ADPR: AI-Bio Design Provenance Registry

Repository target: github.com/sadpig70/ADPR

Topics

adpr · ai-bio · provenance-registry · attestation · transparency-log · rekor · regulatory-tech · pgf · python

ADPR is a concrete product track derived from SA-AOX winner IDEA-CAP-27-001 (SA-AOX-20260527-001 / SA-ICX-20260527-001 / SA-EVX-20260527-001).

Core thesis:

AI-designed biological constructs move generative-model → autonomous lab → cross-jurisdictional deployment with no actor owning the design-to-deployment loop. The cheapest verifiable artifact at that link is a hashed envelope of {model, dataset, parameters, autonomous-loop instructions, construct id}. ADPR pins that envelope to a tamper-evident log and issues attestation tokens that regulators, insurers, and licensees can treat as authoritative.

What It Does

ADPR is a hash-only provenance log. It never holds biological material or proprietary model weights — only commitments.

1. A submitter sends an attestation envelope describing one construct.
2. ADPR canonicalizes the envelope and writes a deterministic content hash.
3. ADPR pins the hash to a transparency log (Sigstore-Rekor-class) and issues a signed attestation token containing the inclusion proof.
4. Downstream regulators / insurers / licensees verify the token offline by recomputing the hash and checking the inclusion proof.
5. Disputes (declared design ≠ observed construct) are arbitrated against the pinned envelope.

MVP

The current MVP contains:

• PGF design and workplan in .pgf/
• Formal attestation envelope spec in spec/attestation_envelope_spec.md
• Input schema in spec/data_schema.yaml
• Tools:
  • tools/attest_envelope.py — canonicalize, hash, sign envelopes and emit attestation tokens
  • tools/rekor_stub.py — append-only transparency log with deterministic inclusion proofs (stub; production should call Sigstore Rekor)
  • tools/ingest_sources.py — public-data ingest scaffold that turns curated public sources (arXiv, GitHub releases, ClinicalTrials.gov, NIH-NCATS, Twist order metadata) into draft envelopes
• Sample envelopes in examples/sample_envelopes.jsonl
• Verification and certification-tier logic in verification/
• Source-seed ingestion scaffold in tools/ingest_sources.py
• A dated radar report in reports/adpr_first_radar_20260527.md

Tiers

ADPR-R  raw provenance commit (hash + envelope only)
ADPR-V  verified envelope (rater agreement + negative-control pass)
ADPR-C  certified attestation (rater agreement + control pass + dispute window
                               clean + downstream regulator/insurer signoff)

Quick Run

From the repository root:

py -3 tools/attest_envelope.py `
  --input examples/sample_envelopes.jsonl `
  --log results/sample_log.jsonl `
  --output examples/sample_attestations.json

py -3 verification/verification_round.py `
  --attestations examples/sample_attestations.json `
  --audit verification/sample_audit_items.csv `
  --controls verification/negative_controls.yaml `
  --output verification/sample_verification_output.json `
  --report reports/sample_verified_attestations.md

py -3 tools/ingest_sources.py `
  --sources spec/seed_sources.yaml `
  --output data/draft_envelopes_20260527.jsonl `
  --year 2026

Or run the bundled verification script:

powershell -ExecutionPolicy Bypass -File scripts\verify.ps1

Boundary

ADPR is an exploratory MVP derived from a SA-AOX standalone run, not from a cross-model-certified CIX/EVX/AOX production run.

• cross_model_certified: false
• production_certification_status: not_certified
• Production promotion requires CIX v1.5.1 → EVX v1.1 → AOX v1.3.1.

Until then, ADPR-C only means "verified within this single-runtime workflow."

Source Chain

• sa_aox: SA-AOX-20260527-001
• sa_icx: SA-ICX-20260527-001
• sa_evx: SA-EVX-20260527-001
• idx: IDX-20260514-001
• tcx: TCX-20260514-001
• sdx_catalog: v1.3

License

MIT — see LICENSE.