Open protocol · open spec
An open substrate for AI provenance that does not require trusting us.
SynOI's provenance layer is a content-addressed transparency-log protocol. Every Decision Receipt, every capability registration, every memory record SynOI handles is a signed object: identified by hash, signed with hybrid Ed25519 + ML-DSA-65 (post-quantum), encoded in canonical JSON, anchorable to public logs. The spec is open. The reference store (SynOI Vault) is in the OSS license. Anyone can verify offline.
The three pieces
Protocol, format, and the application most teams meet first.
01 · Protocol
Provenance Protocol Specification
The protocol semantics: object identity (OID), content-addressed provenance, hash-chained mutation history, supersession links, point-in-time query model. Canonical JSON wire format; a CBOR profile is reserved for a future version. The novelty lives here; the bytes are standards-based.
02 · Format
Decision Receipt Format
The hybrid-signed audit record produced for every governed AI action. Canonical JSON body, hybrid Ed25519 + ML-DSA-65 signatures, public verification surface at verify.synoi.systems. Any Ed25519 library in any language can verify the classical signature offline, with no SynOI dependency.
03 · Application
Supply Chain Guard Architecture
The first vertical application of the provenance protocol outside the gateway: publisher-side HITL on npm/PyPI publish (roadmap, Q1 2027). Wrap `npm publish` for out-of-band approval. Publish-side interceptor and registry mirror Q1 2027.
Design intent
Content-addressed, append-only, point-in-time queryable.
Governed objects are identified by the hash of their canonical encoding. Same content, same identity. Different content, different identity. There is no "edit" - a new version is a new object that supersedes the prior one. The history is the data.
This is the same shape as sigstore Rekor, AWS QLDB, Google Trillian, and IPLD - the category of transparency log, not of database. We chose it because AI audit needs the same property package: tamper-evidence, time-travel queries, and third-party verifiability.
Properties
Content-addressed identity
OID = SHA-256 of canonical payload. Identical content collides by design; different content cannot.
Append-only history
New version = new record. Supersession links point backward. The audit trail is complete by construction.
Point-in-time replay
"What was true at T?" - answerable directly from the log without snapshots or restore.
Public anchor (optional)
Hash roots anchorable to OpenTimestamps / Rekor / sigstore so tamper-evidence survives even if operator infrastructure is compromised.
Standards-based wire
Canonical JSON bodies, hybrid Ed25519 (RFC 8032) + ML-DSA-65 (FIPS 204) signatures. Any Ed25519 library in any language can verify the classical signature offline.
Where the spec stands
The honest version of "is this real yet?"
Decision Receipt v1 format
In production behind SynOI Gateway. Public verifier live at /verify.
Receipt Verifier (public)
No-auth surface. Paste any receipt URL, see Ed25519 math.
Provenance protocol white paper
Public draft Q4 2026; RFC submission path Q1 2027.
SynOI Vault reference store
Operator-authoritative substrate. Implements the SRAID-Core provenance protocol. Powers Gateway cache, Decisions, Evidence Journal.
Post-quantum signature path
Hybrid Ed25519 + ML-DSA-65 signing and native verify shipped in Gateway (PR #126). Decision Receipts carry both signatures. Full deployment on Node 24 + OpenSSL 3.5 native path is the production target.
Public log anchoring
OpenTimestamps / Rekor anchor cadence configurable per tenant.
Standards alignment
We did not invent the cryptography.
The protocol semantics are SynOI's contribution; the wire bytes, the signatures, and the transparency-log shape are IETF / NIST / OpenSSF / CSA standards. Every name in the row below is a verifiable upstream, not a logo wall. Procurement and security teams should be able to map every SynOI claim to a public standard.
- CSA· STAR for AI - application in flight
- OpenSSF
- sigstore· Rekor + cosign - receipt anchoring
- in-toto· attestations - SCG produces SLSA-compatible artifacts
- IPLD - content addressing prior art
- IETF· RFC 8949 · CBOR
- IETF· RFC 8152 · COSE
- IETF· RFC 8032 · Ed25519
- NIST· FIPS 204 · ML-DSA - PQ migration path
- NIST· AI RMF
- ISO/IEC· 42001 - planned
- Linux Foundation· Open Invention Network - planned membership
Full alignment matrix with status and surface for each entry: /standards →
Read the papers
Drafts in flight. Read them; argue with them; cite them.
Public draft · ~40 pp
SynOI Provenance Protocol
Object identity (OID), content-addressed provenance, supersession, point-in-time queries, and CBOR + COSE wire format. Frames the protocol as a transparency-log primitive in the sigstore Rekor / AWS QLDB / Google Trillian category.
Read the paper →Spec live · Architecture white paper
Supply Chain Guard Architecture
Publisher-side HITL on every npm / PyPI publish, registry-mirror state-divergence detection on the consume side, GitHub App PR-bot, OID Resolver public attestation service. Defeats the Mini Shai-Hulud worm class at publish time.
Read the paper →Draft · ~25 pp
SynOI Trust Model
What you are trusting, in what order, and where you can verify without us. Threat model, custody chains, signature trust roots, anchoring strategy, post-quantum migration path, and the explicit list of properties SynOI does not guarantee.
Read the paper →All papers, including Decision Receipt cryptography, tenant-encrypted deployment, and the SynOI trust model: /whitepapers →
Read the spec. Verify a receipt. Decide for yourself.
The white-paper drafts and the public verifier are linked below. Neither requires an account, an NDA, or a sales call.