brivora

Open source, transparent, post-quantum technology for all people.

npm install @brivora/crypto @brivora/verify

What we build

@brivora/crypto

Post-quantum cryptography

Hybrid ML-KEM-768 + ML-DSA-65 + classical crypto. NIST FIPS compliant. Zero config. Pure TypeScript. Works everywhere.

import { crypto } from '@brivora/crypto';
const keys = await crypto.createIdentity();
const signed = await crypto.sign(data, keys.privateKey);
Read the docs →
@brivora/verify

Verifiable AI governance

Wrap any AI call with governance rules. Get a PQC-signed Merkle root. Independently verifiable. No API. No account. Pure math.

const result = await verify.govern(
  () => ai.chat({ model, messages }),
  { governance: 'eu-ai-act-v1' }
);
Read the docs →

AI compliance, proven cryptographically

Governance packs encode regulatory requirements as machine-checkable rules. Every AI call generates a PQC-signed proof of compliance.

Available

EU AI Act

Articles 9-15. Tamper-evident logging, risk management, human oversight. Enforcement August 2, 2026.

Available

SOC 2 AI Controls

10 rules mapped to all 5 Trust Service Criteria. Cryptographic evidence for auditors.

Coming Q1

CCPA/CPRA ADMT

Automated decision-making compliance. Consumer opt-out, bias detection. Deadline January 1, 2027.

Coming Q1

HIPAA AI

PHI detection across 18 Safe Harbor identifiers. BAA enforcement. 6-year audit trails.

Coming Q2

NIST AI RMF

15 rules across GOVERN, MAP, MEASURE, MANAGE. Texas safe harbor. Cross-framework value.

Enterprise and commercial

Using Brivora in a proprietary product? Need compliance advisory for your team?

Licenses from $500/year. Gap assessments from $1,500. Governance packs from $2,000.

Why post-quantum

2024

NIST finalized FIPS 203, 204, 205 — the post-quantum cryptographic standards that replace RSA and ECDSA.

2030

NSA deadline for national security systems to migrate to post-quantum cryptography. The transition is already underway.

Q-Day

The day a quantum computer breaks classical encryption. Every system not using PQC becomes vulnerable. We build for that day.

Zero telemetry

No analytics. No network calls. No tracking. No error reporting. No feature flags. Your data never leaves your machine through our code.

AGPL-3.0

Fully open source. Inspect every line. Fork it. Build on it. Free forever for open source projects. Commercial licenses available.

Pure TypeScript

No native modules. No WASM. Works everywhere: Node.js, Deno, Bun, browsers. Built on audited @noble cryptographic primitives.

Self-contained proofs

Every proof includes everything needed for independent verification. No API call. No account. No external dependency. Pure math.