Provable AI · model-agnostic · open protocol

GRASP

Governed Reasoning And Signable Provenance

When an AI decides, the why usually vanishes the instant it answers. GRASP keeps the receipt — what it decided, what it believed, and proof of every claim — checkable by a skeptic without trusting us.

Tamper-evidentReplayableModel-agnosticOpen protocolSelf-witnessed

01 — the shift

Trust our logs is over.

01

AI is a black box

When a model answers, the exact context it saw is gone. If it was wrong — a bad clause, a missed risk — almost nobody can reconstruct why. The evidence evaporates.

02

The law now wants receipts

The EU AI Act requires high-risk AI to automatically log its events for their whole lifetime (Article 12), biting from August 2026. Record-keeping failures reach €15M or 3% of global turnover.

03

Ordinary logs aren't trustworthy

A normal database log can be edited by an administrator with no trace. The world is moving from "trust our records" to "cryptographically verify our records."

02 — cryptographic causation

Three records. Bound together. Falsifiable by construction.

GRASP records what an AI decided, what it believed when it decided, and every outward claim it makes — cryptographically bound, so a regulator, auditor, or opposing counsel can independently refute or confirm them. The verifier is the maths and an outside party — never the AI. This is Popper applied to AI provenance.

01 · IDR

The receipt

what it decided

Every decision seals an Intent Decision Record: inputs, answer, reasoning, confidence, exact model version. Hashed and chained to the previous one, rooted in a Merkle tree — change any past entry and the fingerprints downstream stop matching. A sealed, numbered ledger, not a pencil one.

02 · MEMORY-CHAIN

The diary

what it believed

A separate signed, append-only record of what the system believed and when — and how that belief changed. Keeping "what happened" and "what we believed" in two chains is the part even the harshest reviewer called original.

03 · CITE.VERIFY

The floor

every quote checked to source

Any outward claim must carry a verbatim quote from its source. The check is string arithmetic, not judgement — a hallucinated quote resolves to NOT FOUND and the claim does not go out. It proves the quote is verbatim in the supplied source — not that the source is authoritative or that it settles the claim; that judgement is a separate layer. A claim GRASP cannot ground, GRASP does not send.

They compose. One provenance action writes into both the decision chain and the belief chain at once — so you can show what was decided, what was believed then, and that the claim is grounded, all provably linked. A skeptic re-runs the check without trusting a single one of our systems.

03 — don't trust it, witness it

Verify a signed chain in your own browser.

No account. Nothing of ours installed. Your browser loads a small bundle, takes the node's public key, and checks a real Ed25519 signature over its decision chain. A public key can only check a signature, never forge one — so green means signed-and-unaltered, and we cannot fake the result for you. Then tamper with a row and watch it break.

Checking the signature in your browser…
signed IDR decision chain — metadata only, no message content
#routeprovidermodelstatuswhen (UTC)entry hash

← scroll to see full table →

The tamper button edits one field in memory and re-runs the exact same check — proving the verdict is real. Nothing is sent anywhere. This proves one node's own signed chain (movement-first): it does not claim a connected network or cross-node verification — those stay on the roadmap, named honestly below. The live Bitcoin pilot anchors are proven separately — checkable links in the shipped ledger. Verified with your browser's built-in crypto.subtle.verify (Ed25519).

04 — causation, carried forward

Break one row. Watch the chain break after it.

The chain above proves a row was not altered. This shows why that holds — and why it is causation, not merely a checksum. This little chain is built and signed in your browser with an ephemeral key — a live demonstration of the same chain construction; the shipped node's own signed chain is the one verified in section 03 above. Each row's fingerprint is sha256(this row + the fingerprint before it), so every fingerprint depends on all of history. Edit any cell — rewrite what the AI "decided" — and its fingerprint changes, which breaks the next row's link, which breaks the next… all the way down. That carry-forward is the point.

Building and signing a fresh chain in your browser…
ephemeral demo chain — built & signed in your browser (Ed25519), safe fake data
#routeprovidermodelstatusentry hash · state

← scroll to see full table →

Nothing is sent anywhere; the key exists only in this browser tab and is thrown away on reload. This is not the shipped node's chain — it is a live rebuild of the same construction so you can break it yourself. Green means every fingerprint still chains back to the signed root; red means a fingerprint — or an ancestor's — no longer does, so the signed tip is stale. Built, signed, and re-verified with your browser's built-in crypto.subtle (ephemeral Ed25519).

05 — try it yourself

Ground a claim in its source. Right here.

Give it a source, a claim, and the quote the claim rests on. Your browser runs the exact HAPPI 1.3 cite.verify ladder — string arithmetic, no model, nothing sent anywhere — then signs the result into a decision record with a throwaway Ed25519 key generated on this page. That signed record is the decision-and-claim legs of cryptographic causation — what was decided, grounded, and tamper-evident; the belief record (memory-chain) is the third leg, shown in section 02. And mind the scope: cite.verify proves the quote is verbatim in your source — not that the source is authoritative or that the claim is true; that judgement is a separate layer. Try to slip a quote past it that isn't in the source — you can't.

Edit any field — it re-verifies and re-signs live. The verdict is arithmetic, not judgement: a hallucinated quote resolves to NOT FOUND and cannot be signed as grounded.

Verifying in your browser…
① The HAPPI 1.3 envelope — what a harness sends (any model, any provider)

        
② cite.verify — the deterministic floor, run on your source
grounding rate verified 0fuzzy 0not found 0
source sha256
③ The decision, signed — tamper-evident (Ed25519, in your browser)
④ Optional — output this check as a TMIF claim (declaration layer)

Renders the live check above as a claim in the TMIF format (draft-laurie-tmif-01) — a declaration layer above the engine, not the engine itself. This rendering is illustrative and unsigned (the demo key is ephemeral); the production Claimant document, signed with a published verifying key, lives at grasp/docs/tmif.md.

You just ran the claim-grounding step GRIP runs on every outward claim: verified a quote to its source, then sealed the verdict into a signed decision record. Change one byte of that record and the signature stops matching — so a decision, once made, cannot be quietly rewritten. Same cite.verify floor, whichever model produced the answer. Want the full engine, the whitepaper, and a hands-on evaluation? development@codetonight.co.za

06 — one system, four parts

The stack behind the proof.

GRIP

Governed reasoning

the engine + its guards

A reasoning engine wrapped in mechanical safety gates that deny dangerous actions deterministically, plus recursive self-improvement. Trust through mechanism, not good intentions.

Mechanical gatesSelf-improvingAuditable
HAL

Any model, sovereign

the universal adapter

Routes each request to any model — hosted or private — with automatic failover. Non-Anthropic, non-OpenAI by default, so you are never locked to a single vendor. One plug, any socket.

Multi-providerFailoverOn-prem capable
HAPPI 1.3

The open protocol

the standard envelope

One structured envelope wraps every request — the same shape at both ends, whichever model moves it. It carries the decision record, the belief chain, and the provability floor. Published like HTTP or Markdown.

Provider-agnosticOpen speccite.verify
HAPPIVERSE

Witnessable nodes

the movement

A single install stands up a node anyone can verify in-browser — the demo above is one. Movement-first: one node, one chain, independently checkable today; a connected network is the next step.

Self-witnessNo accountCross-platform

07 — told honestly

We publish our own boundary.

Overclaiming is the fastest way to lose a serious evaluation. So here is the line, drawn by us: what is shipped and verifiable today, and what is honestly still roadmap. A provable-AI system that hides its own limits would be a contradiction.

Shipped & verifiable

  • The three legs — decision, belief, and claim records, and they compose into one proof.
  • cite.verify — deterministic citation floor; a hallucinated quote cannot pass.
  • HAPPI 1.3 — the open envelope, with sibling specs for the decision and memory chains.
  • Merkle-rooted chains — inclusion proof in O(log N) steps.
  • Signed HMAC-SHA256 by default, with a per-tenant Ed25519 public-key-verifiable path; post-quantum ML-DSA-65 in the finance vertical.
  • Bitcoin anchor (pilot) — AI-decision Merkle roots stamped into a real Bitcoin block via OpenTimestamps, verifiable offline and against the live chain, with zero vendor trust. Batched 2026-07-06; block mined 2026-07-07; 1,400+ confirmations and growing. Check it on any explorer: block 956992.
  • One cross-platform install — Mac, Linux, Windows; no secrets baked in.
  • Self-witnessing node — verify in-browser, no account (the demo above).
  • Vendor sovereignty — non-Anthropic/OpenAI by default, proven live.

Honest roadmap

  • Continuous production anchoring — the pilot Bitcoin anchors are live and verifiable today; anchoring GRIP's own always-on IDR chain, not just the batched pilot demos, is the next rung.
  • Connected node network — today each node proves its own chain; cross-node public verification is next.
  • The joint-causation binding proof — the leading patent-claim candidate; the composing read-side link ships today, the signed swap-proof is drafted.
  • Public-key licence handshake (v2) — v1 machine-bound single-use codes ship; asymmetric, server-free verify is next.
  • Cross-model memory portability — the model-neutral spec is published; full portability is in progress.

08 — open infrastructure

Open protocol. Open floor. Provable core.

The envelope (HAPPI) and the verification floor (cite.verify) are built to be open — published the way HTTP and Markdown are open, so the ecosystem can grow around the specification. The infrastructure that runs the standard well is where regulated organisations pay a premium: it functions as insurance against AI liability. Two tracks that reinforce each other — the open standard creates demand, the private engine captures it.

github.com/CodeTonight-SA/grasp — AGPL-3.0, public →

09 — evaluation access

The deep IP is shared under NDA.

The public picture above is deliberately "just enough". The formal whitepaper, the patent-claim direction, the competitive analysis, and hands-on evaluation are shared under a non-disclosure agreement. Reach the team directly — we'll set up the NDA and a working session.

development@codetonight.co.za