Background
Why it exists
AI code needs provenance that survives the chat window.
Agent-assisted commits lose context fast.
Traditional audit trails can show that a workstation pushed a commit, but not whether an agent, model, CI task, or vendor tool produced the change. Matrix Scroll turns that gap into a signed commit envelope anyone can verify offline.
The protocol stays intentionally small: canonicalize the manifest, exclude the signature block, sign the bytes, publish the public key, and let anyone verify the result.
{
"signature": {
"schema": "matrixscroll.signature.v1",
"algorithm": "ed25519",
"device_id": "MS-EAB9-1217",
"mode": "emulated",
"signed_at": "2026-06-19T14:32:00Z",
"public_key": "Vxee...",
"value": "SQPM..."
}
}