The AI Integrity & Verification Protocol.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for aixv from gravatar.com aixv

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: AIXV Foundation
  • Tags ai , integrity , provenance , security , supply-chain , verification
  • Requires: Python >=3.8
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

AIXV logo

AIXV - AI Integrity Exchange & Verification

CI Conformance CodeQL Scorecard Workflow PyPI version

AIXV is an open standard for AI artifact attestation, provenance, rollback, compromise detection, and investigation.

In practical terms, AIXV helps organizations answer high-stakes questions before deploying or accepting AI artifacts:

  • What exactly is this artifact?
  • Who produced or approved it?
  • What evidence supports trusting it?
  • Is it currently affected by an advisory or policy violation?
  • If compromised, what is the safest rollback path?

AIXV is built for three audiences that need shared, verifiable answers:

  • Technical teams: deterministic verification and machine-readable admission decisions.
  • Enterprise and public-sector risk owners: auditable evidence, policy controls, and incident traceability.
  • Policy, governance, and assurance functions: explicit trust assumptions, conformance checks, and compatibility contracts.

AIXV composes Sigstore cryptographic primitives and adds AI-native semantics:

  • artifact typing,
  • lineage graphs,
  • ML-specific attestations,
  • advisory/recall workflows,
  • and policy-driven verification.

Release Posture

Current maturity: Pre-alpha.

This repository is a functional preview of the AIXV standard, but not yet a final ratified standard release.

Stable enough for pilot evaluation

  • Core primitives and schemas:
    • SignedRecord (aixv.signed-record/v1)
    • VerifyPolicy (aixv.policy/v1)
    • AdmissionDecision
  • Fail-closed verification and policy semantics.
  • Deterministic JSON output mode (--json) with tested contract behavior.
  • CI quality gates (ruff, mypy, pytest, build).

Still evolving

  • Broader conformance vector coverage and certification workflow.
  • Formal governance and external audit signals.
  • Wider ecosystem integrations and migration tooling.

Adoption Signals

For security and procurement reviews, the strongest immediate signals are:

  • aixv conformance --json produces a machine-readable conformance report.
  • docs/THREAT_MODEL.md, SECURITY.md, and docs/COMPATIBILITY.md define trust, reporting, and compatibility expectations.
  • CI enforces lint, typing, tests, build, and dedicated conformance workflow checks.
  • Scorecard and CodeQL workflows provide continuous security posture visibility in GitHub Security.

Standards and Security Docs

  • docs/AIXV_STANDARD.md
  • docs/NORMATIVE_CORE.md
  • docs/QUALITY_BAR.md
  • docs/THREAT_MODEL.md
  • SECURITY.md
  • docs/COMPATIBILITY.md
  • docs/TERMINOLOGY.md
  • docs/REGISTRIES.md
  • docs/PROFILES.md
  • docs/CONFORMANCE.md
  • docs/GOVERNANCE.md
  • docs/REPO_CONTROLS.md
  • RELEASE.md

Installation

pip install aixv

Quickstart (Core Flow)

# 1) Sign an artifact
aixv sign model.safetensors --identity-token-env SIGSTORE_ID_TOKEN

# 2) Create and sign a policy record
aixv policy create --input policy.json --sign

# 3) Verify artifact with signed policy + trusted policy signer
aixv verify model.safetensors \
  --policy .aixv/policies/policy.json \
  --policy-trusted-subject security-policy@aixv.org \
  --json

# 4) Run conformance checks
aixv conformance --json

CLI Surface

aixv version
aixv sign model.safetensors --identity-token-env SIGSTORE_ID_TOKEN
aixv verify model.safetensors --identity alice@example.com --issuer https://accounts.google.com
aixv attest model.safetensors --predicate training --input training.json
aixv provenance model.safetensors --depth 3
aixv advisory create --advisory-id ADV-2026-0001 --severity critical --input advisory.json --sign
aixv advisory verify .aixv/advisories/ADV-2026-0001.json --trusted-subject security@aixv.org
aixv policy create --input policy.json --sign
aixv policy verify .aixv/policies/policy.json --trusted-subject security-policy@aixv.org
aixv record create --kind waiver --record-id WVR-2026-01 --input waiver.json --sign
aixv record verify .aixv/policies/policy.json --kind policy --trusted-subject security-policy@aixv.org
aixv conformance --json
aixv rollback model-v2.safetensors --to sha256:...
aixv export model.safetensors --format in-toto

Policy Example

{
  "policy_type": "aixv.policy/v1",
  "allow_subjects": ["alice@example.com"],
  "allow_issuers": ["https://accounts.google.com"],
  "advisory_allow_subjects": ["security@aixv.org"],
  "max_bundle_age_days": 30,
  "deny_advisory_severity_at_or_above": "high",
  "require_no_active_advisories": false,
  "require_signed_advisories": true
}

Development

git clone https://github.com/aixv-org/aixv.git
cd aixv
python3 -m venv .venv
. .venv/bin/activate
pip install -e '.[dev]'

Quality Gates

ruff check .
ruff format --check .
mypy src
pytest
python -m build

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for aixv from gravatar.com aixv

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: AIXV Foundation
  • Tags ai , integrity , provenance , security , supply-chain , verification
  • Requires: Python >=3.8
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.2.1

This version

0.2.0

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aixv-0.2.0.tar.gz (34.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

aixv-0.2.0-py3-none-any.whl (20.9 kB view details)

Uploaded Python 3

File details

Details for the file aixv-0.2.0.tar.gz.

File metadata

  • Download URL: aixv-0.2.0.tar.gz
  • Upload date:
  • Size: 34.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for aixv-0.2.0.tar.gz
Algorithm Hash digest
SHA256 b8dda38f032348b0a35bb6306867d94404cab03464de6f2b5f665c3821a47c4e
MD5 d57fd4dc6548a2d6b84c18dc4fbf356b
BLAKE2b-256 f368d97095d1928fb56dc1c4f43b8ffee96c6742b0d688ec71041a2e440f1de2

See more details on using hashes here.

Provenance

The following attestation bundles were made for aixv-0.2.0.tar.gz:

Publisher: publish.yml on AIXV-org/aixv

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file aixv-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: aixv-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 20.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for aixv-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 d9f61216f99e6f148bd90626d6d7fb10db9b308a23d6c06e156cc72e1203cc1f
MD5 8719f1305fc2619972b09b1ed542bf5a
BLAKE2b-256 bd48df3ff4f0935ba4145f5dd59beded9c2a45605ed13db66eca4fb6ef9b0aab

See more details on using hashes here.

Provenance

The following attestation bundles were made for aixv-0.2.0-py3-none-any.whl:

Publisher: publish.yml on AIXV-org/aixv

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page