CPoE
Cryptographic authorship witnessing for writers and creators
Note
Patent Pending: USPTO Application No. 19/460,364 — "Falsifiable Process Evidence via Cryptographic Causality Locks and Behavioral Attestation"
CPoE is a cryptographic engine and CLI that produces independently verifiable, tamper-evident process evidence constraining when and how a document could have been created. It implements the draft-condrey-rats-pop IETF protocol specification.
This monorepo contains the full CPoE ecosystem:
| Component | Path | Target | Description | License |
|---|---|---|---|---|
cpoe (lib: cpoe_engine) |
crates/cpoe |
Native | Cryptographic engine, FFI, platform captures, storage | SSPL-1.0 |
| authorproof-protocol | crates/authorproof-protocol |
Native + WASM | Wire format (CBOR/COSE), forensic models, RFC types | Apache-2.0 |
| cpoe-jitter | crates/cpoe-jitter |
Native + no_std | Timing entropy primitive for embedded and desktop use | Apache-2.0 |
| cpoe_cli | apps/cpoe_cli |
Native | CLI (cpoe) |
AGPL-3.0-only |
| cpoe_macos | apps/cpoe_macos |
macOS | macOS desktop app (submodule) | Proprietary |
| cpoe_windows | apps/cpoe_windows |
Windows | Windows desktop app (submodule) | Proprietary |
| browser extension | extensions |
Chrome/Firefox/Edge | Browser extension for in-browser witnessing | Proprietary |
The three library crates are split by compilation target:
- cpoe-jitter compiles to
no_std(bare-metal, embedded microcontrollers with no OS) - authorproof-protocol compiles to
wasm32(browser extensions for client-side evidence verification) - cpoe compiles to native only (requires OS APIs: CGEventTap, TPM, SQLite, Unix sockets)
Dependencies flow one direction: engine -> protocol -> jitter. Merging them would break WASM and embedded compilation.
macOS (Homebrew):
brew install writerslogic/tap/writersproof-cliWindows (Scoop):
scoop bucket add writerslogic https://github.com/writerslogic/scoop-bucket
scoop install writerslogicLinux / macOS (script):
curl -sSf https://raw.githubusercontent.com/writerslogic/writersproof-cli/main/apps/cpoe_cli/install.sh | shFrom source:
cargo install --git https://github.com/writerslogic/writersproof-cli --bin writersproof-cli# Start tracking a document
writersproof-cli essay.md
# Create a checkpoint
writersproof-cli commit essay.md -m "first draft complete"
# View history
writersproof-cli log essay.md
# Export cryptographic evidence (.c2pa)
writersproof-cli export essay.md -t 2
# Verify evidence
writersproof-cli verify essay.c2paRun writersproof-cli with no arguments for an interactive menu, or writersproof-cli --help for full command reference.
| Command | Description |
|---|---|
writersproof-cli <path> |
Start tracking a file or directory |
writersproof-cli commit |
Create a checkpoint (alias: checkpoint) |
writersproof-cli log |
View history or list tracked documents (alias: history, ls) |
writersproof-cli export |
Export evidence packet (alias: prove) |
writersproof-cli verify |
Verify evidence packet (alias: check) |
writersproof-cli status |
Show current tracking status |
writersproof-cli track |
Session management (start/stop/status/list/show/export) |
writersproof-cli identity |
Identity management (alias: id) |
writersproof-cli config |
Configuration (alias: cfg) |
writersproof-cli fingerprint |
Behavioral fingerprinting (alias: fp) |
writersproof-cli forensics |
Detailed forensic analysis (breakdown/score/provenance) |
writersproof-cli report |
Generate a Written Authorship Report (WAR) |
writersproof-cli attest |
Submit evidence for WritersProof attestation |
writersproof-cli beacon |
Temporal beacon attestation |
writersproof-cli credential |
Manage authorship credentials |
writersproof-cli snapshot |
Document snapshot management |
writersproof-cli presence |
Physical presence verification |
writersproof-cli start |
Start the sentinel daemon |
writersproof-cli stop |
Stop the sentinel daemon |
writersproof-cli link |
Link an export to a source document |
All commands support --json for machine-readable output and --quiet for silent operation.
Add to your Cargo.toml:
[dependencies]
cpoe_engine = { git = "https://github.com/writerslogic/writersproof-cli", branch = "main" }| Feature | Description |
|---|---|
default |
Includes cpoe_jitter and ffi |
cpoe_jitter |
Hardware entropy via PhysJitter |
x11 |
X11 focus detection on Linux |
wayland |
Wayland focus detection on Linux |
dbus |
DBus focus detection on Linux (GNOME/KDE) |
ffi |
UniFFI bindings for Swift/Kotlin |
did-webvh |
did:webvh decentralized identity |
posme |
Proof of Sequential Memory-bound Effort |
writerslogic/
├── crates/
│ ├── cpoe/ Core cryptographic engine (lib: cpoe_engine)
│ │ └── src/
│ │ ├── analysis/ Signal analysis and behavioral metrics
│ │ ├── anchors/ Blockchain and timestamp anchoring
│ │ ├── crypto/ Cryptographic primitives
│ │ ├── evidence/ Evidence export/verify
│ │ ├── forensics/ Authorship analysis
│ │ ├── ipc/ Inter-process communication
│ │ ├── keyhierarchy/ Key derivation and ratcheting
│ │ ├── platform/ OS-specific code (macOS, Linux, Windows)
│ │ ├── sentinel/ Real-time monitoring
│ │ ├── rfc/ RFC wire types
│ │ ├── tpm/ TPM 2.0 / Secure Enclave
│ │ └── vdf/ Verifiable Delay Functions
│ ├── authorproof-protocol/ PoP wire format (CBOR/COSE)
│ └── cpoe-jitter/ Hardware timing entropy
├── apps/
│ ├── cpoe_cli/ Command-line interface
│ ├── cpoe_macos/ Native macOS app (submodule)
│ └── cpoe_windows/ Native Windows app (submodule)
├── extensions/ Browser extension (Chrome/Firefox/Edge)
└── docs/ Schemas, specs, and user guides
cargo test --workspace # Run all tests
cargo test -p cpoe --lib # Fast engine tests (~1255 tests)
cargo clippy --workspace -- -D warnings # Lint (zero warnings maintained)
cargo fmt --all -- --check # Format check
cargo audit && cargo deny check # Security auditAnyone can verify .c2pa evidence packets — no account or software required:
- Web: Upload at writerslogic.com/verify
- CLI:
writersproof-cli verify proof.c2pa
Verification checks the checkpoint chain, Ed25519 signatures, VDF timing proofs, and behavioral consistency. It runs entirely client-side — your evidence is never uploaded to our servers.
Important
CPoE provides independently verifiable, tamper-evident process evidence, not absolute proof. The value lies in converting unsubstantiated doubt into testable claims across independent trust boundaries.
CPoE is designed with a strictly offline-first and privacy-preserving architecture. Core witnessing, keystroke capture, and evidence generation occur entirely on your local machine.
The applications interact with the following external domains for specific enhanced features:
- Verification Portal (
writerslogic.com/verify): Browser-based tool for verifying.c2paevidence packets. Runs client-side; evidence data is never uploaded. - Attestation API (
writerslogic.com/api): Used for Tier 3 and Tier 4 evidence to request anti-replay nonces and receive cloud-signed attestation certificates. - Schema Registry (
protocol.writerslogic.com): Hosts JSON schemas and DID resolution data for protocol compliance.
For a detailed breakdown, see the Privacy & External Interactions Wiki.
See SECURITY.md for the security policy.
@article{condrey2026writerslogic,
title={CPoE: Proof-of-process via Adversarial Collapse},
author={Condrey, David},
journal={arXiv preprint arXiv:2602.01663},
year={2026},
doi={10.48550/arXiv.2602.01663}
}Abstract: Digital signatures prove key possession but not authorship. We introduce proof-of-process — a mechanism combining jitter seals, Verifiable Delay Functions, timestamp anchors, keystroke validation, and optional hardware attestation.
— arXiv:2602.01663 [cs.CR]
Licensed under AGPL-3.0-only. See individual component licenses in the table above.