Back to browse
GitHub Repository

Content claim signing, policy, watermark, and registry tooling.

1 starsPython

PACT – An open-source toolkit for privately signing digital content

by rstock·Jul 8, 2026·2 points·0 comments

AI Analysis

●●SolidBig BrainBold Bet

Blinded OPRF identities and nuanced verification labels beat C2PA's binary signed/unsigned.

Strengths
  • Blinded OPRF prevents registry from seeing raw device data or derived tokens
  • Merkle batch disclosure makes full registry history publicly auditable
  • Nuanced verification labels (disputed/revoked/mismatch) instead of binary claims
Weaknesses
  • Pre-alpha v0.0.3 with 1 star means not production-ready yet
  • Content provenance adoption depends on industry-wide coordination
Category
Target Audience

Content creators and AI researchers concerned with training policy enforcement

Similar To

C2PA · Content Credentials · Truepic

Post Description

I’ve recently been doing a lot of reading about provenance tracking, content authenticity, and AI model training policy enforcement and started working on PACT in an attempt to address some of the issues I saw.

PACT is an open-source toolkit for signing content claims, attaching machine-readable policy metadata to files, and verifying those claims against a hosted trust registry. The initial use case is AI-training policy/provenance: for example, letting a content creator publish a signed “no commercial training” policy record in a way that preserves the privacy of the content and the creator.

Some of the features are: - Actions are append-only (an event log with Merkle batch disclosure) so the registry's full history is publicly auditable. - User identities are registry-scoped to prevent cross-registry tracking, and user identifiers are generated using a blinded OPRF, so the registry never sees raw device data or the derived token - Content commitments are salted, so the registry can hold a valid claim without ever receiving the actual content, and can't be used to reverse-lookup content from the public record - Content commitments are salted, so the registry can hold a valid claim without ever receiving the actual content, and can't be used to reverse-lookup content from the public record. - The ability to dispute potentially fraudulent claims and some initial work to attempt to identify competing claims and possible violations of AI training policies

Im currently hosting a registry instance here: https://ncryptai.com/pact (no login required).

I’d appreciate any feedback and/or requests for features you think might be useful.

Similar Projects

Security●●●Banger

Vestauth – Auth for Agents

Agent auth via key-signing beats API keys and OAuth for autonomous systems.

Big BrainSolve My ProblemZero to One
scottmotte
1114mo ago