Protocol vs. Verify

Ratify is two products, one protocol. The split is intentional and the boundary is sharp.

The short version

You need…	You use…	License	Pricing
To create, present, or verify proof bundles in code	The open protocol + SDKs	Apache-2.0 (SDKs) + CC-BY-4.0 (spec)	Free, forever
Hosted infrastructure around proofs — revocation lists, audit archive, key custody, policy engine, adapter enforcement (meetings/voice/API/physical AI)	Ratify Verify (managed)	Commercial	Per-verification + per-seat
Self-hosted Verify in your VPC / on-prem	Ratify Verify Enterprise	Commercial license + customer-controlled keys	Custom

Pick a path

                   ┌────────────────────────────────────────┐
                   │  What are you building?                │
                   └─────────────────┬──────────────────────┘
                                     │
            ┌────────────────────────┼────────────────────────┐
            ▼                        ▼                        ▼
  ┌──────────────────┐  ┌─────────────────────┐  ┌─────────────────────┐
  │ An AI agent that │  │ A platform that     │  │ An enterprise that  │
  │ needs to PROVE   │  │ HOSTS AI agents for │  │ wants to AUTHORIZE  │
  │ what it can do.  │  │ many customers.     │  │ AI usage at scale.  │
  └────────┬─────────┘  └──────────┬──────────┘  └──────────┬──────────┘
           │                       │                        │
           ▼                       ▼                        ▼
  ┌──────────────────┐  ┌─────────────────────┐  ┌─────────────────────┐
  │ Use the SDK.     │  │ Use the SDK +       │  │ Use Ratify Verify.  │
  │ Build proof      │  │ register your       │  │ Enterprise IT       │
  │ bundles.         │  │ platform with       │  │ controls policy +   │
  │                  │  │ Verify so your      │  │ audit. Agent        │
  │ Open source.     │  │ users' agents are   │  │ platforms connect   │
  │ Apache-2.0.      │  │ verifiable wherever │  │ in. Compliance      │
  │                  │  │ they act.           │  │ mappings included.  │
  └──────────────────┘  └─────────────────────┘  └─────────────────────┘

What the open protocol gives you

• The wire format. Signed DelegationCert + ProofBundle JSON shapes.
• Hybrid Ed25519 + ML-DSA-65 signing. Quantum-safe in v1.
• The verifier algorithm — fail-closed, deterministic, sub-millisecond.
• 59 canonical conformance fixtures. Any implementation passing them is byte-for-byte interoperable.
• Reference SDKs in Go, TypeScript, Python, Rust.
• A working ratify-cli for local experimentation.

You can build a complete agent authorization system using nothing but the open protocol. Many will. The protocol owes nothing to Identities AI as a company — the spec is CC-BY-4.0.

What Ratify Verify adds

• Hosted revocation lists with fail-closed cache invalidation across the planet.
• Audit archive with hash-chained immutability, KMS-signed daily checkpoints, WORM bucket retention.
• Org-scoped key custody with envelope encryption (AES-256-GCM under Cloud KMS) and self-custody upgrade paths.
• Policy engine — scope allowlists, time-of-day rules, geo gates, surface-specific constraints.
• Adapter enforcement for each surface: meetings (Zoom/Teams/Meet), voice, API gateway, physical AI.
• Multi-tenant onboarding — invite users, claim a domain, set up SSO, all the boring SaaS plumbing.
• Compliance mappings for SOX, FINRA, NYDFS, HIPAA, EU AI Act — pre-mapped audit fields.

Verify is the operational layer that turns “we use the protocol” into “we use the protocol in production at the scale our compliance team requires.”

When you use the SDK without Verify

Concretely fine — and supported — to do all of the following with no commercial relationship:

• Run a single-user Ratify identity from a laptop or phone.
• Self-host a verifier endpoint and check proofs in-process.
• Build a research demo, a hackathon project, an open-source side project.
• Implement a new-language SDK that passes all 59 fixtures.

The protocol does not phone home. There is no telemetry. There is no “validation server” you have to ping. The SDK ships with the verifier algorithm built in.

When you graduate to Verify

Most teams hit one of these triggers:

1. You need revocation at scale. A leaked agent key has to be revoked across every verifier in the world within seconds, not days. Self-hosting revocation lists works for a single instance; it breaks down across regions and customers.
2. You need audit you can take to a regulator. Hash-chained logs with KMS-signed checkpoints and immutable storage are non-trivial to build correctly. Verify ships this.
3. You’re a platform with customers who aren’t comfortable running infra. Their teams want to onboard, set policy, see audit, and move on. Verify is what you point them at.
4. Your compliance team needs mapped fields for SOX/FINRA/NYDFS/HIPAA/EU AI Act. Verify’s audit schema is pre-mapped.

Source of truth

• Specification: SPEC.md in ratify-protocol. The normative protocol document.
• Reference SDKs: github.com/identities-ai/ratify-protocol. Apache-2.0.
• Conformance fixtures: testvectors/v1/ in the same repo.
• Verify product: Sign up via identities.ai. Currently in private alpha.