Evidentiary infrastructure prototype for AI systems.
CEYO explores cryptographic verification and governance architecture for autonomous and AI-driven systems. The project focuses on generating neutral, verifiable records that allow independent validation of AI decisions without modifying the underlying model or exposing proprietary system details.
The goal is to enable trusted oversight, auditing, and verification of AI outcomes through deterministic artifact generation and cryptographic sealing.
CEYO operates as a neutral evidentiary layer attached to an AI inference boundary. It captures policy-scoped decision records and produces deterministic, cryptographically sealed artifacts that can be independently verified.
AI System Inference
↓
Policy-Scoped Capture
↓
Deterministic Canonicalization (RFC 8785)
↓
SHA-256 Digest Generation
↓
ECDSA-P256 Cryptographic Seal
↓
CEYO Artifact Record
↓
Independent Verification
Independent parties can recompute canonicalization, hashing, and signature validation to confirm artifact integrity without requiring access to model weights or proprietary system internals.
As AI systems increasingly influence real-world decisions, independent verification becomes critical. However, most models operate as opaque systems where decisions cannot easily be audited or validated externally.
CEYO proposes a neutral evidentiary layer that records AI decision artifacts in a deterministic and verifiable way. These artifacts can later be validated by independent parties without requiring access to internal model weights or proprietary implementation details.
This repository contains the protocol specification, reference implementation components, and a minimal verification demonstration.
CEYO is built around several key principles.
Deterministic Artifact Generation
Records generated from AI decisions must be reproducible and consistent when canonicalized.
Cryptographic Sealing
Artifacts are hashed and digitally signed so that any alteration becomes detectable.
Policy-Scoped Data Capture
Only explicitly declared fields are recorded. Out-of-scope data is excluded by design.
Independent Verification
Third parties can recompute hashes and verify signatures without accessing the original AI system.
Model Neutrality
CEYO does not modify, instrument, or interfere with the underlying model.
CEYO artifacts are designed to provide cryptographic integrity verification of recorded AI decision artifacts.
CEYO does not attempt to:
• determine whether an AI decision is correct
• prove fairness or absence of bias
• certify regulatory compliance
• enforce governance policies
• control or modify AI model behavior
CEYO provides tamper-evident artifact records that enable independent verification of recorded decision data.
CEYO artifacts follow a simple verification pipeline.
- Record — Capture policy-scoped data from an AI decision
- Seal — Canonicalize the record and generate a cryptographic hash
- Verify — Independent parties recompute the hash and validate the signature
This workflow creates a tamper-evident record of an AI system’s output that can be validated long after the original decision occurred.
CEYO artifacts follow a structured envelope designed to support deterministic verification, policy-scoped data capture, and long-term auditability.
Each artifact represents a policy-scoped record of an AI system event. The artifact contains the captured event body along with metadata describing policy scope, canonicalization rules, and cryptographic integrity fields used to verify authenticity and detect tampering.
The canonical artifact schema is defined in:
docs/artifact-schema.json
The schema specifies the structure of evidentiary artifacts generated by CEYO systems and includes the following core components.
Schema Versioning
Artifacts include a schema version field allowing the artifact format to evolve while maintaining compatibility with previously generated artifacts.
Artifact Metadata
Identifiers, timestamps, and event references describing the AI decision being recorded.
Policy Scope Definition
Policy identifiers and policy version references defining which fields were permitted to be captured.
Canonicalization Metadata
Declarations describing how the artifact body was normalized prior to hashing.
Cryptographic Integrity Fields
Hash values and digital signatures used to seal the artifact.
Verification References
References to verification keys or trusted registries used to validate artifact signatures.
Separating the artifact schema into a dedicated specification file allows the schema to evolve independently while keeping repository documentation concise.
pip install .
For development (includes ruff, mypy, coverage):
pip install -e ".[dev]"
This installs the ceyo Python package and the ceyo CLI command.
ceyo seal example_artifact/sample_record.json --key my_private.pem
ceyo verify example_artifact/sealed_artifact.json example_artifact/public_key.pem
ceyo store list ceyo_artifacts.db
ceyo store verify-chain ceyo_artifacts.db
from ceyo import CeyoClient
from ceyo.keys import LocalKeyProvider
from ceyo.store import ArtifactStore
# Initialize with persistent keys and an append-only store
client = CeyoClient(
key_provider=LocalKeyProvider("keys/private.pem"),
store=ArtifactStore("artifacts.db"),
)
# Seal an artifact
envelope = client.seal({
"event": {
"event_id": "evt_001",
"type": "classification",
"occurred_at": "2026-03-09T12:00:00Z",
},
"disclosure_tier": "internal",
})
# Verify
result = client.verify(envelope)
assert result.ok
# Trace decorator — automatically seals an artifact per call
@client.trace(event_type="inference")
def predict(text):
return model(text)CEYO includes a minimal end-to-end demonstration.
ceyo seal example_artifact/sample_record.json --key example_artifact/private_key.pem -o example_artifact/sealed_artifact.json
Or use the legacy script: python3 seal_artifact.py
ceyo verify example_artifact/sealed_artifact.json example_artifact/public_key.pem
Expected output:
PASS: Schema valid
PASS: Hash matches
PASS: Signature valid
PASS: Key fingerprint matches
Verification PASSED
python3 demo.py
ceyo-protocol/
├── ceyo/ # Python SDK package
│ ├── cli.py # CLI entry point (ceyo seal/verify/store)
│ ├── client.py # CeyoClient with @trace decorator
│ ├── crypto.py # Canonicalization, hashing, base64url
│ ├── keys.py # Key providers (local PEM, in-memory, registry)
│ ├── schema.py # JSON Schema validation
│ ├── seal.py # Artifact sealing
│ ├── store.py # SQLite append-only store with hash chaining
│ └── verify.py # Artifact verification
├── docs/ # Protocol documentation and schemas
├── examples/ # SDK usage examples
├── scripts/ # Utility scripts
├── tests/ # Test suite
├── tools/ # Legacy CLI tools
├── example_artifact/ # Sample records
├── pyproject.toml # Package configuration
└── demo.py # End-to-end demo runner
The ceyo verify command and verify_artifact() function perform:
• JSON Schema envelope validation • RFC 8785 canonicalization • SHA-256 hash verification • ECDSA-P256 signature validation • Public key fingerprint matching
CEYO is an early-stage conceptual prototype exploring evidentiary infrastructure for AI systems.
The repository currently includes:
• protocol documentation
• artifact schema specification
• reference implementation components
• a minimal verification demonstration
CEYO is intended to explore architectural approaches for independently verifiable AI decision records.
It is not a production security system and should not be used for operational environments.
Public project site:
https://ndr-us.github.io/ceyo-site/
Copyright (c) 2026 Brian Covarrubias
All rights reserved.
This repository and its contents, including but not limited to code, documentation, architecture, specifications, and associated materials, are the intellectual property of Brian Covarrubias.
No part of this project may be copied, reproduced, modified, distributed, sublicensed, or used in any form without explicit written permission from the author.
The materials contained in this repository are provided for informational and evaluation purposes only and do not grant any license or rights to use the underlying intellectual property.
Unauthorized use of this material is strictly prohibited.