Integrity model

Verifiable by anyone. Trusted by no one.

DarkMatter’s guarantees are mathematical, not contractual. Here is exactly what we claim — and how to verify it yourself.

Run the verifier →Read ENVELOPE_SPEC_V1

Three properties · non-negotiable

L101 / 03

Recorded outside the system

The record does not live inside your agent runtime, or inside the model provider. It lives in an independent layer neither party controls.

L202 / 03

Sealed at the moment it happens

Each event is cryptographically chained and signed client-side before transmission. Modification after the fact is mathematically detectable by anyone.

L303 / 03

Non-repudiation

Signed with keys only you hold. DarkMatter cannot forge a record on your behalf — non-repudiation by construction, not by policy.

Verification levels

L101

Verifiable record

SHA-256 payload hash + parent chain linkage. Tampering at any node breaks every downstream hash. Independent offline verifier included.

Default with every dm.commit() call. No extra steps.

L202

Independent verification

Signed checkpoint bundles anchored via OpenTimestamps. Timestamp proof lives outside DarkMatter’s infrastructure entirely.

Automatic. Every checkpoint batch is anchored and signed.

L303

Non-repudiation

Customer-held signing keys. Even DarkMatter cannot forge a record — only your key can sign a valid commit.

Available now. Generate a key with darkmatter keys generate.

What we claim · and what we don’t

We claim

Payload wasn’t altered after commit

The SHA-256 hash is computed client-side before transmission. Any modification breaks the hash. Verifiable offline.

We claim

Record predates any dispute

OpenTimestamps anchors checkpoint bundles to the Bitcoin blockchain. The timestamp proof is external and independently verifiable.

We claim (L3)

DarkMatter cannot forge a record

Customer-held Ed25519 keys sign the envelope before it reaches our servers. We never see the private key. We cannot produce a valid signature.

We do not claim

Payload confidentiality

Payloads are stored in plaintext by default. DarkMatter personnel with database access can read them. BYOK encryption addresses this for Enterprise customers.

Technical specification

Hash algorithm

SHA-256 · canonical JSON serialization

Signature algorithm

Ed25519 · ENVELOPE_SPEC_V1

Timestamp anchor

OpenTimestamps · Bitcoin blockchain

Key management

Customer-generated Ed25519 keypair · public key registered · private key never transmitted

Offline verifier

Open-source · github.com/darkmatter-hub/darkmatter-l3-example

Spec

ENVELOPE_SPEC_V1.md

Get started

Verify it yourself.

Download a proof bundle and run the offline verifier. No DarkMatter account required.

Run the verifier →Read the docs