AIIR with signed bundle evidence

A public implementation note for pairing AIIR receipts with Sigstore-style bundle workflows when stronger signed evidence is needed.

Status Draft public note. Narrow goal: keep AIIR's receipt as the source artifact, then attach stronger signed evidence as an optional release or CI layer.

Narrow goal

AIIR's baseline value is deterministic local verification. Signed bundle evidence is the optional second layer for cases where teams need cryptographic workflow identity, transparency-log linkage, or stronger release proof.

Illustrative shape

source change
  → aiir receipt.json
  → optional signature flow in CI
  → receipt.sigstore bundle
  → downstream verifier checks both layers

The receipt stays the canonical content artifact. The signed bundle adds stronger transport and provenance evidence around it.

Why this is a clean fit

Unsigned local verification stays available for every user.
Signed release evidence is additive, not a replacement for the receipt format.
Teams can choose the stronger path only where policy or release posture requires it.

Boundaries

This note does not claim AIIR must be signed to be useful.
This note does not define Sigstore semantics or registration policy.
This note does not claim signed evidence solves undeclared AI-use questions.

Next public step

If the shape is useful, the next public step is a small example showing a receipt, its bundle, and a verifier path that explains the difference between integrity and signed provenance.

See browser verification → Back to ecosystem →