Background

Why it exists

AI code needs provenance that survives the chat window.

Agent-assisted commits lose context fast.

Traditional audit trails can show that a workstation pushed a commit, but not whether an agent, model, CI task, or vendor tool produced the change. Matrix Scroll turns that gap into a signed commit envelope anyone can verify offline.

The protocol stays intentionally small: canonicalize the manifest, exclude the signature block, sign the bytes, publish the public key, and let anyone verify the result.

{
  "signature": {
    "schema": "matrixscroll.signature.v1",
    "algorithm": "ed25519",
    "device_id": "MS-EAB9-1217",
    "mode": "emulated",
    "signed_at": "2026-06-19T14:32:00Z",
    "public_key": "Vxee...",
    "value": "SQPM..."
  }
}