Documentation

Provenance you re-run.

Obsign is a Python SDK, a CLI, a native core + OFX plugin, and a free browser verifier. Write a kernel or wrap a model once; ship a receipt anyone can re-execute to confirm the result bit-for-bit.

Quickstart

Install needs only numpy and cryptography (torch, GPU, C2PA are optional extras).

# install + health-gate
pip install obsign
obsign selfcheck            # conformance + signing + determinism, exit 0 if HEALTHY

# accountable enhance (deterministic, reversible, signed) + a self-verifying certificate
obsign accountable-enhance photo.png --out out.png --receipt r.json --sign key.json --certificate
obsign verify-accountable r.json --input photo.png

Everything is reproducible: the same input + the same quantized model gives a bit-identical output and a receipt that re-runs on any machine.

The CLI

obsign selfcheckconformance + signing + determinism health gate

obsign accountable-enhancedeterministic, reversible, signed enhancement

obsign verify-accountablere-run + reproduce + recover original, bit-exact

obsign forensic <file>Regime B: localized, calibrated, signed forensic report

obsign forensic <file> --against r.jsonunified Regime A + B (binding + forensic)

obsign c2pa-sign / c2pa-verifyembed + verify a real C2PA manifest

obsign certificatea self-contained, signed HTML certificate

Receipt format

A receipt is canonical JSON. The receipt_sha256 is SHA-256 over the claim (everything except the signature and the hash itself, keys sorted, no whitespace). The signature is Ed25519 over that hash string. Array hashes are SHA-256 over the int64, C-contiguous bytes.

{
  "spec": "obsign/accountable/v1",
  "producer": { "name": "obsign", "version": "1.0.0", "spec": "obsign/spec/1" },
  "tier": "A", "guarantee": "bit-exact deterministic (cross-device)",
  "model_sha256": "...", "scales": { "activation": 1024, "weight": 1024 },
  "original_sha256": "...", "enhanced_sha256": "...", "diff_sha256": "...",
  "accountability": { "mean_change": .., "max_invention": .., "reversible": true },
  "receipt_sha256": "<sha256 of the canonical claim>",
  "signature": { "alg": "ed25519", "signer": "..", "public_key": "..", "sig": ".." }
}

Verification workflow

Anyone, in a browser

Paste a receipt into the free verifier: integrity + Ed25519 + issuer trust, all client-side.

Canonical re-run (SDK)

obsign verify-accountable r.json --input original.png re-runs the operation and recovers the original bit-for-bit.

A signature proves who signed and that nothing changed. Whether to trust that signer is the issuer-trust step — see the security model.

Provability tiers

Any model fits; the guarantee degrades gracefully, never to zero.

Tier A — bit-exact. Quantized integer inference, identical on CPU, GPU and native. Re-run anywhere.
Tier B — reproducible. Any model, fixed seeds + deterministic ops, wrapped accountable.
Tier C — accountable. Even a black-box generator: preserved original, signed diff, coherence + invention maps.

Try it in your browser Read the security model