ProlixoTech Documentation

Cryptographic Compliance Evidence Infrastructure

New to ProlixoTech? Solymus is the name of the ProlixoTech SDK and evidence engine—it's what you install (pip install solymus) and what powers the API. Start with the Quick Start guide below to log your first evidence event in under 5 minutes.

Why ProlixoTech?

Not all evidence is created equal. Here's what makes ProlixoTech different from regular logging — and why enterprises choose it for defensibility.

1

"Time Machine" Defense

If sued in 2028 for a 2025 AI decision, plaintiffs will judge you by 2028 standards. ProlixoTech captures a cryptographic snapshot of your exact safety rules at the millisecond of each inference. Uses PolicyContext with policy_hash (SHA-256 fingerprint) designed to support defensibility.

2

"Digital Wax Seal" (Non-Repudiation)

Regular database logs can be edited. We use AWS KMS Hardware Security Modules to sign every log with ECDSA P-256 asymmetric keys. Private keys stay in the HSM boundary — they never leave Amazon's physical hardware. Combined with RFC 8785 JSON Canonicalization to prevent ambiguity attacks.

3

"Homework Passer" (EU AI Act Article 12)

Mandates logging and traceability for high-risk AI systems — penalties vary by violation type. Schema includes DataProvenance for reference database lineage and HumanIntervention for oversight records. Compliance becomes a background API call, not a legal project.

4

Board-Ready Oversight Artifacts (Attestation Engine)

Generate documentation to support board oversight of AI risks. We use Asynchronous Merkle Aggregation — every 5 minutes, Lambda fuses all shard hashes into a Global Merkle Root. Monthly GET /certificate/{day} generates a signed attestation with inclusion proofs. Note: This is documentation tooling, not legal advice.

5

Zero "Security Tax" (Thread-Based Producer-Consumer)

If logging adds 200ms latency, developers will delete your SDK. We use a thread-safe in-memory queue — your AI "throws" logs into the queue and continues immediately. A background daemon thread handles batching and network transmission. Result: <1ms typical overhead on the calling thread (P50 <0.3ms, P99 <2ms; measured on a c5.xlarge, Python 3.11, 1,000 events/sec). Network latency is absorbed by the background thread.

6

Enterprise-Grade Scaling (Probabilistic Write Sharding)

Linear hash chains create bottlenecks. We implement Probabilistic Write Sharding — logs are randomly assigned to 20+ parallel shards (e.g., LOG_CHAIN#model-1#shard-5). Removes "Head Item" lock contention. Tested at sustained write throughput on DynamoDB on-demand, scaling with provisioned capacity.

7

Enterprise Storage at Startup Prices (Firehose Batching)

Small objects incur per-object overhead in S3 lifecycle transitions (Glacier adds ~40KB metadata per archived object). We use Amazon Kinesis Data Firehose as a managed buffer, compressing logs into columnar Parquet blocks before archiving to S3. This significantly reduces storage costs compared to per-event object storage.

Installation

Requires Python 3.9 or higher. Choose your operating system:

🍎 Mac

Step 1: Open Terminal

Press Cmd + Space, type Terminal, press Enter.

Step 2: Install ProlixoTech

pip3 install solymus

Step 3: Verify Installation

python3 -c "import solymus; print('Success!')"

✓ You should see: Success!

Having issues? Click here

Error: pip3 not found

Install Python from python.org/downloads/macos

Error: Permission denied

Try: pip3 install --user solymus

🪟 Windows

Step 1: Open Command Prompt

Press Windows key, type cmd, press Enter.

Step 2: Install ProlixoTech

py -m pip install solymus

Step 3: Verify Installation

py -c "import solymus; print('Success!')"

✓ You should see: Success!

⚠️ Python not installed?

  1. Go to python.org/downloads
  2. Click the yellow "Download Python" button
  3. ⚠️ IMPORTANT: Check "Add Python to PATH" at the bottom of the installer
  4. Click "Install Now"
  5. Close Command Prompt and open a new one
Having issues? Click here

Error: 'py' is not recognized

Python isn't installed or not in PATH. Reinstall Python and check "Add Python to PATH".

Error: 'pip' is not recognized

Use py -m pip install instead of pip install

Error: solymus=3.0.0 (single equals)

Use double equals: solymus==3.0.0 or just pip install solymus

Common Errors & Solutions

ModuleNotFoundError: No module named 'solymus' Run the install command again. Make sure you see "Successfully installed".
IndentationError: unexpected indent Delete the file and type the code manually (don't copy/paste).
SyntaxError when pasting code Save code to a .py file first. Don't paste directly into Command Prompt.
HTTP Error 403: Forbidden Invalid API key. Copy your key from the dashboard again.

Get Your API Credentials

  1. Sign up at prolixotech.com/signup.html
  2. Verify your email address
  3. Log in to the dashboard
  4. Copy your Tenant ID and API Key from the dashboard

Quick Start

Get started with ProlixoTech in three steps:

1. Initialize the Client

from solymus import Solymus

# Initialize with endpoint, tenant_id, and API key
client = Solymus(
    endpoint="https://api.prolixotech.com",
    tenant_id="my-company",
    api_key="YOUR_API_KEY"
)

2. Fire-and-Forget (Non-blocking)

# Non-blocking - events queued and sent in background
event_id = client.record("model_inference", {
    "model": "gpt-4",
    "prompt": "What is AI?",
    "response": "AI is...",
    "tokens": 150
})
# Returns immediately with event_id
print(f"Queued: {event_id}")

3. Synchronous (Blocking, Returns Receipt)

# Synchronous - waits for server confirmation
receipt = client.record_sync("critical_decision", {
    "decision_type": "loan_approval",
    "outcome": "approved",
    "confidence": 0.95
})

# Receipt is a dataclass with these attributes:
print(f"Event ID: {receipt.event_id}")      # Unique identifier
print(f"OK: {receipt.ok}")                  # True if successful
print(f"Trace ID: {receipt.trace_id}")      # Correlation ID
print(f"Digest: {receipt.digest_b64url}")   # SHA-256 digest
print(f"Algorithm: {receipt.signing_alg}") # ECDSA_SHA_256

How Your Data Flows

When you call record() from the SDK or POST /ingest via REST, here is exactly what happens inside ProlixoTech's infrastructure:

Your App
SDK or REST API
API Gateway
api.prolixotech.com
Lambda
Hash + KMS sign
DynamoDB
Evidence ledger
S3 Archive
Parquet cold storage

Step-by-Step

1. Your app sends evidence

The SDK queues events in a background thread and batches them (default: 10 events or 5 seconds). Your code continues immediately with <1ms overhead. Events are sent as POST /ingest with your X-Api-Key header. For CMMC artifacts, use the three-step upload → finalize flow.

2. Lambda processes and signs the event

API Gateway authenticates the request and routes it to our ingestion Lambda. The Lambda:
  • Canonicalizes the JSON payload using RFC 8785 (sorted keys, deterministic serialization)
  • Computes a SHA-256 hash of the canonical bytes (32-byte digest)
  • Signs the digest with AWS KMS using ECDSA P-256 (private key never leaves the HSM)
  • Maps to controls automatically based on evidence type (NIST 800-171 for CMMC, EU AI Act articles for AI governance)

3. Stored in DynamoDB with Merkle linking

The signed event is written to the prolixo_evidence_ledger_v1 DynamoDB table. Each event is linked into a shard chain (20 parallel shards) using chained SHA-256 hashes. This creates an append-only, tamper-evident ledger — if any record were modified after the fact, the chain would break. A daily attestation job computes a Merkle root across all shards.

4. Streamed to S3 for long-term archival

A DynamoDB Stream triggers a Lambda that pipes every new event to Amazon Kinesis Firehose. Firehose batches and compresses events into columnar Parquet files (SNAPPY compression) and writes them to S3. Lifecycle rules automatically tier storage: Standard → Standard-IA (90 days) → Glacier (1 year) → Deep Archive (2+ years).

5. View, export, and verify from the dashboard

Events appear in your dashboard immediately. From there you can: browse your evidence timeline, export compliance packages (SSP, POA&M, Evidence Index, EU Declaration) as JSON or PDF, and verify any artifact's cryptographic proof. Each export includes per-artifact public verification URLs that your auditors can check independently — no login required.

Your data never leaves AWS us-east-1. All processing (hashing, signing, storage) happens within our AWS infrastructure. KMS private keys never leave the hardware security module. The SDK hashes sensitive content (prompts, responses) locally with SHA-256 before transmission — the actual text never reaches our servers.

What the receipt proves

When you call record_sync(), the receipt you get back contains:

Field Meaning
event_id Unique identifier for this evidence entry
digest_b64url SHA-256 hash of the canonical event payload (base64url encoded)
signing_alg Always ECDSA_SHA_256 — the KMS signing algorithm used
chain_linked true if the event was linked into the Merkle shard chain
trace_id Correlation ID for grouping related events

This receipt is your cryptographic proof that the evidence existed in this exact form at the recorded timestamp. Auditors can verify it independently via GET /verify/{event_id} or the public verification URL in your exports.

5-Minute Demo

Test ProlixoTech with or without an AI provider. Choose an option below.

Important (Windows users): You must save code to a .py file and run it. Do NOT paste code directly into Command Prompt.

Option 1: Quick Test (No AI Required)

Test ProlixoTech without any AI provider. Only needs your ProlixoTech credentials.

Step 1: Get ProlixoTech Credentials

  1. Go to your Dashboard
  2. Copy your Tenant ID (shown on dashboard)
  3. Click "Generate API Key" and copy the key

Step 2: Create test.py

Open Notepad, paste this code, replace your credentials, and save as test.py on Desktop:

from solymus import Solymus
TENANT_ID = "your-tenant-id"
API_KEY = "ak_live_your_key_here"
log = Solymus(endpoint="https://api.prolixotech.com", tenant_id=TENANT_ID, api_key=API_KEY)
receipt = log.record_sync("test_event", {"message": "Hello from Solymus!", "demo": True})
print(f"Event ID: {receipt.event_id}")
result = log.verify(receipt.event_id)
print(f"KMS Signature Valid: {result.kms_signature_valid}")

Step 3: Run

Windows:

cd Desktop
py test.py

Mac / Linux:

cd ~/Desktop
python3 test.py

Expected Output:

Event ID: 3832bcb3-daea-4a9c-a198-96a249107f51
KMS Signature Valid: True

Your event is now cryptographically signed and tamper-evident. View it in your Events Dashboard.

Option 2: Full Demo with AI

Test with a real AI provider. Choose one below.

Step 1: Install AI Package

Windows:

py -m pip install google-genai

Mac / Linux:

pip3 install google-genai

Step 2: Get API Keys

Step 3: Create demo.py

Open Notepad, paste this code, replace your 3 credentials, save as demo.py on Desktop:

from google import genai
from solymus import Solymus
GEMINI_KEY = "AIza..."
TENANT_ID = "your-tenant-id"
API_KEY = "ak_live_..."
client = genai.Client(api_key=GEMINI_KEY)
log = Solymus(endpoint="https://api.prolixotech.com", tenant_id=TENANT_ID, api_key=API_KEY)
response = client.models.generate_content(model="gemini-2.0-flash", contents="What is AI?")
print(f"Gemini: {response.text}")
receipt = log.record_sync("gemini_inference", {"model": "gemini-2.0-flash", "output": response.text})
print(f"Event ID: {receipt.event_id}")
result = log.verify(receipt.event_id)
print(f"KMS Signature Valid: {result.kms_signature_valid}")

Step 4: Run

Windows:

cd Desktop
py demo.py

Mac / Linux:

cd ~/Desktop
python3 demo.py

Expected Output:

Gemini: Artificial intelligence (AI) refers to...
Event ID: 4a719f94-27eb-4a24-a36b-bfec34977a1d
KMS Signature Valid: True

Your AI inference is now logged with cryptographic proof. View it in your Events Dashboard.

Troubleshooting:

  • IndentationError - Delete the file and retype the code (don't copy/paste)
  • 429 quota exceeded - Create a new Gemini API key at aistudio.google.com
  • Module not found - Run the install command again

Other AI Providers

Groq (Free, Recommended)

Install: py -m pip install groq (Windows) or pip3 install groq (Mac/Linux)

Get key: console.groq.com/keys (free, no credit card)

from groq import Groq
from solymus import Solymus
GROQ_KEY = "gsk_..."
TENANT_ID = "your-tenant-id"
API_KEY = "ak_live_..."
client = Groq(api_key=GROQ_KEY)
log = Solymus(endpoint="https://api.prolixotech.com", tenant_id=TENANT_ID, api_key=API_KEY)
response = client.chat.completions.create(model="llama-3.1-8b-instant", messages=[{"role": "user", "content": "What is AI?"}])
print(f"Groq: {response.choices[0].message.content}")
receipt = log.record_sync("groq_inference", {"model": "llama-3.1-8b-instant", "output": response.choices[0].message.content})
print(f"Event ID: {receipt.event_id}")
print(f"KMS Signature Valid: {log.verify(receipt.event_id).kms_signature_valid}")

Tested Output:

Groq: Artificial Intelligence (AI) refers to the development of computer systems...
Event ID: 202c2e2a-e224-4740-9efb-0ab433f0441b
KMS Signature Valid: True

OpenAI (GPT-4, GPT-3.5)

Install: py -m pip install openai (Windows) or pip3 install openai (Mac/Linux)

Get key: platform.openai.com/api-keys

from openai import OpenAI
from solymus import Solymus
OPENAI_KEY = "sk-..."
TENANT_ID = "your-tenant-id"
API_KEY = "ak_live_..."
client = OpenAI(api_key=OPENAI_KEY)
log = Solymus(endpoint="https://api.prolixotech.com", tenant_id=TENANT_ID, api_key=API_KEY)
response = client.chat.completions.create(model="gpt-3.5-turbo", messages=[{"role": "user", "content": "What is AI?"}])
print(f"GPT: {response.choices[0].message.content}")
receipt = log.record_sync("openai_inference", {"model": "gpt-3.5-turbo", "output": response.choices[0].message.content})
print(f"Event ID: {receipt.event_id}")
print(f"KMS Signature Valid: {log.verify(receipt.event_id).kms_signature_valid}")

Anthropic Claude

Install: py -m pip install anthropic (Windows) or pip3 install anthropic (Mac/Linux)

Get key: console.anthropic.com/settings/keys

from anthropic import Anthropic
from solymus import Solymus
ANTHROPIC_KEY = "sk-ant-..."
TENANT_ID = "your-tenant-id"
API_KEY = "ak_live_..."
client = Anthropic(api_key=ANTHROPIC_KEY)
log = Solymus(endpoint="https://api.prolixotech.com", tenant_id=TENANT_ID, api_key=API_KEY)
response = client.messages.create(model="claude-3-haiku-20240307", max_tokens=1024, messages=[{"role": "user", "content": "What is AI?"}])
print(f"Claude: {response.content[0].text}")
receipt = log.record_sync("claude_inference", {"model": "claude-3-haiku", "output": response.content[0].text})
print(f"Event ID: {receipt.event_id}")
print(f"KMS Signature Valid: {log.verify(receipt.event_id).kms_signature_valid}")

Configuration

API Endpoint: Get your endpoint URL from the Dashboard under Settings.

Configure ProlixoTech via constructor arguments or environment variables:

Parameter Environment Variable Default Description
api_key SOLYMUS_API_KEY - Your API key (required)
tenant_id SOLYMUS_TENANT_ID "default" Your tenant identifier
batch_size - 10 Events per batch before sending
flush_interval - 5.0 Seconds between automatic flushes
max_queue_size - 1000 Max queue size before blocking
timeout - 10 HTTP timeout in seconds

ProlixoTech Client

Constructor

Solymus(
    endpoint: str,                         # Required: API endpoint URL
    tenant_id: str = "default",           # Your tenant identifier
    api_key: str = None,                  # API key for authentication
    batch_size: int = 10,                 # Events per batch
    flush_interval: float = 5.0,         # Seconds between flushes
    max_queue_size: int = 1000,          # Max queue before blocking
    timeout: int = 10                     # HTTP timeout in seconds
)

Methods

record(event_type, payload, ...) - Fire-and-forget. Returns event_id immediately.

record_sync(event_type, payload, ...) - Synchronous. Returns Receipt object.

verify(event_id) - Verify evidence. Returns VerificationResult.

flush() - Force flush all queued events.

close() - Gracefully shutdown, flushing remaining events.

Receipt Object

Returned by record_sync():

AttributeTypeDescription
okboolTrue if event was recorded
event_idstrUnique event identifier (UUID)
trace_idstrTrace ID for correlation
tenant_idstrYour tenant identifier
digest_b64urlstrSHA-256 digest (base64url)
signing_algstrSigning algorithm (ECDSA_SHA_256)

VerificationResult Object

Returned by verify():

AttributeTypeDescription
statusstr"verified", "not_found", or "unknown"
event_idstrThe verified event ID
kms_signature_validboolTrue if KMS signature is valid
merkle_rootstrGlobal Merkle root hash
verified_atstrISO timestamp of verification

Compliance Schema Objects

Use these schema objects with record() or record_sync() for full EU AI Act and ISO 42001 compliance.

ModelContext (ISO 42001 / Article 12)

Track which AI model made a decision for full traceability and version auditing.

FieldTypeRequiredDescription
model_idstrYesUnique identifier for the model
model_versionstrYesSemantic version of the model
model_typestrNoType of model (llm, classifier, rag, embedding)
deployment_idstrNoDeployment/environment identifier
 
from solymus import ModelContext

client.record_sync("inference", {...},
    model_context=ModelContext(
        model_id="gpt-4-turbo",
        model_version="2024-04-09",
        model_type="llm",
        deployment_id="prod-us-east-1"
    )
)

SessionContext (Article 12 Usage Periods)

Record start and end times of AI system usage sessions, as explicitly required by Article 12.

FieldTypeRequiredDescription
session_idstrYesUnique session identifier
started_atintYesUnix timestamp when session started
ended_atintNoUnix timestamp when session ended (None if ongoing)
 
from solymus import SessionContext
import time

session_start = int(time.time())
# ... AI system processes requests ...
session_end = int(time.time())

client.record_sync("session_complete", {...},
    session_context=SessionContext(
        session_id="sess_abc123",
        started_at=session_start,
        ended_at=session_end
    )
)

PerformanceMetrics (Post-Market Monitoring)

Capture performance metrics and anomaly flags for post-market monitoring requirements.

FieldTypeDescription
latency_msintResponse latency in milliseconds
confidence_scorefloatModel confidence (0.0-1.0)
input_tokensintNumber of input tokens processed
output_tokensintNumber of output tokens generated
anomaly_flagslistDetected anomalies (e.g., "low_confidence", "drift_detected")
 
from solymus import PerformanceMetrics

client.record_sync("inference", {...},
    performance_metrics=PerformanceMetrics(
        latency_ms=234,
        confidence_score=0.92,
        input_tokens=150,
        output_tokens=50,
        anomaly_flags=["high_latency"]
    )
)

PolicyContext (Time Machine Defense)

Capture the exact policy/ruleset active at the moment of inference.

FieldTypeDescription
policy_namestrName of the policy/ruleset
policy_versionstrSemantic version (e.g., "2.1.0")
policy_hashstrSHA-256 hash of policy config file

DataProvenance (Article 12 Data Lineage)

Track data sources used for AI inference.

FieldTypeDescription
reference_databaseslistRAG/retrieval source identifiers
training_datasetslistTraining data identifiers
data_versionstrVersion of reference data
lineagestrData pipeline URI (S3, MLflow, etc.)

HumanIntervention (Article 14 Oversight)

Record when humans review or override AI decisions.

FieldTypeDescription
requiredboolWhether human review was required
reasonstrReason for human intervention
reviewerstrIdentifier of human reviewer
reviewed_atintUnix timestamp of review

Complete Evidence Example

Combine all evidence features to support compliance requirements in high-stakes AI decisions:

from solymus import (
    Solymus,
    PolicyContext,
    DataProvenance,
    HumanIntervention,
    ModelContext,
    SessionContext,
    PerformanceMetrics
)
import hashlib
import time

log = Solymus(
    endpoint="https://api.prolixotech.com",
    tenant_id="my-company",
    api_key="YOUR_API_KEY"
)

# Complete evidence record for high-stakes AI decision
receipt = log.record_sync(
    "high_risk_ai_decision",
    {
        "input": {"customer_id": "C789", "request_type": "credit_increase"},
        "output": {"approved": True, "new_limit": 10000}
    },
    # Time Machine Defense
    policy_context=PolicyContext(
        policy_name="credit_risk_policy",
        policy_version="4.2.1",
        policy_hash="sha256:e3b0c44298fc1c149afbf4c8996fb924..."
    ),
    # EU AI Act Article 12 - Data Traceability
    data_provenance=DataProvenance(
        reference_databases=["credit-bureau-experian", "transaction-history"],
        training_datasets=["risk-model-training-2025-q4"],
        data_version="2026-01-11",
        lineage="mlflow://experiments/risk-v4/run-123"
    ),
    # EU AI Act Article 14 - Human Oversight
    human_intervention=HumanIntervention(
        required=False  # No human review needed for this decision
    ),
    # ISO 42001 / Article 12 - Model Identification
    model_context=ModelContext(
        model_id="risk-assessment-v4",
        model_version="4.2.0",
        model_type="classifier",
        deployment_id="prod-us-east-1"
    ),
    # Article 12 - Usage Period Tracking
    session_context=SessionContext(
        session_id="sess_credit_review_123",
        started_at=int(time.time()) - 60,
        ended_at=int(time.time())
    ),
    # Post-Market Monitoring
    performance_metrics=PerformanceMetrics(
        latency_ms=234,
        confidence_score=0.89,
        input_tokens=150,
        output_tokens=50
    )
)

print(f"Evidence ID: {receipt.event_id}")
print(f"Cryptographic Digest: {receipt.digest_b64url}")

Async Usage

For async applications, use SolymusAsync with all the same compliance features:

import asyncio
from solymus import SolymusAsync, PolicyContext, DataProvenance

async def main():
    async with SolymusAsync(
        endpoint="https://api.prolixotech.com",
        tenant_id="my-company",
        api_key="YOUR_API_KEY"
    ) as log:
        receipt = await log.record(
            "model_inference",
            {"model_id": "claude-3", "tokens": 500},
            policy_context=PolicyContext(
                policy_name="inference_rules",
                policy_version="1.0.0",
                policy_hash="sha256:abc123..."
            ),
            data_provenance=DataProvenance(
                reference_databases=["docs-v2"],
                data_version="2026-01-11"
            )
        )
        print(f"Event ID: {receipt.event_id}")

asyncio.run(main())

Note: Install async support with pip install solymus[async]

Context Manager

Use the context manager pattern for automatic cleanup and flushing:

with Solymus(endpoint="...", tenant_id="...", api_key="...") as log:
    log.record("event", {"data": "value"})
    log.record("another_event", {"more": "data"})
# Automatically flushes all pending events on exit

@audit_log Decorator

The decorator pattern is under development. Use record() or record_sync() for now.

Privacy Hashing

To protect PII while maintaining evidence integrity, hash sensitive data before logging:

import hashlib

# Hash sensitive data before logging
def hash_pii(data: str) -> str:
    return "sha256:" + hashlib.sha256(data.encode()).hexdigest()

# Log with hashed values
receipt = client.record_sync("inference", {
    "input_hash": hash_pii(user_prompt),  # Privacy-preserving
    "output_hash": hash_pii(response),
    "model": "gpt-4"
})

# The hash proves the data existed without revealing contents
# Perfect for GDPR compliance while maintaining evidence integrity

SDK & Integration Support Matrix

Integration Status Install / Access
Python SDK GA pip install solymus
REST API GA https://api.prolixotech.com
JavaScript / TypeScript In Development Use REST API in the meantime
Go Planned Use REST API in the meantime
Java Planned Use REST API in the meantime

JavaScript / TypeScript SDK

In Development

The JavaScript / TypeScript SDK is currently under development and not yet available. In the meantime, you can integrate with ProlixoTech using:

  • Python SDK — production-ready, install with pip install solymus
  • REST API — call https://api.prolixotech.com directly from any language (see API Reference below)

API Authentication Contract

All API endpoints use https://api.prolixotech.com as the base URL. Authentication varies by endpoint category:

Endpoint Auth Header
POST /ingest, GET /events, GET /verify/{id}, GET /certificate/{day}, POST /cmmc/* API Key X-Api-Key: YOUR_KEY
GET /public/verify/{id} None No authentication required — designed for auditors and external verifiers
/auth/*, /billing/* JWT Authorization: Bearer {clerk_jwt}

POST /ingest

POST /ingest

Batch ingest evidence events. Requires X-Api-Key header.

Authentication

# All evidence endpoints require API Key authentication
curl -X POST https://api.prolixotech.com/ingest \
  -H "Content-Type: application/json" \
  -H "X-Api-Key: YOUR_API_KEY" \
  -d '{"tenant_id": "your-tenant", "event_type": "inference", ...}'

Request Body

{
  "events": [
    {
      "event_id": "uuid",
      "event_type": "inference",
      "timestamp_ns": 1703750400000000000,
      "model_id": "gpt-4",
      "input_hash": "sha256:...",
      "policy_context": {...}
    }
  ],
  "tenant_id": "your-tenant"
}

GET /verify/{event_id}

GET /verify/{event_id}?tenant_id=xxx

Verify cryptographic integrity of an evidence record. Requires X-Api-Key header.

# Private verify (requires API key — for your internal dashboards)
curl "https://api.prolixotech.com/verify/EVENT_ID?tenant_id=my-tenant" \
  -H "X-Api-Key: YOUR_API_KEY"

GET /public/verify/{event_id}

GET /public/verify/{event_id}

Public verification endpoint for auditors and external parties. No authentication required.

# Public verify (no auth — share this URL with your C3PAO or auditor)
curl "https://api.prolixotech.com/public/verify/EVENT_ID"

Returns the same cryptographic verification data (KMS signature validity, Merkle linkage, compliance status) without requiring an API key. This is the URL embedded in exported evidence packages.

Offline Verification: Export bundles include everything needed to verify without calling our API. Each bundle contains the receipt JSON, cryptographic signature, Merkle inclusion proof, signed daily root, and verification instructions. Auditors can verify mathematically without any ProlixoTech account or network access.

GET /events

GET /events?tenant_id=xxx&start_date=YYYY-MM-DD&end_date=YYYY-MM-DD

Query and browse evidence records with pagination. Requires X-Api-Key header.

# Query events with date range
curl "https://api.prolixotech.com/events?tenant_id=my-tenant&start_date=2026-01-01&end_date=2026-01-06&limit=50" \
  -H "X-Api-Key: YOUR_API_KEY"

GET /certificate/{day}

GET /certificate/{day}?format=html|json

Generate a Certificate of Truth for a specific day. Requires X-Api-Key header.

# Get compliance certificate for a day
curl "https://api.prolixotech.com/certificate/2026-01-01?format=html" \
  -H "X-Api-Key: YOUR_API_KEY"

EU AI Act Compliance

ProlixoTech automatically captures data required by EU AI Act Article 12:

Caremark Doctrine

Demonstrate board-level AI governance with verifiable evidence:

Solymus Installation

Solymus is the ProlixoTech SDK and evidence engine. It automates evidence collection and control mapping for defense contractors pursuing CMMC certification (and other supported frameworks). Choose your installation method:

🌐

Web Dashboard

Drag-and-drop evidence upload. No installation required.

Open Dashboard →
🧩

Browser Extension

One-click screenshot capture with AI control mapping.

Get Extension →
🔗

Integrations

Upload evidence manually or collect via SDK and API.

View Integrations →

Solymus Capture - Browser Extension

The fastest way to collect CMMC evidence. Capture screenshots, documents, and configuration screens with automatic control mapping.

🧩 Install in 10 Seconds

  1. Click "Add to Chrome" from the extension page
  2. Sign in with your Solymus account
  3. Click the extension icon or press Ctrl+Shift+S to capture

Features: Full-page screenshots • AI control suggestions • Automatic upload • Offline support • PDF capture

Integrations

Upload evidence manually through the dashboard, or use the Python SDK and REST API to collect and submit artifacts programmatically:

Integration Evidence Type Controls Status
Microsoft Entra ID Access reviews, role assignments, MFA status AC-2, IA-2, IA-5 ● Available
Microsoft 365 Policies, DLP rules, retention settings AC-3, MP-2, SC-8 ● Available

CMMC / NIST 800-171

ProlixoTech serves as the evidence engine for CMMC 2.0 and NIST 800-171 compliance. Mapped to Rev 2 (current DoD contract baseline) with Rev 3-ready mapping in development. Instead of manual spreadsheets, automatically collect audit artifacts and map them to controls.

How ProlixoTech Supports CMMC

CMMC Evidence Recording Example

Log security control evidence with control family mapping:

# Record access control evidence (AC family)
from solymus import Solymus

log = Solymus(
    endpoint="https://api.prolixotech.com",
    tenant_id="defense-contractor-123",
    api_key="your-api-key"
)

# Log account management action (maps to AC-2)
log.record("access_control", {
    "control_family": "AC",
    "control_id": "AC-2",
    "action": "account_created",
    "user_id": "jsmith",
    "roles": ["analyst", "cui_access"],
    "authorized_by": "security_admin",
    "justification": "Project Falcon team member"
})

# Log audit event (maps to AU-3)
log.record("audit_event", {
    "control_family": "AU",
    "control_id": "AU-3",
    "event_type": "cui_document_access",
    "document_id": "DOC-2026-001",
    "classification": "CUI//SP-EXPT",
    "outcome": "success"
})

NIST 800-171 Control Families

ProlixoTech can capture evidence for all 14 control families:

Family Name Controls Evidence Types
AC Access Control 22 Account creation, role changes, access reviews
AU Audit & Accountability 9 Log events, audit reviews, log protection
AT Awareness & Training 3 Training completion, role-based training
CM Configuration Management 9 Baseline configs, change requests
IA Identification & Auth 11 MFA events, password changes
IR Incident Response 3 Incident reports, response actions
MA Maintenance 6 Maintenance logs, remote access
MP Media Protection 9 Media handling, sanitization
PE Physical Protection 6 Physical access logs, visitor records
PS Personnel Security 8 Screening, terminations, transfers
RA Risk Assessment 3 Vulnerability scans, risk assessments
CA Security Assessment 4 Assessment results, POA&M items
SC System & Comms Protection 16 Boundary protection, encryption status
SI System & Info Integrity 7 Malware scans, patch status, alerts

CMMC Evidence Factory API

The CMMC Evidence Factory provides dedicated API endpoints for uploading artifacts that automatically flow through the ProlixoTech Trust Engine. Every artifact is SHA-256 hashed, KMS-signed, and Merkle-chained.

Upload Artifact

Request a presigned URL for secure artifact upload:

# Request presigned upload URL
curl -X POST https://api.prolixotech.com/cmmc/artifacts/upload \
  -H "Content-Type: application/json" \
  -H "X-Api-Key: your-api-key" \
  -d '{
    "tenant_id": "acme-defense",
    "filename": "access-policy.pdf",
    "content_type": "application/pdf",
    "evidence_type": "policy_document",
    "source": "manual_upload",
    "tags": {"department": "IT", "cmmc_control": "AC-1"}
  }'

# Response includes presigned POST fields
{
  "artifact_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "upload_url": "https://prolixo-evidence-*.s3.amazonaws.com",
  "upload_fields": { ... }
}

Finalize Artifact

After upload, finalize the artifact to compute hash, map controls, and create the ProlixoTech event:

# Finalize artifact (triggers ProlixoTech integration)
curl -X POST https://api.prolixotech.com/cmmc/artifacts/{artifact_id}/finalize \
  -H "Content-Type: application/json" \
  -H "X-Api-Key: your-api-key"

# Response includes ProlixoTech receipt
{
  "artifact_id": "a1b2c3d4-...",
  "sha256_hex": "7f3a9c...",
  "receipt_id": "e1f2a3b4-...",
  "receipt_digest": "xYz123...",
  "merkle_linked": false,
  "control_mappings": [
    {"control_family": "AC", "control_id": "AC-1", "confidence": 0.95}
  ]
}

Verify Artifact

Assessors can independently verify evidence integrity:

# Verify artifact via ProlixoTech endpoint
curl https://api.prolixotech.com/verify/{receipt_id} \
  -H "X-Api-Key: your-api-key"

# Response shows cryptographic proof
{
  "status": "verified",
  "cryptographic_proof": {
    "kms_signature_valid": true,
    "signing_alg": "ECDSA_SHA_256",
    "digest_b64url": "..."
  },
  "merkle_linkage": {
    "root_signed": true,
    "global_root_hash": "..."
  }
}

Artifact Lifecycle

Stage Field Description
Upload status: pending Artifact uploaded to S3, awaiting finalization
Finalize receipt_id KMS-signed event created in evidence ledger
Chain Link merkle_linked: false Linked to shard chain, pending daily attestation
Attestation merkle_linked: true Daily attestation anchors artifact to global root

GovCloud Deployment (Roadmap): ProlixoTech currently operates on AWS commercial (us-east-1). A GovCloud deployment option is on the Enterprise roadmap. In the current model, upload only non-CUI artifacts. See GovCloud Architecture for the planned deployment model.

Plan-Based Access

ProlixoTech offers three tiers with distinct feature access:

Feature Starter (Free) Pro ($149/mo) Enterprise ($499/mo)
Monthly Events 1,000 100,000 1,000,000+
Data Retention 7 days 365 days Unlimited
Evidence Ingestion
Evidence Verification
Events Query 7 days 365 days Unlimited
Certificates of Truth -
CloudTrail Receipts - -
Board-Ready Reports - -

Error Responses

When accessing features outside your plan, you'll receive specific error codes:

403 - Plan Upgrade Required:

{
  "error": "PLAN_UPGRADE_REQUIRED",
  "message": "Certificates of Truth are available on Pro and Enterprise plans.",
  "current_plan": "starter",
  "required_plans": ["pro", "enterprise"]
}

403 - Retention Limit Exceeded:

{
  "error": "RETENTION_LIMIT_EXCEEDED",
  "message": "Your starter plan allows access to the last 7 days of data.",
  "earliest_allowed_date": "2026-01-08",
  "upgrade_hint": "Upgrade to Pro for 1-year retention or Enterprise for unlimited."
}

429 - Quota Exceeded:

{
  "error": "quota_exceeded",
  "message": "Monthly event limit reached (1000/1000). Upgrade to Pro for 100K events/month.",
  "current_count": 1000,
  "monthly_quota": 1000
}

Need help? Contact us at customerservice@prolixotech.com or visit your Dashboard.