Provable AI · model-agnostic · open protocol
GRASP
When an AI decides, the why usually vanishes the instant it answers. GRASP keeps the receipt — what it decided, what it believed, and proof of every claim — checkable by a skeptic without trusting us.
01 — the shift
Trust our logs is over.
AI is a black box
When a model answers, the exact context it saw is gone. If it was wrong — a bad clause, a missed risk — almost nobody can reconstruct why. The evidence evaporates.
The law now wants receipts
The EU AI Act requires high-risk AI to automatically log its events for their whole lifetime (Article 12), biting from August 2026. Record-keeping failures reach €15M or 3% of global turnover.
Ordinary logs aren't trustworthy
A normal database log can be edited by an administrator with no trace. The world is moving from "trust our records" to "cryptographically verify our records."
02 — cryptographic causation
Three records. Bound together. Falsifiable by construction.
GRASP records what an AI decided, what it believed when it decided, and every outward claim it makes — cryptographically bound, so a regulator, auditor, or opposing counsel can independently refute or confirm them. The verifier is the maths and an outside party — never the AI. This is Popper applied to AI provenance.
The receipt
what it decided
Every decision seals an Intent Decision Record: inputs, answer, reasoning, confidence, exact model version. Hashed and chained to the previous one, rooted in a Merkle tree — change any past entry and the fingerprints downstream stop matching. A sealed, numbered ledger, not a pencil one.
The diary
what it believed
A separate signed, append-only record of what the system believed and when — and how that belief changed. Keeping "what happened" and "what we believed" in two chains is the part even the harshest reviewer called original.
The floor
every quote checked to source
Any outward claim must carry a verbatim quote from its source. The check is string arithmetic, not judgement — a hallucinated quote resolves to NOT FOUND and the claim does not go out. It proves the quote is verbatim in the supplied source — not that the source is authoritative or that it settles the claim; that judgement is a separate layer. A claim GRASP cannot ground, GRASP does not send.
03 — don't trust it, witness it
Verify a signed chain in your own browser.
No account. Nothing of ours installed. Your browser loads a small bundle, takes the node's public key, and checks a real Ed25519 signature over its decision chain. A public key can only check a signature, never forge one — so green means signed-and-unaltered, and we cannot fake the result for you. Then tamper with a row and watch it break.
| # | route | provider | model | status | when (UTC) | entry hash |
|---|
← scroll to see full table →
The tamper button edits one field in memory and re-runs the exact same check — proving the verdict is real. Nothing is sent anywhere. This proves one node's own signed chain (movement-first): it does not claim a connected network or cross-node verification — those stay on the roadmap, named honestly below. The live Bitcoin pilot anchors are proven separately — checkable links in the shipped ledger. Verified with your browser's built-in crypto.subtle.verify (Ed25519).
04 — causation, carried forward
Break one row. Watch the chain break after it.
The chain above proves a row was not altered. This shows why that holds — and why it is causation, not merely a checksum. This little chain is built and signed in your browser with an ephemeral key — a live demonstration of the same chain construction; the shipped node's own signed chain is the one verified in section 03 above. Each row's fingerprint is sha256(this row + the fingerprint before it), so every fingerprint depends on all of history. Edit any cell — rewrite what the AI "decided" — and its fingerprint changes, which breaks the next row's link, which breaks the next… all the way down. That carry-forward is the point.
| # | route | provider | model | status | entry hash · state |
|---|
← scroll to see full table →
Nothing is sent anywhere; the key exists only in this browser tab and is thrown away on reload. This is not the shipped node's chain — it is a live rebuild of the same construction so you can break it yourself. Green means every fingerprint still chains back to the signed root; red means a fingerprint — or an ancestor's — no longer does, so the signed tip is stale. Built, signed, and re-verified with your browser's built-in crypto.subtle (ephemeral Ed25519).
05 — try it yourself
Ground a claim in its source. Right here.
Give it a source, a claim, and the quote the claim rests on. Your browser runs the exact HAPPI 1.3 cite.verify ladder — string arithmetic, no model, nothing sent anywhere — then signs the result into a decision record with a throwaway Ed25519 key generated on this page. That signed record is the decision-and-claim legs of cryptographic causation — what was decided, grounded, and tamper-evident; the belief record (memory-chain) is the third leg, shown in section 02. And mind the scope: cite.verify proves the quote is verbatim in your source — not that the source is authoritative or that the claim is true; that judgement is a separate layer. Try to slip a quote past it that isn't in the source — you can't.
Edit any field — it re-verifies and re-signs live. The verdict is arithmetic, not judgement: a hallucinated quote resolves to NOT FOUND and cannot be signed as grounded.
Renders the live check above as a claim in the TMIF format (draft-laurie-tmif-01) — a declaration layer above the engine, not the engine itself. This rendering is illustrative and unsigned (the demo key is ephemeral); the production Claimant document, signed with a published verifying key, lives at grasp/docs/tmif.md.
You just ran the claim-grounding step GRIP runs on every outward claim: verified a quote to its source, then sealed the verdict into a signed decision record. Change one byte of that record and the signature stops matching — so a decision, once made, cannot be quietly rewritten. Same cite.verify floor, whichever model produced the answer. Want the full engine, the whitepaper, and a hands-on evaluation? development@codetonight.co.za
06 — one system, four parts
The stack behind the proof.
Governed reasoning
the engine + its guards
A reasoning engine wrapped in mechanical safety gates that deny dangerous actions deterministically, plus recursive self-improvement. Trust through mechanism, not good intentions.
Any model, sovereign
the universal adapter
Routes each request to any model — hosted or private — with automatic failover. Non-Anthropic, non-OpenAI by default, so you are never locked to a single vendor. One plug, any socket.
The open protocol
the standard envelope
One structured envelope wraps every request — the same shape at both ends, whichever model moves it. It carries the decision record, the belief chain, and the provability floor. Published like HTTP or Markdown.
Witnessable nodes
the movement
A single install stands up a node anyone can verify in-browser — the demo above is one. Movement-first: one node, one chain, independently checkable today; a connected network is the next step.
07 — told honestly
We publish our own boundary.
Overclaiming is the fastest way to lose a serious evaluation. So here is the line, drawn by us: what is shipped and verifiable today, and what is honestly still roadmap. A provable-AI system that hides its own limits would be a contradiction.
Shipped & verifiable
- The three legs — decision, belief, and claim records, and they compose into one proof.
- cite.verify — deterministic citation floor; a hallucinated quote cannot pass.
- HAPPI 1.3 — the open envelope, with sibling specs for the decision and memory chains.
- Merkle-rooted chains — inclusion proof in O(log N) steps.
- Signed HMAC-SHA256 by default, with a per-tenant Ed25519 public-key-verifiable path; post-quantum ML-DSA-65 in the finance vertical.
- Bitcoin anchor (pilot) — AI-decision Merkle roots stamped into a real Bitcoin block via OpenTimestamps, verifiable offline and against the live chain, with zero vendor trust. Batched 2026-07-06; block mined 2026-07-07; 1,400+ confirmations and growing. Check it on any explorer: block 956992.
- One cross-platform install — Mac, Linux, Windows; no secrets baked in.
- Self-witnessing node — verify in-browser, no account (the demo above).
- Vendor sovereignty — non-Anthropic/OpenAI by default, proven live.
Honest roadmap
- Continuous production anchoring — the pilot Bitcoin anchors are live and verifiable today; anchoring GRIP's own always-on IDR chain, not just the batched pilot demos, is the next rung.
- Connected node network — today each node proves its own chain; cross-node public verification is next.
- The joint-causation binding proof — the leading patent-claim candidate; the composing read-side link ships today, the signed swap-proof is drafted.
- Public-key licence handshake (v2) — v1 machine-bound single-use codes ship; asymmetric, server-free verify is next.
- Cross-model memory portability — the model-neutral spec is published; full portability is in progress.
08 — open infrastructure
Open protocol. Open floor. Provable core.
The envelope (HAPPI) and the verification floor (cite.verify) are built to be open — published the way HTTP and Markdown are open, so the ecosystem can grow around the specification. The infrastructure that runs the standard well is where regulated organisations pay a premium: it functions as insurance against AI liability. Two tracks that reinforce each other — the open standard creates demand, the private engine captures it.
09 — evaluation access
The deep IP is shared under NDA.
The public picture above is deliberately "just enough". The formal whitepaper, the patent-claim direction, the competitive analysis, and hands-on evaluation are shared under a non-disclosure agreement. Reach the team directly — we'll set up the NDA and a working session.