Code Provenance for the AI Era
A Flying Cloud Technology Project
AI models now generate production code at scale — but there's no standard way to verify which model wrote which code, where it was generated, or whether an independent model audited it for security.
ForgeProof is a cryptographic attestation platform that creates tamper-evident provenance receipts for AI-generated code. Every attestation is Ed25519-signed, SHA-256 hashed, and linked into an append-only hash chain — giving you a verifiable ledger of every AI contribution to your codebase.
The problem: Organizations using AI to generate code face a blind spot. SBOMs tell you what components are in your software. SLSA/Sigstore prove your build was untampered. But neither answers: Which AI model wrote this code? Where did it run? Did a different model audit it?
ForgeProof fills this gap — it sits upstream of build attestation, at the code generation layer, providing the missing provenance link in the AI software supply chain.
| Tool | What It Proves | What It Doesn't Prove |
|---|---|---|
| SLSA / Sigstore / cosign | Binary was built from specific source in a trusted CI/CD | Which AI wrote the source code |
| SBOM (SPDX / CycloneDX) | What components are in the software | How components were created |
| C2PA / Content Credentials | Media file provenance | Code provenance (code is trivially refactored) |
| ForgeProof | Which AI model generated the code, where it ran, and whether it was independently audited | That the AI output is correct or secure |
- Ed25519 Cryptographic Signatures — Every attestation receipt is digitally signed
- SHA-256 Hash-Chained Ledger — Append-only chain where each entry links to the previous, making tampering detectable
- Multi-Model Attestation — Track code generated by GPT-4, Claude, Copilot, and others in the same repository
- Provider Separation Enforcement — Security audit attestations must come from a different AI provider than the code origin
- Geographic Compliance — Track and enforce which jurisdictions AI models operate in (US-only, EU-only, custom policies)
- GitHub Integration — OAuth connection, webhook listener for auto-attestation on push, repository sync
- MCP Tool Server — AI agents can create attestations via Model Context Protocol
- OpenAPI Spec — Import into ChatGPT as a custom action for GPT-driven attestation
- Analytics Dashboard — Visual breakdowns by provider, model, country, and compliance status
- Badge Embeds — SVG badges for README files showing attestation status
- Certificate Export — Printable HTML certificates for compliance documentation
- Public Verification — Anyone can verify attestation integrity without authentication
┌─────────────────────────── Control Boundary ───────────────────────────┐
│ │
│ AI Model → Agent → Artifact → Hash → Signature → Ledger │
│ (GPT-4) (API) (code.ts) (SHA-256) (Ed25519) (chain) │
│ │
│ ↓ │
│ Verification │
│ (public endpoint) │
│ │
└────────────────────────────────────────────────────────────────────────┘
Every attestation receipt includes:
- File identity — path and SHA-256 content hash
- Model identity — name, provider, and country of origin
- Cryptographic proof — Ed25519 signature and hash chain entry
- Chain position — previous entry hash for tamper detection
- Audit trail — optional security audit verdict from an independent model
{
"receipt_version": "v1",
"id": 42,
"file_path": "src/utils/auth.ts",
"file_hash": "sha256:a3f2e8c1d9b4...",
"model_name": "gpt-4-turbo",
"model_provider": "OpenAI",
"country_of_origin": "US",
"attestation_type": "origin",
"timestamp": "2026-02-21T08:30:00.000Z",
"signature": "ed25519:7Bf3kQ9xYz...",
"entry_hash": "sha256:9c1d4e3f2a8b...",
"prev_entry_hash": "sha256:8b7a6c5d4e3f...",
"parent_attestation_id": null,
"audit_verdict": null
}See the SDK documentation for the complete field reference.
- Node.js 20+
- PostgreSQL database
# Clone the repository
git clone https://github.com/bxrist/ForgeProof.git
cd ForgeProof
# Install dependencies
npm install
# Set up environment variables
export DATABASE_URL="postgresql://user:password@localhost:5432/forgeproof"
export SESSION_SECRET="your-session-secret"
# Push database schema
npm run db:push
# Start the development server
npm run devThe app will be available at http://localhost:5000.
curl -X POST https://your-instance.com/api/v1/attest \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"file_path": "src/auth.ts",
"file_hash": "sha256:abc123...",
"model_name": "gpt-4-turbo",
"model_provider": "OpenAI",
"country_of_origin": "US"
}'curl https://your-instance.com/api/v1/verify/sha256:9c1d4e3f...curl https://your-instance.com/api/verify/chain| Method | Endpoint | Description |
|---|---|---|
POST |
/api/v1/attest |
Create attestation receipt |
GET |
/api/v1/verify/:hash |
Verify by entry hash |
GET |
/api/lookup |
Public receipt lookup |
GET |
/api/verify/chain |
Full hash chain verification |
GET |
/api/analytics |
Attestation analytics |
GET |
/api/badge/:id.svg |
SVG badge for attestation |
GET |
/api/openapi.json |
OpenAPI spec (for GPT Actions) |
POST |
/api/mcp/tools |
MCP tool execution |
import requests
import hashlib
API_URL = "https://your-instance.com/api/v1/attest"
API_KEY = "your-api-key"
with open("src/auth.ts", "rb") as f:
file_hash = "sha256:" + hashlib.sha256(f.read()).hexdigest()
response = requests.post(API_URL, headers={
"Authorization": f"Bearer {API_KEY}",
"Content-Type": "application/json"
}, json={
"file_path": "src/auth.ts",
"file_hash": file_hash,
"model_name": "gpt-4-turbo",
"model_provider": "OpenAI",
"country_of_origin": "US"
})
receipt = response.json()
print(f"Attestation #{receipt['id']} created")
print(f"Entry hash: {receipt['entryHash']}")const response = await fetch("https://your-instance.com/api/v1/attest", {
method: "POST",
headers: {
"Authorization": `Bearer ${API_KEY}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
file_path: "src/auth.ts",
file_hash: `sha256:${hash}`,
model_name: "gpt-4-turbo",
model_provider: "OpenAI",
country_of_origin: "US",
}),
});
const receipt = await response.json();- Defense Contractors (CMMC) — Audit trail and traceability for AI-generated code in classified environments
- Government Procurement (NIST AI RMF) — Verifiable AI provenance for federal software supply chains
- Enterprise Software Supply Chain — Complements SLSA and SBOM with AI code origin attestation
- Regulated Industries (EU AI Act) — Article 12 traceability and Cyber Resilience Act compliance
- AI Development Teams — Multi-model tracking with provider separation enforcement
- Open Source Maintainers — Transparent AI contribution tracking with public verification
ForgeProof provides a detailed threat model documenting:
- What ForgeProof proves and what it doesn't
- Trust assumptions and security guarantees
- Attack scenarios with mitigations
- Frontend: React, Vite, Tailwind CSS, shadcn/ui, Framer Motion
- Backend: Express.js, Node.js
- Database: PostgreSQL with Drizzle ORM
- Crypto: Ed25519 (tweetnacl), SHA-256
- Auth: OpenID Connect (Replit Auth)
Licensed under the Apache License, Version 2.0.
Copyright 2026 Flying Cloud Technology / ForgeProof Contributors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
- Live Demo: forgeproof.flyingcloudtech.com/demo
- SDK Documentation: forgeproof.flyingcloudtech.com/sdk
- Threat Model: forgeproof.flyingcloudtech.com/threat-model
- Flying Cloud Technology: flyingcloudtech.com