AIIR as a source attestation attachment

A public implementation note for attaching an AIIR receipt to a source attestation flow without redefining the rest of the attestation model.

Status Draft public note. Narrow goal: attach one more declared-AI receipt to a source attestation example, not replace source attestation, build provenance, or broader SLSA semantics.

Narrow goal

Source attestation already needs to answer who changed what, when, and from which source state. AIIR adds a narrower question: was AI involvement declared for this source change, and is that declaration tied to a verifiable receipt?

The claim is intentionally narrow. This page is about attaching a verifiable AIIR receipt alongside a source attestation flow, not about making AIIR part of SLSA itself.

Illustrative shape

The smallest public example is not a new source provenance schema. It is the same AIIR in-toto Statement v1 fragment attached alongside a source attestation flow:

{
	"_type": "https://in-toto.io/Statement/v1",
	"subject": [
		{
			"name": "https://github.com/example/repo@abc123...",
			"digest": { "gitCommit": "abc123..." }
		}
	],
	"predicateType": "https://invariantsystems.io/predicates/aiir/commit_receipt/v2",
	"predicate": {
		"type": "aiir.commit_receipt",
		"schema": "aiir/commit_receipt.v2",
		"declared_ai": true
	}
}

The source attestation remains a source attestation. AIIR contributes one more verifiable fact rather than a replacement schema. The fuller predicate example lives at AIIR commit receipt predicate v2.

Why this is useful

  • Teams can reason about declared AI involvement without changing the rest of their attestation flow.
  • The example stays compatible with a local-first workflow because the receipt can be generated before CI.
  • The added field or attachment can be ignored by systems that do not care about it yet.

Boundaries

  • This note does not claim AIIR becomes a source attestation or build provenance standard.
  • This note does not claim any SLSA level by itself.
  • This note does not claim a complete end-to-end ecosystem mapping by itself.
  • This note does not claim undeclared AI use can be inferred from the added field.

Next public step

If the shape is useful, the next public step is a tiny example artifact or issue that shows one source attestation plus one attached AIIR Statement.

See predicate example → See in-toto policy input → Back to ecosystem →