Code Provenance for the AI Era
A Flying Cloud Technology Project
AI models now generate production code at scale — but there's no standard way to verify which model wrote which code, where it was generated, or whether an independent model audited it for security.
ForgeProof is a cryptographic attestation platform that creates tamper-evident provenance receipts for AI-generated code. Every attestation is Ed25519-signed, SHA-256 hashed, and linked into an append-only hash chain — giving you a verifiable ledger of every AI contribution to your codebase.
The problem: Organizations using AI to generate code face a blind spot. SBOMs tell you what components are in your software. SLSA/Sigstore prove your build was untampered. But neither answers: Which AI model wrote this code? Where did it run? Did a different model audit it?
ForgeProof fills this gap — it sits upstream of build attestation, at the code generation layer, providing the missing provenance link in the AI software supply chain.
| Tool | What It Proves | What It Doesn't Prove |
|---|---|---|
| SLSA / Sigstore / cosign | Binary was built from specific source in a trusted CI/CD | Which AI wrote the source code |
| SBOM (SPDX / CycloneDX) | What components are in the software | How components were created |
| C2PA / Content Credentials | Media file provenance | Code provenance (code is trivially refactored) |
| ForgeProof | Which AI model generated the code, where it ran, and whether it was independently audited | That the AI output is correct or secure |
- Ed25519 Cryptographic Signatures — Every attestation receipt is digitally signed
- SHA-256 Hash-Chained Ledger — Append-only chain where each entry links to the previous, making tampering detectable
- Multi-Model Attestation — Track code generated by GPT-4, Claude, Copilot, and others in the same repository
- Provider Separation Enforcement — Security audit attestations must come from a different AI provider than the code origin
- Geographic Compliance — Track and enforce which jurisdictions AI models operate in (US-only, EU-only, custom policies)
- GitHub Integration — OAuth connection, webhook listener for auto-attestation on push, repository sync
- MCP Tool Server — AI agents can create attestations via Model Context Protocol
- OpenAPI Spec — Import into ChatGPT as a custom action for GPT-driven attestation
- Analytics Dashboard — Visual breakdowns by provider, model, country, and compliance status
- Badge Embeds — SVG badges for README files showing attestation status
- Certificate Export — Printable HTML certificates for compliance documentation
- Public Verification — Anyone can verify attestation integrity without authentication
┌─────────────────────────── Control Boundary ───────────────────────────┐
│ │
│ AI Model → Agent → Artifact → Hash → Signature → Ledger │
│ (GPT-4) (API) (code.ts) (SHA-256) (Ed25519) (chain) │
│ │
│ ↓ │
│ Verification │
│ (public endpoint) │
│ │
└────────────────────────────────────────────────────────────────────────┘
Every attestation receipt includes:
- File identity — path and SHA-256 content hash
- Model identity — name, provider, and country of origin
- Cryptographic proof — Ed25519 signature and hash chain entry
- Chain position — previous entry hash for tamper detection
- Audit trail — optional security audit verdict from an independent model
{
"receipt_version": "v1",
"id": 42,
"file_path": "src/utils/auth.ts",
"file_hash": "sha256:a3f2e8c1d9b4...",
"model_name": "gpt-4-turbo",
"model_provider": "OpenAI",
"country_of_origin": "US",
"attestation_type": "origin",
"timestamp": "2026年02月21日T08:30:00.000Z",
"signature": "ed25519:7Bf3kQ9xYz...",
"entry_hash": "sha256:9c1d4e3f2a8b...",
"prev_entry_hash": "sha256:8b7a6c5d4e3f...",
"parent_attestation_id": null,
"audit_verdict": null
}See the SDK documentation for the complete field reference.
- Node.js 20+
- PostgreSQL database
# Clone the repository git clone https://github.com/bxrist/ForgeProof.git cd ForgeProof # Install dependencies npm install # Set up environment variables export DATABASE_URL="postgresql://user:password@localhost:5432/forgeproof" export SESSION_SECRET="your-session-secret" # Push database schema npm run db:push # Start the development server npm run dev
The app will be available at http://localhost:5000.
curl -X POST https://your-instance.com/api/v1/attest \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "file_path": "src/auth.ts", "file_hash": "sha256:abc123...", "model_name": "gpt-4-turbo", "model_provider": "OpenAI", "country_of_origin": "US" }'
curl https://your-instance.com/api/v1/verify/sha256:9c1d4e3f...
curl https://your-instance.com/api/verify/chain
| Method | Endpoint | Description |
|---|---|---|
POST |
/api/v1/attest |
Create attestation receipt |
GET |
/api/v1/verify/:hash |
Verify by entry hash |
GET |
/api/lookup |
Public receipt lookup |
GET |
/api/verify/chain |
Full hash chain verification |
GET |
/api/analytics |
Attestation analytics |
GET |
/api/badge/:id.svg |
SVG badge for attestation |
GET |
/api/openapi.json |
OpenAPI spec (for GPT Actions) |
POST |
/api/mcp/tools |
MCP tool execution |
import requests import hashlib API_URL = "https://your-instance.com/api/v1/attest" API_KEY = "your-api-key" with open("src/auth.ts", "rb") as f: file_hash = "sha256:" + hashlib.sha256(f.read()).hexdigest() response = requests.post(API_URL, headers={ "Authorization": f"Bearer {API_KEY}", "Content-Type": "application/json" }, json={ "file_path": "src/auth.ts", "file_hash": file_hash, "model_name": "gpt-4-turbo", "model_provider": "OpenAI", "country_of_origin": "US" }) receipt = response.json() print(f"Attestation #{receipt['id']} created") print(f"Entry hash: {receipt['entryHash']}")
const response = await fetch("https://your-instance.com/api/v1/attest", { method: "POST", headers: { "Authorization": `Bearer ${API_KEY}`, "Content-Type": "application/json", }, body: JSON.stringify({ file_path: "src/auth.ts", file_hash: `sha256:${hash}`, model_name: "gpt-4-turbo", model_provider: "OpenAI", country_of_origin: "US", }), }); const receipt = await response.json();
- Defense Contractors (CMMC) — Audit trail and traceability for AI-generated code in classified environments
- Government Procurement (NIST AI RMF) — Verifiable AI provenance for federal software supply chains
- Enterprise Software Supply Chain — Complements SLSA and SBOM with AI code origin attestation
- Regulated Industries (EU AI Act) — Article 12 traceability and Cyber Resilience Act compliance
- AI Development Teams — Multi-model tracking with provider separation enforcement
- Open Source Maintainers — Transparent AI contribution tracking with public verification
ForgeProof provides a detailed threat model documenting:
- What ForgeProof proves and what it doesn't
- Trust assumptions and security guarantees
- Attack scenarios with mitigations
- Frontend: React, Vite, Tailwind CSS, shadcn/ui, Framer Motion
- Backend: Express.js, Node.js
- Database: PostgreSQL with Drizzle ORM
- Crypto: Ed25519 (tweetnacl), SHA-256
- Auth: OpenID Connect (Replit Auth)
Licensed under the Apache License, Version 2.0.
Copyright 2026 Flying Cloud Technology / ForgeProof Contributors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
- Live Demo: forgeproof.flyingcloudtech.com/demo
- SDK Documentation: forgeproof.flyingcloudtech.com/sdk
- Threat Model: forgeproof.flyingcloudtech.com/threat-model
- Flying Cloud Technology: flyingcloudtech.com