Financial numbers with
verifiable provenance.

An open-source enforcement kernel for LLM agents in financial services. Every numeric output is bound to a verifiable computation chain, or it never leaves the system.

Read the thesis

GitHub

Agent answer

Provenance chain

$237.42←calc.subtract

└− $1,247,322.18←ledger.get_balance

│ postgres://gl row 4821

└− $1,247,084.76←extract.bank_statement

BS-05-26.pdf page 12

Audit ID 7f3a91… ✓ Reproducible by anyone Can’t skip the checks

The problem

Logging is not provenance.

Agent frameworks record what the agent said. Model risk reviewers ask how each number was derived. These are different questions, and most frameworks only answer the first one.

What your agent outputs

“Cash unreconciled is $237.42.”

✓Looks plausible

✓Cites a document

✗Shows how each number was calculated

✗Anyone can reproduce it

✗Can’t be secretly altered

What a reviewer asks

“Where did $237.42 come from? Who computed it? Show me the chain. Replay it.”

Regulators put the burden of proof on your firm. The Fed’s model risk guidance (SR 26-2) and FINRA’s 2026 oversight report both expect you to show how every number was produced. A number that simply looks right, with no way to trace where it came from, isn’t evidence. It’s a liability.

A reconciliation, end to end

Three spreadsheets, one defensible number.

A complete Provenant run: three real source files in, one operating-income figure out, every dollar tied to its exact origin. Hover any value to see which source produced it. Click view file to inspect the rows.

xlsx

Revenue_Q1

ledger.get_balance

487 rows · $4,512,847.00

csv

Payroll_Q1

payroll.export

211 rows · $1,247,892.42

xlsx

AP_Expenses

ap.subledger

1,903 rows · $417,562.40

reconcile.match

calc.subtract

✓14 tokens minted

✓0 ungrounded numbers

✓0 schema violations

Operating income

$0.00

✓submit_answer

Audit chain

$2,847,392.18←calc.subtract

└− $4,512,847.00←Revenue_Q1.xlsx

│ rows 12–487 · sha256 a3f9…

└− $1,247,892.42←Payroll_Q1.csv

│ rows 4–211 · sha256 7c1b…

└− $417,562.40←AP_Expenses.xlsx

rows 8–1903 · sha256 2e8d…

↓ Download audit pack (.json)

Integration

One kernel. Multiple entry points.

Starting with the MCP server. We’re proving the model out on the MCP server first. Once the core is solid, the Go and Python libraries open up so you can build agents natively on Provenant.

How it works

How Provenant guarantees every number

Provenant sits between your AI agent and whatever it outputs. Every number has to pass the same three checks before it can leave, no matter which framework or model you use.

emit $237.42

token t_001 minted

tool ledger.get_balance

src postgres://gl row 4821

✓ grounded · replayable

Every number is tagged

Each number is tied to the exact data and step that produced it.

Catches made-up numbers

agent.write() intercepted ✗

console.log() intercepted ✗

submit_answer(verified)

✓ released · chain sealed

One way out

Numbers can only leave through one verified exit. Every other path is blocked.

Can’t be bypassed

emit $42.00 token: none

ERROR ungrounded_output

→ run halted · attempt logged

emit $237.42 token: t_001

✓ released

No proof, no output

If a number can’t be proven, the run stops and logs it. Nothing slips through.

Never fails silently

Get started

Running in under five minutes.

# Run as an MCP server, no code changes in your host

$ docker run -p 8080:8080 provenant/provenant:v0

# Register with your MCP host

$ claude mcp add provenant http://localhost:8080

→ Provenant ready · 14 tools registered · audit chain active

# Add to your Go module

$ go get github.com/provenant/provenant

import "github.com/provenant/provenant/kernel"

k, _ := kernel.New(kernel.Config{

Store: myPostgres,

Skills: skills.Load("reconciliation"),

})

run, _ := k.Run(ctx, input)

// audit pack + token table + replay hash all in run.AuditPack

# Install the reconciliation skill pack

$ provenant skills install reconciliation

$ provenant run --skill=reconciliation --input=./sample.json

→ Run complete · Tokens: 14 · Ungrounded: 0 · Replay: ✓

$ provenant replay ./out/audit-7f3a91.json

→ Deterministic · chain hash matches · reads verified

Compliance & auditability

Built to be defensible.
Designed to be shared.

Every run ships with a self-contained audit pack. Anyone reviewing it can trace how each number was built, re-run the whole thing, and confirm nothing bypassed the kernel — all without touching your original systems.

Built to satisfy FINRA 2026, SR 26-2, EU AI Act Art. 14, and SOX §404 — ready for your model risk, legal, and audit teams.

✓Tamper-proof audit log — hash-chained, so any edit shows; verifiable on its own

✓Re-run it and get the exact same result — bit-identical replay from the captured-read record

✓A quality score on every run — DFAH metrics: determinism, faithfulness, accuracy, hallucination rate

✓Traced to the exact source row — per-value provenance, not just a document citation

✓Your data never leaves your perimeter — single-tenant and air-gappable in v0

Financial numbers withverifiable provenance.