# MEOK Attestation API

> Public signing + verification surface for MEOK AI Labs compliance attestations.

## What this API does

MEOK AI Labs issues HMAC-SHA256 signed attestations for EU compliance regimes (DORA, NIS2, CRA, EU AI Act, CSRD, AI-BOM, GDPR, UK AI Bill, HIPAA, SOC 2, ISO 42001, NIST AI RMF). Each attestation carries a public verify URL that auditors, boards, and procurement teams can validate without MEOK backend access.

## Endpoints

- POST /sign — sign an attestation (Pro tier, api_key + email required)
- POST /verify — verify a signed cert
- GET /verify/<cert_id> — human-readable verify page
- POST /provision — customer self-serve key retrieval by email
- POST /webhook — Stripe checkout.session.completed handler
- GET /catalogue — HTML marketing page with all MCPs + pricing
- GET /health — liveness

## Pricing

- Pro: £199/mo — https://buy.stripe.com/14A4gB3K4eUWgYR56o8k836
- Enterprise: £1,499/mo — https://buy.stripe.com/4gM9AV80kaEG0ZT42k8k837
- One-time assessment: £5,000 — https://buy.stripe.com/4gM7sN2G0bIKeQJfL28k833

## Verify locally

pip install meok-attestation-verify
meok-attestation-verify cert.json

## Docs

- MEOK AI Labs: https://meok.ai
- PyPI packages: https://pypi.org/user/MEOK_AI_Labs/
- GitHub org: https://github.com/CSOAI-ORG
- Contact: nicholas@csoai.org