AIXV is an open standard for AI artifact attestation, provenance, rollback, compromise detection, and investigation.
In practical terms, AIXV helps organizations answer high-stakes questions before deploying or accepting AI artifacts:
- What exactly is this artifact?
- Who produced or approved it?
- What evidence supports trusting it?
- Is it currently affected by an advisory or policy violation?
- If compromised, what is the safest rollback path?
AIXV is built for three audiences that need shared, verifiable answers:
- Technical teams: deterministic verification and machine-readable admission decisions.
- Enterprise and public-sector risk owners: auditable evidence, policy controls, and incident traceability.
- Policy, governance, and assurance functions: explicit trust assumptions, conformance checks, and compatibility contracts.
AIXV composes Sigstore cryptographic primitives and adds AI-native semantics:
- Artifact typing,
- Lineage graphs,
- ML-specific attestations,
- Advisory/recall workflows,
- Policy-driven verification.
Current maturity: Pre-Alpha
This repository is a functional preview of the AIXV standard, but not yet a final ratified standard release.
- Core primitives and schemas:
SignedRecord(aixv.signed-record/v1)VerifyPolicy(aixv.policy/v1)AdmissionDecision
- Fail-closed verification and policy semantics.
- Deterministic JSON output mode (
--json) with tested contract behavior. - CI quality gates (
ruff,mypy,pytest, build).
- Broader conformance vector coverage and certification workflow.
- Formal governance and external audit signals.
- Wider ecosystem integrations and migration tooling.
For security and procurement reviews, the strongest immediate signals are:
aixv conformance --jsonproduces a machine-readable conformance report.docs/THREAT_MODEL.md,SECURITY.md, anddocs/COMPATIBILITY.mddefine trust, reporting, and compatibility expectations.- CI enforces lint, typing, tests, build, and dedicated conformance workflow checks.
- Scorecard and CodeQL workflows provide continuous security posture visibility in GitHub Security.
docs/AIXV_STANDARD.mddocs/NORMATIVE_CORE.mddocs/QUALITY.mddocs/THREAT_MODEL.mddocs/COMPATIBILITY.mddocs/TERMINOLOGY.mddocs/REGISTRIES.mddocs/ASSURANCE_LEVELS.mddocs/CONFORMANCE.mddocs/GOVERNANCE.mddocs/REPO_CONTROLS.mdSECURITY.mdRELEASE.md
pip install aixv# 1) Sign an artifact
aixv sign model.safetensors --identity-token-env SIGSTORE_ID_TOKEN
# 2) Create and sign a policy record
aixv policy create --input policy.json --sign
# 3) Verify artifact with signed policy + trusted policy signer
aixv verify model.safetensors \
--policy .aixv/policies/policy.json \
--policy-trusted-subject security-policy@aixv.org \
--assurance-level level-2 \
--json
# 4) Run conformance checks
aixv conformance --json
# 5) Optional: enforce signed-and-trusted attestations in lineage/export flows
aixv provenance model.safetensors \
--require-signed-attestations \
--trusted-attestation-subject ci-attestations@aixv.org \
--json# Version
aixv version
# Signing
aixv sign model.safetensors --identity-token-env SIGSTORE_ID_TOKEN
# Verification
aixv verify model.safetensors --identity alice@example.com --issuer https://accounts.google.com
# Attestation
aixv attest model.safetensors --predicate training --input training.json
# Provenance
aixv provenance model.safetensors --depth 3
aixv provenance model.safetensors --view explain --depth 3 --json
# Advisory
aixv advisory create --advisory-id ADV-2026-0001 --severity critical --input advisory.json --sign
aixv advisory verify .aixv/advisories/ADV-2026-0001.json --trusted-subject security@aixv.org
aixv advisory sync --feed advisory-feed.json --trusted-subject security@aixv.org --max-bundle-age-days 30
# Policy
aixv policy create --input policy.json --sign
aixv policy verify .aixv/policies/policy.json --trusted-subject security-policy@aixv.org
aixv policy template --assurance-level level-2 --json
aixv policy migrate --input policy.json --to-assurance-level level-3 --max-bundle-age-days 30
# Record
aixv record create --kind waiver --record-id WVR-2026-01 --input waiver.json --sign
aixv record verify .aixv/policies/policy.json --kind policy --trusted-subject security-policy@aixv.org
# Bundle
aixv bundle create --input bundle.json --sign
aixv bundle verify .aixv/records/bundle/bundle-main.json --trusted-subject release@aixv.org
# Conformance
aixv conformance --json
# Rollback
aixv rollback model-v2.safetensors --to sha256:... --identity-token-env SIGSTORE_ID_TOKEN
# Export
aixv export model.safetensors --format in-toto
aixv export model.safetensors --format slsa --json
aixv export model.safetensors --format ml-bom --json{
"policy_type": "aixv.policy/v1",
"allow_subjects": ["alice@example.com"],
"allow_issuers": ["https://accounts.google.com"],
"advisory_allow_subjects": ["security@aixv.org"],
"max_bundle_age_days": 30,
"deny_advisory_severity_at_or_above": "high",
"require_no_active_advisories": false,
"require_signed_advisories": true
}git clone https://github.com/aixv-org/aixv.git
cd aixv
python3 -m venv .venv
. .venv/bin/activate
pip install -e '.[dev]'ruff check .
ruff format --check .
mypy src
pytest
python -m build