Open Protocol Ecosystem

Protocol locally.
Control plane at SSX360.

Matrix Scroll provides the core signing SDK and verification layer. Git hooks, Scroll Gate, the browser verifier, and the MCP server build on this layer — SSX360 hosts team policy, audit ledger, and evidence export.

Matrix Scroll Protocol

Free and open source

Sign edits inside developer environments, verify locally, commit and inspect signature integrity locally. PyPI 0.6.0 · MCP public · offline verify.

SSX360 Enterprise Control

Hosted Verification & Audit

Hosted verification engine. Sync rules globally, export evidence packs aligned to DORA, PCI DSS 4.0, SSDF, and EU AI Act record-keeping readiness — evidence mapping only, not a certification claim.

Core SDK & Wire Protocol

Matrix Scroll SDK

The foundation of the signing system. Writes canonical JSON envelopes, handles public key derivation, and runs fast client-side verification.

  • matrixscroll — Core Python package on PyPI (pip install matrixscroll)
  • Git Hooks — Local pre-commit scripts that sign AI-authored deltas
  • JSON Schemas — Public schemas defining the commit envelope format

CI/CD Gate

Scroll Gate CI

Runs as a GitHub Action to enforce repository-wide signing policies. Verifies entire pull request commit ranges before merging.

  • matrixscroll-verify-action — Official verification action
  • Verification Policies — Require specific signing modes and trusted public keys

Editor Integration

Matrix Scroll MCP

Model Context Protocol server for AI code assistants. Scans repositories to assess trust boundaries and configures hooks safely.

  • Trust Audits — Identifies unsigned commits and agent contribution ratios
  • Integration Scaffolding — Previews and generates editor configuration setups

Hosted Control Plane

SSX360

Enterprise layer for team policy, Scroll Gate enforcement, audit ledger, and evidence export. Signing stays local via the open SDK.

  • Authorization Pilots — protected-branch enforcement and evidence packs
  • Policy registry — ledger, compliance export, team actor registry
  • SE050 preview — M1 PoC complete (Jul 2026), bench-validated; productization in progress

Unified Verification

One signature format. Consistent validation.

Whether verified locally via the Python CLI, automated inside a GitHub Action, or checked by an auditor in the browser verifier, Matrix Scroll envelopes always validate against the same canonical cryptographic format.