Instructions to use SZLHOLDINGS/szl-govsign with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- Kernels
How to use SZLHOLDINGS/szl-govsign with Kernels:
# !pip install kernels from kernels import get_kernel kernel = get_kernel("SZLHOLDINGS/szl-govsign") - Notebooks
- Google Colab
- Kaggle
szl-govsign — signed governance provenance
The signed-attestation lane the Kernel Hub leaders leave open. No major kernel publisher signs or attests its build artifacts or its governance verdict. szl-govsign produces an in-toto / DSSE signed governance attestation that binds an artifact digest (a szl-kernels UnifiedReceiptChain head, or a build manifest) to a custom governance predicate — Λ advisory verdict, MEASURED energy, honest-BLOCKED status, allow/block decision — signed with ECDSA P-256.
Part of the
szl-kernelsgoverned-kernel series. Where the suite gives you cross-kernel provenance,szl-govsignmakes that provenance independently verifiable by a third party — sign it, ship it, verify it offline.
Quickstart
pip install kernels cryptography
from kernels import get_kernel
gs = get_kernel("SZLHOLDINGS/szl-govsign", revision="main", trust_remote_code=True)
print(gs.selfcheck()) # sign OK, verify OK, tamper-detected, honest-BLOCKED signed as BLOCKED
priv = gs.generate_ephemeral_keypair() # production: Sigstore keyless / cosign key out-of-band
pred = gs.build_governance_predicate(
lambda_verdict=gs.LambdaVerdict(score=0.92, notes="advisory only"),
energy=gs.EnergyLabel(value=12.5, unit="joules"), # MEASURED-only
decision=gs.GovernanceDecision(status="ALLOWED", reason="passed gates"),
honest_blocked=False,
)
subjects = [gs.Subject(name="szl_kernels/UnifiedReceiptChain", digest={"sha256": "..."})]
envelope = gs.attest(subjects, pred, priv) # DSSE envelope (in-toto Statement)
assert gs.verify(envelope, priv.public_key()) # third-party-verifiable; tamper => False
What it proves — and what it does NOT
- ✅ The signature proves authorship + integrity of the attestation (DSSE PAE + ECDSA P-256, spec-exact).
- ❌ It does NOT prove Λ uniqueness — that remains Conjecture 1 (OPEN). The predicate's
proven_trustfield is structurally lockedFalse: there is no code path that sets it True. - ❌ It does NOT upgrade an advisory verdict to "proven trust."
- Energy is MEASURED-only — the energy label is structurally constrained to
MEASURED; modeled/estimated/fabricated values are rejected at construction. - honest-BLOCKED — a BLOCKED verdict is signed as BLOCKED; the builder refuses to sign a flipped verdict.
API
| Symbol | What it does |
|---|---|
build_governance_predicate(...) |
Assemble the https://szl.holdings/governance/v1 predicate (doctrine-enforced). |
LambdaVerdict / EnergyLabel / GovernanceDecision |
Typed predicate parts; proven_trust locked False, energy MEASURED-only, decision ∈ {ALLOWED, BLOCKED}. |
Subject, build_statement(...) |
in-toto v1 Statement (subjects + predicate). |
attest(subjects, predicate, private_key) |
Build + sign → DSSE envelope (ECDSA P-256, PAE per DSSE spec). |
verify(envelope, public_key) |
Verify; fails closed (tamper/malformed → False). |
generate_ephemeral_keypair(), public_key_pem(...) |
Demo keypair; no key material written to disk. |
selfcheck() |
Signs, verifies, tampers, confirms verify FAILS, + honest-BLOCKED demo. |
Production signing
The demo uses an ephemeral in-process keypair. In production, signing is keyless via Sigstore (Fulcio short-lived cert + Rekor transparency log) or a real cosign key managed out-of-band — see the project spec. The envelope shape is unchanged.
Honesty & prior art
- Imports: Python stdlib +
cryptographyonly. Python 3.9+. - Prior art attributed: the in-toto attestation framework, DSSE, and Sigstore model-transparency. The
https://szl.holdings/governance/v1predicate is SZL's own. - Λ advisory (Conjecture 1, OPEN). Energy MEASURED-only. honest-BLOCKED beats fake green.
The governed-kernel series
| Kernel | Lane | Live hologram |
|---|---|---|
szl-kernels |
unified suite — cross-kernel UnifiedReceiptChain |
szl-kernels-live ✅ live |
szl-governed-norm |
RMSNorm/LayerNorm + receipts | governed-norm-holo ✅ live |
szl-lambda-gate |
advisory Λ gate (Conjecture 1, OPEN) | lambda-gate-holo ✅ live |
governed-inference-meter |
MEASURED-joule energy accounting | energy-attest-holo ✅ live |
szl-govsign |
signed governance attestation (DSSE / in-toto) | szl-govsign-live ✅ live |
szl-blocked |
honest-BLOCKED first-class state + EU AI Act Annex IV | szl-blocked-live ✅ live |
Interactive demo
Live demos (in-browser) —
szl-govsign-live(this kernel's DSSE sign/verify demo) ·szl-kernels-live(unified suite demo). Live governed inference: a11oy · hatun-mcp.
Related — Governed Kernels collection: Governed Kernels — verifiable AI building blocks groups the whole family in one page. Live console: a11oy · a-11-oy.com · llm-router · receipt verifier · receipt spec (hub).
License
Apache-2.0. Copyright 2026 SZL Holdings.
SZL Holdings · signed governance provenance · in-toto/DSSE · Λ advisory (Conjecture 1) · energy MEASURED-only · a-11-oy.com · github.com/szl-holdings · huggingface.co/SZLHOLDINGS
Citation
Cite this. Part of the SZL Holdings Ouroboros Thesis (Governed Post-Determinism).
Concept DOI (always-latest): 10.5281/zenodo.19944926.
Author: Stephen P. Lutar Jr. · ORCID 0009-0001-0110-4173 · License CC-BY-4.0.
Full DOI-pinned lineage (v1→v26) + the 8 papers: szl-papers PAPERS_INDEX.
No artifact-specific DOI is minted for this model; the concept DOI above covers the program.
Honesty (Doctrine v11): Λ unconditional uniqueness is Conjecture 1 (machine-checked FALSE as stated) — never a theorem; conditional uniqueness is Theorem U (axiom-free). Locked-proven formulas = exactly 8 {F1,F4,F7,F11,F12,F18,F19,F22}; ~185 experimental theorems are a separate CI-green tier; Khipu BFT safety = Conjecture 2. Trust never 100%.
@misc{lutar_szl_ouroboros,
author = {Lutar, Stephen P., Jr.},
title = {SZL Holdings --- The Ouroboros Thesis (Governed Post-Determinism)},
year = {2026},
publisher = {Zenodo},
doi = {10.5281/zenodo.19944926},
url = {https://doi.org/10.5281/zenodo.19944926},
note = {Concept DOI --- always resolves to the latest version. ORCID 0009-0001-0110-4173. CC-BY-4.0.}
}
Signed-off-by: Stephen Lutar stephenlutar2@gmail.com
Files in this repo
| Path | What it is |
|---|---|
build/torch-universal/szl_govsign/__init__.py |
public API |
build/torch-universal/szl_govsign/envelope.py |
DSSE envelope build/sign/verify (ECDSA P-256) |
build/torch-universal/szl_govsign/pae.py |
DSSE PAE v1 encoding |
build/torch-universal/szl_govsign/predicate.py |
governance predicate builder (Λ advisory · MEASURED energy · honest-BLOCKED) |
build/torch-universal/szl_govsign/selfcheck.py |
one-shot sign/verify/tamper selfcheck |
build.toml · metadata.json |
Kernel Hub build/metadata manifests |
LICENSE · SECURITY.md |
Apache-2.0 · security policy |
- Downloads last month
- -