GovernedAI
The institutional surface for governed AI · sealed receipts only.

Cryptography & Verification

Today, every sealed artifact on this site references a SHA-256 tree hash. Signatures arrive in Phase 2. This page is the verification roadmap, kept honest about the distinction.

Public key (placeholder)

OptimaX's signing key for sealed receipts will be published here as an Ed25519 fingerprint with a corresponding key transparency log entry. Until then, hashes referenced on this site are SHA-256 hex digests of canonical-form serializations and can be independently computed from published evidence packets.

# Ed25519 fingerprint (placeholder — to be published with first sealed receipt)
ed25519:<pending>

# Independent verification example (works today on PEL Auditor packet):
sha256sum <file>
# Or for a tree hash:
find . -type f -not -name "TREE_HASH.txt" \
  -exec sha256sum {} \; | sort | sha256sum

Verification roadmap

  1. Phase 1 — SHA-256 tree hashes only. Today. Each evidence packet contains a TREE_HASH.txt with per-file SHA-256s and an aggregate tree hash. Anyone can re-compute and verify identity. This site does not call any artifact "cryptographically signed" until the Phase 2 signing key exists. A hash proves identity. A signature proves authorship. We are honest about which we have today.
  2. Phase 2 — Ed25519 signatures. Q2 2026. Each sealed receipt is signed by the OptimaX signing key. Public key fingerprint + key transparency log entry published here.
  3. Phase 3 — Sigstore / SCITT integration. Q3 2026. Receipts become a profile of the IETF SCITT transparent statement format; verification uses the Sigstore transparency log.
  4. Phase 4 — Federated key transparency. 2027. Multi-operator recognition of each other's signing keys.

Why public verification matters

The receipts doctrine forbids overclaim. If a published claim references an evidence artifact, that artifact must be independently verifiable. If it cannot be independently verified, it is not a receipt — it is a claim, and we label it as such.

The chain that matters: artifact exists → artifact has a hash → hash is signed → signature key is published → key is in a transparency log → log is independently audited → therefore the receipt cannot be silently rewritten.

This site is on Phase 1. Phases 2–4 are scheduled. Each phase tightens what a single party (including OptimaX) can change without external detection.

Verifying the PEL Auditor packet

The first sealed evidence packet on this site is the PEL Phase 1 Auditor Packet (sealed 2026-05-02). Verification is reproducible in under five minutes by any third party with sha256sum and pyyaml. Instructions are inside the packet's README. Visit the receipts registry.