From Invariant Systems: cryptographic infrastructure for AI-era engineering.
Tamper-evident provenance for AI-assisted code · Apache 2.0
AIIR: AI Integrity Receipts
Deterministic, locally verifiable receipts for declared AI involvement in every commit. No account required.
pip install aiir
aiir --pretty
aiir --verify .aiir/receipts.jsonl
Latest: v1.6.0 · Python 3.9+ ·
Same commit metadata produces the same receipt. Verify locally, in CI, in the browser, or offline. No hosted service required.
Published to PyPI · GitHub Marketplace · GitLab CI/CD Catalog · VS Code Marketplace · OpenSSF Scorecard
About Invariant Systems · Company directions · Read the spec
Generate → Verify anywhere → Add CI when needed
1 Generate a deterministic receipt
$ aiir --pretty
┌─ Receipt: g1-a3f8b2c1d4e5...
│ Commit: c4dec85630
│ AI: YES (copilot)
│ Hash: sha256:7f3a8b...
└──────────────────────────────2 Verify independently
$ aiir --verify .aiir/receipts.jsonl
✅ Receipt g1-a3f8b2c1... VALID
Hash matches. 0 tampering detected.
Receipt core is intact.3 Add CI signing when you need it
# .github/workflows/aiir.yml
- uses: invariant-systems-ai/aiir@a54fe440a2be18fe51ad30149f1bbab944d578e5 # v1
with:
output-dir: .receipts/
# → signed receipts uploaded as artifactsTry the browser verifier →. Paste any JSON receipt; verification runs client-side. No upload. No account.
What AIIR does and does not do
What it does
AIIR records declared AI involvement in a commit and produces a deterministic receipt that can be verified locally, in CI, in the browser, or offline.
What it does not do
AIIR does not attempt to prove hidden AI usage. Detection signals are optional enrichment, not the authoritative source of truth.
How it works
Declare AI involvement
Use commit trailers, bot metadata, or editor and assistant workflows that carry AI context into commit metadata.
AIIR generates a deterministic receipt
AIIR records the declared AI context and creates a content-addressed receipt for the commit with stable hashes and receipt IDs.
Verify anywhere
Verify locally in the CLI, in the browser, or later in CI. Change any core field and the receipt breaks. No central service is required to check it.
A real receipt
This is a sample receipt. Real receipts are deterministic for the same commit metadata; the page rotates demo values for presentation only.
┌─ Receipt: g1-a3f8b2c1d4e5f6a7...
│ Commit: c4dec8563023
│ Subject: feat: add auth middleware
│ Author: Jane Dev <jane@example.com>
│ Files: 4 changed
│ AI: YES (message_match:co-authored-by: copilot)
│ Hash: sha256:7f3a8b...
│ Time: 2026-03-07T09:48:59Z
│ Signed: optional (CI / release)
└──────────────────────────────────────────Who it's for
Developers
Use pip install aiir to generate and verify declared AI provenance per commit in one repository.
Takes 30 seconds. Works offline. No account required.
Security & Release Owners
Tamper-evident commit proof with SHA-256 hashing, optional Sigstore signing, and structured JSONL output for release checks, incident review, and durable audit trails.
Security posture →Teams & CI
GitHub Action and GitLab CI for automated receipts on every push. Keep receipts in your repo or artifact store, export JSONL for your own tooling, and add policy gates without sending code to a third-party service.
See integrations →One kernel, multiple trust layers
Everything in AIIR hangs off one core: receipts plus verification. Assurance features and integrations sit around the same receipt format instead of redefining the product.
Receipts + verification
The product identity: deterministic proof for declared AI involvement
- Deterministic receipt generation
- Canonical JSON + SHA-256 hashing
- Stable receipt IDs
- Independent local and offline verification
- Append-only JSONL ledger
- Deterministic CBOR envelope (RFC 8949)
Trust amplifiers
Optional when you need stronger release or policy evidence
- Sigstore keyless signing in CI
- Policy presets for stricter gates
- Release verification + VSA emission
- Published release-evidence verification
- GitHub Action + GitLab CI templates
Surfaces around the kernel
Multiple ways to emit and verify the same receipt format
- CLI + VS Code extension
- GitHub Action + GitLab CI
- MCP server + local automation
- Browser verifier for shareable proof checks
- Optional signal enrichment
Detection is enrichment, not proof of hidden AI usage. The kernel remains the same: declared AI involvement, recorded as a deterministic receipt and verified independently.
Built for trust
Numbers you can verify. Every stat maps to a public CI run or an open-source file you can audit.
Last reviewed: 2026-06-04 · Release Health → · Security posture →
Multiple operator surfaces, one receipt format
Start with the CLI, then add the surface that matches how your team works. Every path emits the same content-addressed receipt.
💻 CLI
pip install aiir is the zero-dependency CLI path. Receipt commits, verify locally, and
keep the first workflow simple.
🧩 VS Code Extension
The local-first operator surface for one repo. Record the current commit, inspect receipts, and carry AI tool context directly from the editor. Install from Marketplace →
⚙️ CI/CD
GitHub Action, GitLab component, and templates for the rest. Add repeatable pipeline receipts and optional Sigstore signing when you need stronger release evidence.
🤖 AI assistants via MCP
Let Copilot, Claude, Cursor, Continue, Cline, Windsurf, or another MCP client call the same local AIIR install. Assistant workflow, same receipt format.
See all integrations → including Azure Pipelines, Bitbucket, CircleCI, Jenkins, and policy engines.
Quick start
# CLI - receipt your last commit
pip install aiir
aiir --pretty
# Receipt a whole PR branch
aiir --range origin/main..HEAD --pretty
# Sign receipts with Sigstore
aiir --sign --output .receipts/
# GitHub Action (CI gate - signing on by default)
uses: invariant-systems-ai/aiir@a54fe440a2be18fe51ad30149f1bbab944d578e5 # v1
# GitLab CI/CD component
include:
- component: gitlab.com/invariant-systems/aiir/receipt@1Why this matters
AI tools are now part of ordinary development. Copilot, ChatGPT, Claude, Cursor, and others all feed into
git commit, but the durable record is still usually thin: a trailer, a bot author, or nothing.
Sooner or later someone asks: "Which commits involved AI tools, and what can you actually prove from the record?"
AIIR answers that question for every commit with declared AI markers. One command. Zero runtime dependencies. Apache 2.0.
See how AIIR compares to other provenance formats in the landscape overview, or review the conformance guide to build your own verifier.
- Records: Commits with declared AI markers including
Co-authored-by: Copilot,Generated-by:trailers, bot authors likedependabot, and 40+ known AI-tool signals in git metadata. - Does not prove: Silent copy-paste from ChatGPT, Copilot inline completions with no trailer, squash merges that strip markers, or amended commits that remove signals.
Signal enrichment is heuristic. Receipts prove what was declared, not what was silently used. See the threat model.
Stay in the loop
Product updates, rollout availability, and compliance deadlines. No spam. Unsubscribe anytime.
🔒 We never share your email.
Need help or want to engage?
Bug reports
File reproducible product bugs in the public tracker so fixes, regressions, and workarounds stay visible.
Questions and ideas
Use discussions for implementation questions, rollout feedback, and community conversation around AIIR.
Security reports
Do not post vulnerabilities publicly. Use the coordinated disclosure path with our published policy and response target.
Company
Invariant Systems, Inc. is a Delaware C-Corp building receipt-based provenance systems for AI-assisted software and adjacent audit workflows.
AIIR is the current product surface. The public research line extends the same receipt model to inference receipts and receipted actions; see Research.