szl-govsign — signed governance provenance

The signed-attestation lane the Kernel Hub leaders leave open. No major kernel publisher signs or attests its build artifacts or its governance verdict. szl-govsign produces an in-toto / DSSE signed governance attestation that binds an artifact digest (a szl-kernels UnifiedReceiptChain head, or a build manifest) to a custom governance predicate — Λ advisory verdict, MEASURED energy, honest-BLOCKED status, allow/block decision — signed with ECDSA P-256.

Part of the szl-kernels governed-kernel series. Where the suite gives you cross-kernel provenance, szl-govsign makes that provenance independently verifiable by a third party — sign it, ship it, verify it offline.

Quickstart

pip install kernels cryptography
from kernels import get_kernel

gs = get_kernel("SZLHOLDINGS/szl-govsign", revision="main", trust_remote_code=True)

print(gs.selfcheck())   # sign OK, verify OK, tamper-detected, honest-BLOCKED signed as BLOCKED

priv = gs.generate_ephemeral_keypair()        # production: Sigstore keyless / cosign key out-of-band
pred = gs.build_governance_predicate(
    lambda_verdict=gs.LambdaVerdict(score=0.92, notes="advisory only"),
    energy=gs.EnergyLabel(value=12.5, unit="joules"),       # MEASURED-only
    decision=gs.GovernanceDecision(status="ALLOWED", reason="passed gates"),
    honest_blocked=False,
)
subjects = [gs.Subject(name="szl_kernels/UnifiedReceiptChain", digest={"sha256": "..."})]
envelope = gs.attest(subjects, pred, priv)    # DSSE envelope (in-toto Statement)
assert gs.verify(envelope, priv.public_key()) # third-party-verifiable; tamper => False

What it proves — and what it does NOT

  • ✅ The signature proves authorship + integrity of the attestation (DSSE PAE + ECDSA P-256, spec-exact).
  • ❌ It does NOT prove Λ uniqueness — that remains Conjecture 1 (OPEN). The predicate's proven_trust field is structurally locked False: there is no code path that sets it True.
  • ❌ It does NOT upgrade an advisory verdict to "proven trust."
  • Energy is MEASURED-only — the energy label is structurally constrained to MEASURED; modeled/estimated/fabricated values are rejected at construction.
  • honest-BLOCKED — a BLOCKED verdict is signed as BLOCKED; the builder refuses to sign a flipped verdict.

API

Symbol What it does
build_governance_predicate(...) Assemble the https://szl.holdings/governance/v1 predicate (doctrine-enforced).
LambdaVerdict / EnergyLabel / GovernanceDecision Typed predicate parts; proven_trust locked False, energy MEASURED-only, decision ∈ {ALLOWED, BLOCKED}.
Subject, build_statement(...) in-toto v1 Statement (subjects + predicate).
attest(subjects, predicate, private_key) Build + sign → DSSE envelope (ECDSA P-256, PAE per DSSE spec).
verify(envelope, public_key) Verify; fails closed (tamper/malformed → False).
generate_ephemeral_keypair(), public_key_pem(...) Demo keypair; no key material written to disk.
selfcheck() Signs, verifies, tampers, confirms verify FAILS, + honest-BLOCKED demo.

Production signing

The demo uses an ephemeral in-process keypair. In production, signing is keyless via Sigstore (Fulcio short-lived cert + Rekor transparency log) or a real cosign key managed out-of-band — see the project spec. The envelope shape is unchanged.

Honesty & prior art

  • Imports: Python stdlib + cryptography only. Python 3.9+.
  • Prior art attributed: the in-toto attestation framework, DSSE, and Sigstore model-transparency. The https://szl.holdings/governance/v1 predicate is SZL's own.
  • Λ advisory (Conjecture 1, OPEN). Energy MEASURED-only. honest-BLOCKED beats fake green.

The governed-kernel series

Kernel Lane Live hologram
szl-kernels unified suite — cross-kernel UnifiedReceiptChain szl-kernels-livelive
szl-governed-norm RMSNorm/LayerNorm + receipts governed-norm-hololive
szl-lambda-gate advisory Λ gate (Conjecture 1, OPEN) lambda-gate-hololive
governed-inference-meter MEASURED-joule energy accounting energy-attest-hololive
szl-govsign signed governance attestation (DSSE / in-toto) szl-govsign-livelive
szl-blocked honest-BLOCKED first-class state + EU AI Act Annex IV szl-blocked-livelive

Interactive demo

Live demos (in-browser)szl-govsign-live (this kernel's DSSE sign/verify demo) · szl-kernels-live (unified suite demo). Live governed inference: a11oy · hatun-mcp.

Related — Governed Kernels collection: Governed Kernels — verifiable AI building blocks groups the whole family in one page. Live console: a11oy · a-11-oy.com · llm-router · receipt verifier · receipt spec (hub).

License

Apache-2.0. Copyright 2026 SZL Holdings.


SZL Holdings · signed governance provenance · in-toto/DSSE · Λ advisory (Conjecture 1) · energy MEASURED-only · a-11-oy.com · github.com/szl-holdings · huggingface.co/SZLHOLDINGS


DOI

Citation

Cite this. Part of the SZL Holdings Ouroboros Thesis (Governed Post-Determinism).
Concept DOI (always-latest): 10.5281/zenodo.19944926.
Author: Stephen P. Lutar Jr. · ORCID 0009-0001-0110-4173 · License CC-BY-4.0.
Full DOI-pinned lineage (v1→v26) + the 8 papers: szl-papers PAPERS_INDEX.
No artifact-specific DOI is minted for this model; the concept DOI above covers the program.

Honesty (Doctrine v11): Λ unconditional uniqueness is Conjecture 1 (machine-checked FALSE as stated) — never a theorem; conditional uniqueness is Theorem U (axiom-free). Locked-proven formulas = exactly 8 {F1,F4,F7,F11,F12,F18,F19,F22}; ~185 experimental theorems are a separate CI-green tier; Khipu BFT safety = Conjecture 2. Trust never 100%.

@misc{lutar_szl_ouroboros,
  author    = {Lutar, Stephen P., Jr.},
  title     = {SZL Holdings --- The Ouroboros Thesis (Governed Post-Determinism)},
  year      = {2026},
  publisher = {Zenodo},
  doi       = {10.5281/zenodo.19944926},
  url       = {https://doi.org/10.5281/zenodo.19944926},
  note      = {Concept DOI --- always resolves to the latest version. ORCID 0009-0001-0110-4173. CC-BY-4.0.}
}

Signed-off-by: Stephen Lutar stephenlutar2@gmail.com

Files in this repo

Path What it is
build/torch-universal/szl_govsign/__init__.py public API
build/torch-universal/szl_govsign/envelope.py DSSE envelope build/sign/verify (ECDSA P-256)
build/torch-universal/szl_govsign/pae.py DSSE PAE v1 encoding
build/torch-universal/szl_govsign/predicate.py governance predicate builder (Λ advisory · MEASURED energy · honest-BLOCKED)
build/torch-universal/szl_govsign/selfcheck.py one-shot sign/verify/tamper selfcheck
build.toml · metadata.json Kernel Hub build/metadata manifests
LICENSE · SECURITY.md Apache-2.0 · security policy
Downloads last month
-
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support

Spaces using SZLHOLDINGS/szl-govsign 2

Collection including SZLHOLDINGS/szl-govsign