GRASP — Governed Reasoning And Signable Provenance

Try it in your browser: https://grasp-web-chi.vercel.app
Reference implementation of cryptographic causation for AI systems.
When an AI makes a decision that matters, three questions decide whether anyone
can trust the record of it: what did it decide, what did it believe when it
decided, and can every claim it made be checked against its source? GRASP
answers all three with tamper-evident, replayable, externally-anchorable
records — what an AI decided (a signed decision chain), what it believed
when it decided (a signed memory chain), and every outward claim it makes
(a deterministic citation-provenance floor) — bound together and falsifiable by
construction, so a skeptic (a regulator, opposing counsel, an auditor) can
independently refute or confirm them. The verifier is the math plus an external
party, never the AI. Don't trust it — witness it.
Where GRASP sits (the open-core family)
GRASP is the open proof layer of a wider stack. The position is open-core:
open-source the tools, licence the engine.
| Piece | What it is | Licence |
|---|
| GRASP (this repo) | The proof layer — the reference implementation of cryptographic causation (signed decision chain, signed memory chain, deterministic citation floor). | AGPL-3.0-only — open |
| HAPPI | The open protocol the stack speaks — a specification, not a black box. GRASP's cite.verify is pinned byte-compatible to the HAPPI cite.verify verb (happi/1.3). | Open standard (happi.md) |
| GRIP + HAL | The reasoning + provenance engine (GRIP) and the LLM-agnostic multi-provider substrate (HAL). Not required to produce or verify a GRASP record. | Licensed / private |
The load-bearing consequence for anyone relying on a record: GRASP records are
produced and re-verified by this open package alone — no GRIP runtime, no HAL,
no network, no account (see Verify a receipt below). The engine is licensed;
the tool that lets a skeptic check its work is not. Deeds, not words.
What is in the box
| Module | What it does |
|---|
grasp.idr | Signed Intent Decision Records (IDRs): flat-JSON envelopes, HMAC-SHA256 over a canonical body digest, predecessor hash-chaining, content addressing that excludes volatile metadata, JSONL persistence with POSIX locking. |
grasp.idr_forest | The forest that organises IDRs into a provenance graph rooted at exogenous anchors only (CI runs, human commits, cross-provider verdicts, pre-registered hypotheses), with an RFC-6962 Merkle root, O(log N) inclusion proofs, tamper-detecting verification, and deterministic replay. |
grasp.merkle | The RFC-6962 (Certificate Transparency) Merkle primitive: domain-separated leaf/node hashing, inclusion proofs, verification. |
grasp.context_chain / grasp.context_head | The signed memory/belief chain: append-only context-delta records with an atomic HEAD pointer, two-axis verification (per-node signatures + content-addressed blob presence), and a signed cross-reference (records_idr) into the decision chain. |
grasp.prove_it | The deterministic citation floor: every claim carries a verbatim quote; the engine verifies each quote exists in its cited source (exact → whitespace/typographic-flexible → not found), records exact character offsets, and renders a self-contained HTML artifact where every citation is clickable and a fabricated one renders red. |
grasp.cite_verify | The protocol twin of that floor — the same ladder as the cite.verify verb of the HAPPI protocol (happi/1.3), pinned byte-compatible by a cross-implementation agreement test. |
grasp.provenance | The composition: one prove-it run writes an IDR leaf into the decision chain and a cross-referencing node into the memory chain — fail-open, so recording problems never block the artifact. |
grasp.legal_receipt | A signed filing gate built on the floor: a legal deliverable is SAFE TO FILE only when every quote is provably present in its cited source; any fabricated citation makes the CLI exit 1. Never file a red. |
The three legs, and why they compose