Architecture

How Pedigree Works

Six cryptographic checkpoints turn every AI-authored commit into a verifiable, tamper-evident credential. Your development workflow stays unchanged.

From keystroke to transparency log

Every commit flows through six cryptographic checkpoints before it reaches your codebase.

Code Written

Developer or AI writes code

Bob Detects

Provenance Officer activates

Predicate Built

MCP assembles metadata

DSSE Signed

Envelope is signed

Rekor Logged

Transparency log anchors proof

Passport Ready

Chain of custody verifiable

Code Written

Developer or AI writes code

Bob Detects

Provenance Officer activates

Predicate Built

MCP assembles metadata

DSSE Signed

Envelope is signed

Rekor Logged

Transparency log anchors proof

Passport Ready

Chain of custody verifiable

Deep dive, step by step

Click each step to explore, or let it auto-advance every few seconds.

Step 1 of 6

Developer writes code

Human, AI-assisted, or fully autonomous

Code enters the repository through any authorship model. Pedigree does not change your workflow. It observes and records the authorship kind automatically.

step-1.example

// Developer writes a new API route
app.post('/api/users', async (req, res) => {
  const user = await db.users.create(req.body);
  res.json(user);
});

Three authorship scenarios

The predicate schema captures every point on the human-AI spectrum.

Human Only

Developer writes every line. No AI involvement. Agent and execution fields are absent.

authorship.kindhuman

humanShare1.0

AI-Assisted

Human and AI collaborate. humanShare records the fraction. Both agent and execution captured.

authorship.kindai-assisted

humanShare0.0 to 1.0

AI Autonomous

AI generates code independently. Human may approve but did not write. humanShare is null.

authorship.kindai-autonomous

humanSharenull

See it in action

Try the interactive demo. Sign a real code snippet with your chosen authorship scenario.

Try the Demo Setup Guide