully on-chain witness selection
- Community-governed witness pool
- Distributed witness verification (multiple inference providers)
11 Tech stack
HERMAUDE is built with production-grade open infrastructure:
| Layer | Component |
|---|---|
| Witness A | Hermes 4 405B via Nous Research / OpenRouter |
| Witness B | Claude (Anthropic API · current: Haiku 4.5 · upgrading to Opus 4.7 post-launch) |
| Backend | Fastify + TypeScript on Railway |
| Database | Supabase (Postgres + RLS) |
| Chain | Solana · Anchor 0.31 · Rust |
| Hashing | SHA-256 of canonical JSON |
| Frontend | Vanilla HTML/CSS/JS · no SPA |
| Hosting | Hostinger (static) + Railway (API) |
The full backend source is private. Core protocol components — the consensus algorithm, receipt schema, and Anchor program — will be open-sourced under MIT in Phase 2.
12 FAQ
version: "1.0") so future model upgrades are transparent. Receipts generated under older versions remain verifiable indefinitely.13 References & links
- Live preview: hermaude.xyz/generate.html
- Landing: hermaude.xyz
- X / Twitter: @hermaude
- Telegram: t.me/hermaude
- GitHub: github.com/hermaude
- Nous Research (Hermes): nousresearch.com
- Anthropic (Claude): anthropic.com
- Solana: solana.com
- pump.fun: pump.fun
Generate your first receipt.
Free tier · No wallet required · 1 receipt per 24h