A transparency registry
for signed AI compliance policies.
Any organisation can publish a cryptographically signed compliance policy here. Any party — a regulator, an auditor, a customer's procurement team, another AI agent — can verify it against a stable URL. The registry is neutral infrastructure: open source primitives, free public tier, Sigstore-compatible artifacts.
The artifact of record for AI governance
Every serious industry has a signed, portable artifact that moves between parties — a TLS certificate, a Docker image, an npm package, a PDF bearing a corporate seal. AI governance did not have one. The AION file is that object; this registry is where they live publicly.
A signed AION policy declares: under rules of version N, signed by identity X, with hash h, at time t. The envelope is a DSSE v1 payload wrapped in a Sigstore Bundle. Verification is public, offline-capable, and requires no AION-specific tooling — cosign verify-blob --bundle works against any artifact published here.
Three stations, one artifact
An organisation signs a policy.
Legal, risk, and engineering compose a compliance policy. It is TOON-encoded, hashed with BLAKE3, signed with the organisation's Ed25519 key, and posted to the registry. The public key is pinned to the organisation's namespace.
Any party checks the seal.
An AI agent, a regulator, a downstream customer — anyone with the bundle and the public key can verify the signature. No account, no API key, no tooling install required. The registry records every verification event.
The history is append-only.
Every version of every policy is retained. Each artifact can be cross-linked to the global Rekor v2 transparency log, giving a second, independent witness to inclusion. Tampering is detectable from a single honest observer.
HTTP surface
All endpoints return application/json. The policy artifact is a DSSE envelope wrapped in a Sigstore Bundle (application/vnd.dev.sigstore.bundle.v0.3+json).
| Method | Path | Purpose |
|---|---|---|
| POST | /v1/orgs | Create an organisation namespace. Body: { slug, display_name, public_key_hex }. |
| GET | /v1/orgs/:slug | Fetch the organisation's public metadata. |
| POST | /v1/orgs/:slug/policies/:name | Publish a new signed policy version. Body: the Sigstore Bundle. The registry verifies the DSSE signature against the org's pinned key before accepting. |
| GET | /v1/orgs/:slug/policies/:name | List all versions of a named policy. |
| GET | /v1/orgs/:slug/policies/:name/:version | Fetch the full Sigstore Bundle for a specific version. |
| POST | /v1/verify | Stateless verification. Body: { bundle, public_key_hex }. Returns { valid, reasons, verified_at }. |
Example — create an organisation
curl -X POST https://registry.aion-context.dev/v1/orgs \
-H 'Content-Type: application/json' \
-d '{
"slug": "pharmaco-x",
"display_name": "PharmaCo X",
"public_key_hex": "a7c3e9f1…"
}'
Example — publish a signed bundle
curl -X POST https://registry.aion-context.dev/v1/orgs/pharmaco-x/policies/hipaa \ -H 'Content-Type: application/json' \ -d @rules.aion.bundle.json
Example — verify any bundle offline
curl -X POST https://registry.aion-context.dev/v1/verify \
-H 'Content-Type: application/json' \
-d '{
"bundle": { "mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", ... },
"public_key_hex": "a7c3e9f1…"
}'
Where this sits
The registry is not a replacement for Sigstore's model-transparency project or OpenSSF Model Signing. Those projects sign model weights. This one signs the policies under which a model is permitted to operate. Both layers are necessary; neither replaces the other.
Bundles published here are byte-compatible with the Sigstore ecosystem. Any artifact retrieved from this registry can be verified by cosign verify-blob or sigstore-python without modification. The registry operates as infrastructure alongside Sigstore's Rekor v2 transparency log; publishers may additionally anchor their bundles in Rekor for a second, independent witness.
Try it
The signed-artifact authoring workflow lives at demo.aion-context.dev — its Studio section emits Sigstore Bundles you can POST here. The simplest path:
- Open the Studio at demo.aion-context.dev, sign a draft, click export sigstore bundle.
- Register an organisation with
POST /v1/orgsusing the public-key hint from the bundle. POST /v1/orgs/<your-slug>/policies/<name>with the bundle as the body.
The v0 registry runs on a small droplet and auto-expires organisation slugs after seven days. A durable tier with authenticated namespaces, signed delegation, and procurement-ready SLAs is on the roadmap.