AIIR Commit Receipt Specification

The normative specification for aiir/commit_receipt.v2 — the open format for tamper-evident AI authorship receipts.

Read SPEC.md on GitHub → JSON Schema →

Overview

The AIIR specification defines a content-addressed receipt format for recording AI involvement in git commits. A receipt is a JSON document with 6 core fields that are hashed using canonical JSON + SHA-256. Any modification to the core fields invalidates the receipt.

Spec version: 2.0.0
Schema identifier: aiir/commit_receipt.v2
Status: Stable
Permanent URL: invariantsystems.io/spec

Core fields

These 6 keys form the hash input — and only these 6:

Field Type Description
type string Always "aiir.commit_receipt"
schema string Schema identifier, e.g. "aiir/commit_receipt.v2"
version string SemVer of generating tool
commit object Git commit metadata (sha, author, committer, diff_hash, …)
ai_attestation object AI authorship detection results
provenance object Repository, tool, and generator identifiers

All other fields (receipt_id, content_hash, timestamp, extensions) are derived and do not affect the hash.

Canonical JSON

The canonical encoding ensures identical bytes for identical input:

  • Sorted keys — all object keys sorted lexicographically (recursive)
  • No whitespace — separators are , and :
  • ASCII-safe — all non-ASCII escaped as \uXXXX
  • Depth limit — 64 levels maximum

Python equivalent:

json.dumps(obj, sort_keys=True, separators=(",", ":"), ensure_ascii=True, allow_nan=False)

Deterministic CBOR

AIIR receipts may also be encoded as deterministic CBOR sidecars for compact binary transport. The canonical CBOR form preserves the same receipt semantics and must reproduce the same content hash as the canonical JSON verification path.

For interoperable implementations, use the published CBOR test vectors and a strict deterministic decoder. See the Resources section below for the reference vectors and SDKs.

Verification algorithm

  1. Validate receipt JSON structure and type fields
  2. Extract core = {k: v for k in CORE_KEYS}
  3. Compute content_hash = "sha256:" + hex(SHA-256(canonical_json(core)))
  4. Compute receipt_id = "g1-" + content_hash[7:39]
  5. Compare using constant-time comparison (prevent timing attacks)

Try the web verifier → Integrations

Resources

Governance

This specification is maintained by Invariant Systems, Inc. Changes follow Semantic Versioning and require corresponding updates to the reference implementation and test vectors. See §15 Specification Governance for the full change process.

Third-party implementations claiming AIIR compatibility should reference the spec version they conform to and pass all published test vectors. See TRADEMARK.md for badge usage guidelines.