Matrix Scroll โ€“ sign AI-generated code changes with Ed25519, verify offline Matrix Scroll, an open protocol for signing AI-generated code changes, has been released. It uses Ed25519 cryptographic signatures to verify code provenance offline, with a reference implementation in Python and planned hardware support via NXP SE050 secure elements. The protocol aims to provide a software root of trust for AI-assisted development workflows. Open protocol for signed AI-assisted code provenance. Every AI-generated change in your IDE can be cryptographically signed by an Ed25519 identity and verified offline with a public key and one command. The v0.1.x reference implementation ships a well-tested software root of trust; SSX360/NXP SE050 hardware signing is the compatible reference-device path in progress. - ๐Ÿ“œ Spec: โ€” wire format, canonical encoding, schemas. SPEC.md - ๐Ÿ›ก Agentic AI controls: maps Matrix Scroll to the joint docs/AGENTIC AI SECURITY.md Careful Adoption of Agentic AI Services guidance. - ๐Ÿ” Algorithm: Ed25519 RFC 8032 . Private keys are never exposed by the SDK API. - ๐Ÿงช Conformance vectors: โ€” for non-Python implementations. vectors/ - ๐ŸŒ Site: https://matrixscroll.com https://matrixscroll.com - ๐Ÿ”ง Reference device: SSX360 https://matrixscroll.com/device NXP SE050 hardware path in progress . pip install matrixscroll python import matrixscroll What identity is active on this machine? print matrixscroll.status {'schema': 'matrixscroll.identity.v1', 'available': True, 'mode': 'emulated', 'device id': 'MS-A3F2-9C81', ...} Sign anything a release manifest, a commit envelope, a SBOM, an evidence pack signed = matrixscroll.sign manifest {"release": "v1.0.0", "artifacts": ... } Verify, anywhere, offline assert matrixscroll.verify manifest signed bash $ matrixscroll status { "available": true, "device id": "MS-A3F2-9C81", "mode": "emulated", "public key": "...", "schema": "matrixscroll.identity.v1" } $ matrixscroll sign release.json release.signed.json $ matrixscroll verify release.signed.json {"device id": "MS-A3F2-9C81", "mode": "emulated", "ok": true, "signed at": "..."} matrixscroll verify exits 0 on a valid signature, 2 on any failure tampered manifest, missing signature block, wrong schema/algorithm, mismatched device id, malformed public key, unreadable file . Pipe it from CI without parsing the output. your IDE / agent / CI โ”‚ โ”‚ manifest release, commit, evidence pack, SBOM, anything โ–ผ matrixscroll.sign manifest ... โ”‚ โ”‚ canonical JSON sorted keys, ASCII-escaped, no NaN, โ”‚ signature block excluded from input โ–ผ IdentityProvider โ”€โ”€โ–บ Ed25519 signature Emulated today, SSX360 / SE050 tomorrow โ”‚ โ–ผ signed manifest โ”€โ”€โ–บ matrixscroll.verify manifest ... anyone, anywhere, offline The same Python API is designed to serve the local software emulator and the physical SSX360 device path. Switch with the MATRIXSCROLL MODE environment variable; in v0.1.x, hardware mode reports unavailable until the SE050 transport ships. | Level | Provider | Backed by | Status | |---|---|---|---| L1 Emulated | EmulatedProvider | Software key, file-backed 0600 | โœ… Shipping | L2 Hardware | HardwareProvider | NXP SE050 secure element SSX360 | ๐Ÿ›  Stage-0 prototype | L3 Attested | future | L2 + remote attestation | ๐Ÿ—บ Roadmap | status exposes the active level via the mode and available fields so read-only dashboards can render before the hardware path is wired. - Emulated key store: ~/.matrixscroll/device.json override with MATRIXSCROLL HOME . - The directory is created 0700 ; the seed file is opened 0600 with O CREAT|O EXCL so the private seed is never momentarily world-readable and a race cannot silently clobber an existing key store. - A corrupt or truncated store fails loud IdentityError rather than silently minting a fresh identity. Identity rotation is an explicit operation. - The planned hardware path holds nothing private on disk โ€” the seed is sealed in the secure element. In v0.1.x, this path is a typed availability stub. Matrix Scroll is a protocol. This Python package is the reference. We welcome implementations in Rust, Go, TypeScript, and embedded C โ€” run them against vectors/ /SSX360/matrixscroll/blob/main/vectors to self-certify. See CONTRIBUTING.md .The repo includes a machine-readable control matrix at controls/agentic ai controls.json /SSX360/matrixscroll/blob/main/controls/agentic ai controls.json , an example bounded-agent evidence manifest at , and executable checks in /SSX360/matrixscroll/blob/main/examples/agentic ai evidence manifest.json examples/agentic ai evidence manifest.json tests/test agentic guidance.py . These prove each claim maps to repo evidence and that signed agent scope changes fail verify.- Code: Apache-2.0 LICENSE . - Specification text SPEC.md , vectors/ : CC0 1.0 โ€” public domain. See SECURITY.md /SSX360/matrixscroll/blob/main/SECURITY.md . Report vulnerabilities privately to or via a GitHub Security Advisory.