VDI Architecture Diagrams
Verifiable Decision Infrastructure, Complete System Architecture
This document provides a comprehensive visual reference for the VDI protocol. Each diagram illustrates a distinct aspect of the system, from cryptographic primitives through enterprise workflows.
For the full protocol specification, see VDI-SPEC.md.
Diagram 1: VDI Protocol Stack
The VDI stack is organized into four layers. Applications consume the protocol layer, which delegates proof generation and verification to purpose-built circuits compiled down to the underlying cryptographic primitives.
Diagram 2: Decision Attestation Lifecycle
A decision attestation moves through three phases: generation (the prover creates a ZK proof and signs the attestation), primary verification (a verifier runs the full 7-step algorithm and emits a receipt), and downstream consumption (subsequent agents trust the receipt without re-running ZK verification).
Diagram 3: Decision Attestation Object Structure
The attestation is a self-contained JSON artifact. It bundles every piece of information a verifier needs, the proof, the verification key, and the Ed25519 signature, so verification never requires a network call.
Diagram 4: 7-Step Verification Algorithm
Every attestation is validated by the same deterministic, ordered algorithm. Each step is a pure function, no network access, no mutable state. Failure at any step short-circuits the process and marks the attestation as INVALID.
Diagram 5: Trust Propagation with Receipts
Trust flows outward from the decision maker. Primary verifiers perform the expensive ZK verification once and emit signed receipts. Downstream consumers validate only the lightweight receipt, reducing per-hop verification cost by over 10x. Regulators retain the option to perform full re-verification at any time.
Diagram 6: Enterprise Workflow Templates
VDI ships three pre-built DAG templates for regulated industries. Each template maps a real-world decision pipeline to a graph of ordered stages with embedded policy constraints. The dashed edges show where policy enforcement is applied.
AI Lending (Fair Lending Act)
Clinical Decision (FDA/HIPAA)
Autonomous System (EU AI Act)
Diagram 7: Trust Chain (Constraint Authority)
The constraint authority layer closes the trust gap between "the proof is mathematically valid" and "the constraints encode the right legal requirements." A recognized authority (law firm, audit firm, standards body) reviews and attests that the constraint set correctly implements the target regulation. This attestation is bound to the pipeline hash and verified inside the ZK proof.
Diagram 8: Comparison, SaaS vs Infrastructure
The SaaS model creates a central point of failure and requires runtime trust in the vendor. The VDI infrastructure model eliminates the server entirely: attestations are self-contained and verification is pure mathematics that any party can execute independently.
SaaS Model (Centralized)
Infrastructure Model (Independent)
Diagram 9: Machine-to-Machine Trust at Scale
In production agent networks, decisions flow through chains of specialized agents. Each agent either generates a new attestation or validates an incoming one and emits a receipt. The result is an auditable trust chain that spans the entire decision lifecycle without any human in the loop.
Diagram 10: The Full VDI System
End-to-end view of the entire VDI system. Decision makers submit private inputs to the prover, which generates a Groth16 proof, signs it with Ed25519, and binds it to a policy from the constraint registry. The resulting attestation is a portable artifact that any party can verify independently using the open-source verifier. Verified receipts flow to compliance monitors, audit systems, regulators, and downstream agents.
